![shot_130328_212458[3]](/images/2013/03/shot_130328_2124583.png)
I recently came across the file “FlashPlayer.exe” during the course of regular research.
The file had been distributed with the file name FlashPlayer.exe and not surprisingly, when executed, it shows the following GUI, partly written in Turkish:
![shot_130328_212835[6]](/images/2013/03/shot_130328_2128356.png)
Obviously, it’s disguised as an Adobe Flash Player 11 installer.
Here is more info about the file:
1
2
3
4
5
6
7
8
9
10
|
File Name: FlashPlayer.exe
MD5: e2856b1ad6c74c51767cab05bdedc5d1
SHA1: 1ac150ddb964722b6b7c96808763b3e4d0472daf
CRC32: a8464606
SHA-256: b5f37cc44365a5a1b240e649ea07bbb17959ceddc3f8b67a793df694a6f03a88
SHA-512: e2d1388bd5feec51227cfa10a5606f7d3bc58f12ea95d688acb5178ff31a156a1092f739e7dd276f4c5368d89c33ed6a15b08ff5df294b9c3647905c1083921d
SHA-384: 5d622afcf87e33334a446df5dfd2be7769cab596cc9a121bfd6269bc85ee980f75e1a2d1472f0eb379788845230d883b
File Size: 561,152
Version: 2.01
Source: hxxps://flash-player-download.com/FlashPlayer.exe
|
VirusTotal: Latest Report
Read the rest of analyze in Microsoft TechNet: http://blogs.technet.com/b/mmpc/archive/2013/03/26/there-was-a-flash-and-then-my-startpage-was-gone.aspx