home

flashplayer.exe

Voxtrup

Avalon Wusk

The executable flashplayer.exe has been detected as malware by 6 anti-virus scanners. The file has been seen being downloaded from rielikumpara.org.
Publisher:
Avalon Wusk

Product:
Voxtrup

Description:
Hospitalizing

Version:
1.00

MD5:
1f3bd0dcc7fcc5fffba4c19b59c7b66d

SHA-1:
0bd5162afa7add3d2b1d05730a73aeb799a2fb1f

SHA-256:
314f1a84b72a512587d86346c8d32268b2781205a5126e442db17103fbea949f

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
5/13/2024 7:00:06 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader21.31600
9.0.1.05190

ESET NOD32
Win32/Kovter.D trojan
8.0.319.0

F-Secure
Variant.Barys.54100
5.15.96

Kaspersky
Trojan.Win32.Kovter
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.217.2154.0

Norman
Gen:Variant.Barys.54100
10.04.2016 15:29:17

File size:
272 KB (278,565 bytes)

Product version:
1.00

Original file name:
Multihearth4.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\downloads\flashplayer.exe

File PE Metadata
Compilation timestamp:
4/21/2016 9:17:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:eUa8GbYL1RI0pmh/6O/uyX+Kfl/d4T9AJkJIVJlS7CuxRje34sT:eWGb21Rpmh/6OYAl189GkJIHl5u3y3P

Entry address:
0x116C

Entry point:
68, E8, A5, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, EB, 8B, 4C, 9B, 4B, B4, 86, 4E, B8, 94, BA, BF, 57, 10, 83, 62, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 70, A3, 0F, 03, 4C, 61, 6E, 67, 73, 79, 6E, 65, 64, 65, 73, 31, 00, 08, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, EA, A4, 5D, 77, 5F, 2F, 6C, 48, A3, 2A, A5, B5, CA, C3, 48, 84, 93, AA, C9, 32, 07, C0, 03, 4B, 94, 56, F2, AD, AA, AC, 6E, 26, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.5616

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
260 KB (266,240 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

https://rielikumpara.org/8071289325107/8071289325107/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.