» install_flashplayer15x32_mssa_aaa_aih.exe
Overview
Analysis
File Details
Downloads (2)

install_flashplayer15x32_mssa_aaa_aih.exe

The executable install_flashplayer15x32_mssa_aaa_aih.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.gameplaybr.net and multiple other hosts.

File name:

MD5:

585ac8d894420dd58252c5bafcc8b3cd

SHA-1:

2bb813830bc73caf6240bb3da406f174b8b76226

SHA-256:

7da2696f0bbc5add73ea1110b67b44cda38127f4f026eb93fa1bc7c07fc1b3f1

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

5/17/2024 12:55:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1907660

842

Baidu Antivirus

Trojan.Win32.Banker

4.0.3.141016

Bitdefender

Trojan.GenericKD.1907660

1.0.20.1445

Emsisoft Anti-Malware

Trojan.GenericKD.1907660

8.14.10.16.07

F-Secure

Trojan.GenericKD.1907660

11.2014-16-10_5

G Data

Trojan.GenericKD.1907660

14.10.24

Kaspersky

Trojan-Banker.Win32.Banbra

14.0.0.3093

MicroWorld eScan

Trojan.GenericKD.1907660

15.0.0.867

Panda Antivirus

Trj/Chgt.H

14.10.16.07

File size:

372.5 KB (381,440 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\install_flashplayer15x32_mssa_aaa_aih.exe

File PE Metadata

Compilation timestamp:

10/7/2014 8:42:58 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:IrTq3s+Ra0sna1z1JC53beOyva2WqHH2NXQFj3LBIBWc/6oZRA4i5w2j:4m31Nsa1z183jyS2nH2NXQ9RctA4p

Entry address:

0x118001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 80, 11, 00, 83, BD, 88, 04, 00, 00, 00, 89, 9D, 88, 04, 00, 00, 0F, 85, CB, 03, 00, 00, 8D, 85, 94, 04, 00, 00, 50, FF, 95, A9, 0F, 00, 00, 89, 85, 8C, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, A5, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74... 
[+]

Packer / compiler:

ASPack v2.12

Code size:

862.5 KB (883,200 bytes)

The file install_flashplayer15x32_mssa_aaa_aih.exe has been seen being distributed by the following 2 URLs.

http://www.gameplaybr.net/.../?flashplayer

http://xgamesplease.com/.../?flashplayer

Remove install_flashplayer15x32_mssa_aaa_aih.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.