home

flashplayer.exe

Stoplyset

Filo

The application flashplayer.exe, “Frifindelsespstande6” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from ierietelio.org.
Publisher:
Filo

Product:
Stoplyset

Description:
Frifindelsespstande6

Version:
1.00

MD5:
b6cfd3051effee8a04efd317f160b5b0

SHA-1:
0d8bcfbb0dee3fb74aba52cd52eb7a12f444587a

SHA-256:
edb10960c5181c2665e5bd756b426d390562b3c50f701110fd07cac7063544d9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/11/2024 1:55:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader
16.11.21.21

File size:
356 KB (364,594 bytes)

Product version:
1.00

Original file name:
Pistacier8.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer.exe

File PE Metadata
Compilation timestamp:
5/2/2016 1:34:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:/49x9PsS8IcC8gzdy1DmbCqyPYGz/2xX7jeIZx:m0S8JCzhmmbCDPYX2A

Entry address:
0x1210

Entry point:
68, AC, 12, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 8A, 4D, E7, E2, AC, 13, 1D, 4F, A2, 5D, F1, F0, BD, 75, 80, 0F, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, F0, 07, 41, 00, 43, 68, 6F, 72, 65, 6D, 65, 6E, 00, 00, 00, 00, 10, D3, 11, 03, 00, 00, 00, 00, 07, 00, 00, 00, FC, BD, 40, 00, 06, 00, 00, 00, F0, AA, 40, 00, 01, 00, 1D, 00, B4, A1, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 78, A7, 40, 00, 4C, 72, 45, 00...
 
[+]

Entropy:
7.4072

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
344 KB (352,256 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

https://ierietelio.org/5253092850827/5253092850827/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.