home

flashplayer.exe

Through4

Avalon Wusk

The executable flashplayer.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from rielikumpara.org.
Publisher:
Avalon Wusk

Product:
Through4

Description:
Hammerne

Version:
1.00

MD5:
31be6a62b46632ecd8f4e7b36c7edb44

SHA-1:
b969280e409acef8f7ae1fefd5f52f51f7c8816b

SHA-256:
0fdc03333db43bf82588bba0ad7a5fd9c516b3e9a7b64cb50f8bae7c739b08c9

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/13/2024 8:19:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Generic.Variant
16.4.28.13

File size:
272 KB (278,572 bytes)

Product version:
1.00

Original file name:
Sinistrously2.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer.exe

File PE Metadata
Compilation timestamp:
4/21/2016 8:17:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:35BW0beeaiP4Ax3yKDIMmzKrHI0jvQc1ZgHFV:35BTbfv4uCKuuI81MFV

Entry address:
0x116C

Entry point:
68, C4, 9C, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 79, 73, 97, 5B, B3, D7, D0, 46, 87, 75, 59, 7B, 3C, D0, 98, 81, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4D, 6F, 6C, 62, 6F, 68, 69, 73, 74, 6F, 72, 69, 65, 6E, 32, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, B9, D6, 7B, 07, CF, D7, 10, 40, 93, C2, 6E, 14, 97, 98, 7A, 12, 8F, 2A, D4, E8, 6C, B2, C5, 4D, 87, 65, CB, 13, 1D, AC, E1, 3F, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.5656

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
260 KB (266,240 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

https://rielikumpara.org/2031219525124/2031219525124/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.