home

adobe_flash_setup.exe

Web

Internet Prog

The application adobe_flash_setup.exe, “Web Setup ” has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from upgradelive.checkupdateslive.net and multiple other hosts.
Publisher:
Internet Prog

Product:
Web

Description:
Web Setup

Version:
2.3.2.3

MD5:
83c9cca68d7442d21facc6a348f7980e

SHA-1:
56b63f1c8b82594ed7b1b054579de11e574d34cd

SHA-256:
652401cc635bc35c8105e6896d6d774badb9c8f65667da1bb6b902292e4a391c

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/30/2024 4:16:49 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2015.05.06

Avira AntiVirus
PUA/InstallCore.IH
3.6.1.96

avast!
Malware-gen
2014.9-150420

AVG
Generic
2016.0.3107

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15517

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.InstallCore.508
9.0.1.0202

ESET NOD32
Win32/InstallCore.YV potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
5/17/2015

herdProtect (fuzzy)
variant of unconfirmed 272531.crdownload (Adware)
2015.7.21.10

K7 AntiVirus
Adware
13.202.15630

NANO AntiVirus
Riskware.Win32.InstallCore.drfvuv
0.30.24.1357

Reason Heuristics
PUP.Bundler.InstallCore
15.5.16.23

VIPRE Antivirus
Threat.4150696
38882

File size:
801.1 KB (820,319 bytes)

Product version:
1.3

Copyright:
Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flash_setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ubn5Gm17GszimlmUpG7NwZjI+ML04gJY+z2l4//Q7Ccv47D9+4gHrWLK:ubn5LxGqRRIdYlD/yCI0DUtriK

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8117

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following 2 URLs.

http://upgradelive.checkupdateslive.net/.../kh7iE=&dist_id=718&channel=ac_rr444&cid=u43a172c55513726f8b189e4148&pubid=412589

http://checksoft.newupdateonline.com/dl.php?conversion_id=14292346840695&app_id=4&lp_id=954&v=ico&stub_id=184&v_id=ACgCDoNatYl7gFzjyRUHy8OriBOo0adjcQYvqOTt8f0=&dist_id=371&channel=ac_p13&cid=u43a172c55513726f8b189e4148&pubid=412589

Remove adobe_flash_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.