» player_2014_flash_32bits.exe
Overview
Analysis
File Details
Downloads (3)

player_2014_flash_32bits.exe

The executable player_2014_flash_32bits.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.sugarsync.com and multiple other hosts.

File name:

MD5:

44e7e0fd6c06d4d865f439f3b5b864db

SHA-1:

628f31e51c5d12b4242b5c64bbc6dd4589e3f719

SHA-256:

76ac8d080d9c116053de0e11ac11a6e0e9de9e251ac3c7da6f2214b8e56741e6

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/26/2024 10:22:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.vHW@YgH8iLn

291

Avira AntiVirus

TR/Spy.1401344.6

7.11.144.150

Bitdefender

Gen:Trojan.Heur.vHW@YgH8iLn

1.0.20.545

Emsisoft Anti-Malware

Gen:Trojan.Heur.vHW@YgH8iLn

8.16.04.18.03

Fortinet FortiGate

W32/PWSZbot.FFY!tr

4/18/2016

F-Secure

Gen:Trojan.Heur.vHW@YgH8iLn

11.2016-18-04_2

G Data

Gen:Trojan.Heur.vHW@YgH8iLn

16.4.24

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.342

McAfee

PWSZbot-FFY!44E7E0FD6C06

5600.6425

MicroWorld eScan

Gen:Trojan.Heur.vHW@YgH8iLn

17.0.0.327

Norman

Downloader

11.20160418

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1H06DH14

7.2.109

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.0

File size:

1.3 MB (1,401,344 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\player_2014_flash_32bits.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:jsIdfWsAyGYZddZkWGLdi0tb4UzsHnXQggyMQqLfQUE94U6:jsQfvhZPczswyBqjXpU6

Entry address:

0x12F790

Entry point:

55, 8B, EC, B9, 04, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, B8, C0, F1, 52, 00, E8, F1, 72, ED, FF, 33, C0, 55, 68, 9C, F8, 52, 00, 64, FF, 30, 64, 89, 20, 6A, 40, 8D, 4D, EC, BA, B4, F8, 52, 00, B8, C4, F8, 52, 00, E8, E7, F8, FF, FF, 8B, 45, EC, E8, 23, 50, ED, FF, 50, 8D, 4D, E8, BA, B4, F8, 52, 00, B8, DC, F8, 52, 00, E8, CC, F8, FF, FF, 8B, 45, E8, E8, 08, 50, ED, FF, 50, 6A, 00, E8, 4C, 7F, ED, FF, 48, 0F, 85, 82, 00, 00, 00, 8D, 4D, E4, BA, B4, F8, 52, 00, B8, FC, F8, 52, 00, E8, A3, F8, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.2 MB (1,239,552 bytes)

The file player_2014_flash_32bits.exe has been seen being distributed by the following 3 URLs.

https://www.sugarsync.com/.../D2344172_207_656621763?directDownload=true

https://www.sugarsync.com/.../D2344172_207_656621701?directDownload=true

https://www.sugarsync.com/.../D2344172_207_656621718?directDownload=true

Remove player_2014_flash_32bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.