» install_flash_player_version_11_2_3_br_win.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

install_flash_player_version_11_2_3_br_win.exe

Web Secty Win e

Web Secty Win

The executable install_flash_player_version_11_2_3_br_win.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Sec_Desk’. The file has been seen being downloaded from www.sugarsync.com and multiple other hosts.

File name:

Publisher:

Web Secty Win

Product:

Web Secty Win e

Description:

Web Secty Win a

Version:

4.0.9.4

MD5:

9f4f4612b5d90ad8eb8f3f1f86470b81

SHA-1:

6dc7c6dc90616030cea547b7c14a284131f383b2

SHA-256:

fce10d99759b51aa3770be36bfee778306126c6e87e28ec7eb18ebc4243a1c47

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

4/25/2024 11:53:16 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Symmi.60175

10.0.0.5366

ESET NOD32

Win32/TrojanDownloader.Banload.WPJ trojan

8.0.319.0

Norman

Gen:Variant.Symmi.60175

17.02.2016 05:18:35

File size:

3 MB (3,174,400 bytes)

Product version:

1.0.0.0

Web Secty Win b

Trademarks:

Web Secty Win c

Original file name:

Web Secty Win d

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\install_flash_player_version_11_2_3_br_win.exe

File PE Metadata

Compilation timestamp:

2/19/2016 12:51:38 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:0EDdSNl8IM94ZgSqDCnttwQDOFFVT9ggSA0Z:0EgNl8ZFGKFFg5

Entry address:

0x270F98

Entry point:

55, 8B, EC, 83, C4, F0, B8, 3C, 52, 66, 00, E8, FC, E2, D9, FF, A1, 00, CB, 67, 00, 8B, 00, E8, 68, 49, F6, FF, 68, 2C, 10, 67, 00, 6A, 00, E8, 58, 1F, DA, FF, 85, C0, 75, 57, A1, 00, CB, 67, 00, 8B, 00, C6, 40, 6F, 00, A1, 00, CB, 67, 00, 8B, 00, B2, 01, E8, 5F, 66, F6, FF, 8B, 0D, BC, CC, 67, 00, A1, 00, CB, 67, 00, 8B, 00, 8B, 15, 24, 35, 66, 00, E8, 3F, 49, F6, FF, 8B, 0D, B4, CF, 67, 00, A1, 00, CB, 67, 00, 8B, 00, 8B, 15, D8, 28, 66, 00, E8, 27, 49, F6, FF, A1, 00, CB, 67, 00, 8B, 00, E8, 77, 4A, F6... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.4 MB (2,552,832 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Sec_Desk

Command:

"C:\users\{user}\appdata\local\sec_desk.exe"

The file install_flash_player_version_11_2_3_br_win.exe has been seen being distributed by the following 2 URLs.

https://www.sugarsync.com/.../D3196069_178_964848570?directDownload=true

https://www.sugarsync.com/.../D3196069_178_964848509?directDownload=true

Remove install_flash_player_version_11_2_3_br_win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.