home

install_flashplayer15x32_mssa_aaa_aih.exe

The executable install_flashplayer15x32_mssa_aaa_aih.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from xgamesplease.com and multiple other hosts.
MD5:
4f0994027c1c629558ab4d0c6dab3a48

SHA-1:
ca34db1da9cbaf53e307ec7cad34ba804683b14c

SHA-256:
6cfedad81fe1dfbcb05c2f1ccc7ab70946de4835372a6079fbd37432dfccfff3

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
5/17/2024 5:22:21 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader.Banload2
2015.0.3331

Baidu Antivirus
Trojan.Win32.Banload
4.0.3.14104

Bkav FE
HW32.Paked
1.3.0.4959

K7 AntiVirus
Virus
13.191.14658

Kaspersky
Trojan.Win32.Banamed
14.0.0.3150

Microsoft Security Essentials
Threat.Undefined
1.191.2440.0

Norman
Krap.XK
11.20150318

Panda Antivirus
W32/Cosmu.gen
15.03.18.01

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.18.1

Sophos
Virus 'W32/Patched-I'
59

VIPRE Antivirus
Threat.4726519
36694

File size:
346 KB (354,304 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install_flashplayer15x32_mssa_aaa_aih.exe

File PE Metadata
Compilation timestamp:
10/4/2014 7:51:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:hagbti0pWYMZpayfYqr3s4owm/l/5LFxv0M8ap3DJIKQbWHFQDMZy60:hjxZvSayQmQ5LFxc7apdez

Entry address:
0x1000

Entry point:
B8, F0, 1A, 52, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 2F, 9C, FE, A2, CA, 40, E3, 7E, 80, 92, 33, 4A, 51, 89, 53, 1F, C1, 5C, 48, E8, 8E, 2A, C0, 98, 84, 65, 3C, 3D, 42, D0, 1C, A5, 46, 1B, 02, 99, A6, 37, 33, 0F, 13, 4E, 07, EE, E7, AB, 40, 04, 8A, AB, E5, 0D, 57, 40, 5F, 0F, 47, 57, B9, 10, 5F, 0D, DC, C2, F1, 6A, 38, D8, C7, 84, C8, B3, 44, BD, 2C, 93, 6C, C8, E7, 86, EC, 33, 0F, 8E, B6, 8E, BB, 6C, C1, 76, FB, E1, 0F...
 
[+]

Packer / compiler:
PECompact v2

Code size:
869 KB (889,856 bytes)

The file install_flashplayer15x32_mssa_aaa_aih.exe has been seen being distributed by the following 2 URLs.

http://xgamesplease.com/.../?flashplayer

http://www.gameplaybr.net/.../?flashplayer

Remove install_flashplayer15x32_mssa_aaa_aih.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.