home

installer_adobe_flash_player_english.exe

The application installer_adobe_flash_player_english.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from dv.a-chn4.com.
MD5:
7602e4a3dafc605c19d6239674224bb7

SHA-1:
5bf2e4c2789aeeb964ee6a5313d2f5659dc939a3

SHA-256:
014c276841b13d21f7175b7c4ee7c340a08d381d9bd5e0c3804d39ef51433909

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
6/21/2025 12:25:29 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.19

Avira AntiVirus
TR/Drop.Addrop.694440
7.11.211.72

Baidu Antivirus
Trojan.Win32.Addrop
4.0.3.15227

ESET NOD32
Win32/TrojanDropper.Addrop
9.11198

K7 AntiVirus
Trojan
13.196.15011

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.2422

McAfee
Artemis!7602E4A3DAFC
5600.6841

Panda Antivirus
Generic Suspicious
15.02.27.03

Qihoo 360 Security
Win32/Virus.Downloader.b17
1.0.0.1015

Sophos
Generic PUA FL
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
10028

Trend Micro House Call
TROJ_GEN.R08NH05B815
7.2.58

VIPRE Antivirus
Trojan.Win32.Generic
37694

File size:
678.2 KB (694,440 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:M+XSDZTZVgsTZz8Ga8HCIdagVsGPtLVEva8M2PQKTmDL5//31qTg:MPToP8HMAsgYMMQKTmDL5//3E0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9766

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer_adobe_flash_player_english.exe has been seen being distributed by the following URL.

http://dv.a-chn4.com/installers/axtan_installers/get.php?ua=chrome&ut=b059964184028954654ac0e5dba2d24b&r=4623537&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9vbi8xL2ZyZWVzb2Z0c3RvcmVjb20vZW5nbGlzaC9yZXZlbnVlL2Nocm9tZS9hZG9iZV9mbGFzaF9wbGF5ZXIvZC8yNzU4NzZlMzRjZjYwOWRiMTE4ZjNkODRiNzk5YTc5MC9vdXQvbmEvbmEvaW5zdGFsbGVyX2Fkb2JlX2ZsYXNoX3BsYXllcl9FbmdsaXNoLmV4ZQ==&p=RlJFRVNPRlRTVE9SRUNPTQ==&u=L2Rvd25sb2FkLmZyZWVzb2Z0c3RvcmUyLmNvbS9pbnN0YWxsZXJzL291dC8wMDIwNDAwMjA1MDAyMDYvcGlpZC01NGQzODVlNDM4ZTAyMS4wMTg2Mzc3Ny9vbi8xL2ZyZWVzb2Z0c3RvcmVjb20vZW5nbGlzaC9yZXZlbnVlL2Nocm9tZS9hZG9iZV9mbGFzaF9wbGF5ZXIvZC8yNzU4NzZlMzRjZjYwOWRiMTE4ZjNkODRiNzk5YTc5MC9vdXQvbmEvbmEvaW5zdGFsbGVyX2Fkb2JlX2ZsYXNoX3BsYXllcl9FbmdsaXNoLmV4ZQ==&loop=1&aa=on/1/freesoftstorecom//&GA=95&DC=47&FC=89&HI=92&LE=60&MI=18&IA=4&HJ=62&LC=32&JK=32&s=47379895478334491218902809005330077056594438877099889170070504512317977410208017996913921971433675473114245146836528910018252519156477901516109851642753589740756304194345965851026

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.