» installer_adobe_flash_player_arabe.exe
Overview
Analysis
File Details
Downloads (1)

installer_adobe_flash_player_arabe.exe

The application installer_adobe_flash_player_arabe.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from silivow74663loru.kiqacigureiwes.info.

File name:

MD5:

99fb9c5e54d00b299331cd6f7e9dee94

SHA-1:

5591e0e1077d37cb86e145b518669f5d807884e1

SHA-256:

034c68a5f17ba2ed7e5803d19a767dcf48117824230c8b9178d5950e0bfdb3e8

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/15/2025 6:27:43 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Sality

160216-0

AVG

Win32/Sality

2015.0.4530

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.312.0

Norman

Win32.Sality.3

29.02.2016 03:11:57

Reason Heuristics

Adware.Bundler.ET (M)

16.3.6.12

File size:

910.5 KB (932,312 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Common path:

C:\users\{user}\downloads\installer_adobe_flash_player_arabe.exe

File PE Metadata

Compilation timestamp:

12/5/2009 2:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:fMJ+9b435N1S1rvh1ZUeVGaXZulGuwFQ/P/EHKJ:koY5jSZr35ulbP8HKJ

Entry address:

0x30FA

Entry point:

69, DA, A5, F4, 21, DD, C7, C0, E5, 76, 2F, 1F, 29, DF, FE, C3, 70, 0A, 80, EF, 7D, 30, C4, 35, 96, 83, 4E, 7A, 8B, C7, 0F, AF, F6, F2, 2B, FA, 00, DE, 04, 85, 71, 08, F6, C6, EE, B8, 8C, EC, A7, A6, 71, 09, F2, 8D, 2D, 1E, 04, A5, E0, 00, C0, 33, ED, 75, 02, 8B, CF, 81, FE, 32, 9D, 00, 00, 72, 03, 0F, B6, FA, F3, 89, C6, F2, 81, C5, 49, FC, FF, FF, F3, 81, C5, B8, 03, 00, 00, EB, 04, 89, F3, 88, D5, 81, FF, 3B, 9A, 00, 00, 78, 0E, 69, DF, 17, DB, C4, 04, 86, F3, 69, D2, 9B, 68, 92, 98, C6, C3, 27, 81, FD... 
[+]

Entropy:

7.9886 (probably packed)

Code size:

23.5 KB (24,064 bytes)

The file installer_adobe_flash_player_arabe.exe has been seen being distributed by the following URL.

http://silivow74663loru.kiqacigureiwes.info/.../download?p=MATOMY-SDD&trckid=131745|20W6bR4dWI1VO1I93BOW6V1yLYUc000.&affid=708473&sdd=1&ce_cid=20W6bR4dWI1VO1I93BOW6V1yLYUc000.

Remove installer_adobe_flash_player_arabe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.