Turkish FlashPlayer? no! It’s malware

Turkish FlashPlayer? no! It’s malware

shot_130328_212458[3]I recently came across the file “FlashPlayer.exe” during the course of regular research.

The file had been distributed with the file name FlashPlayer.exe and not surprisingly, when executed, it shows the following GUI, partly written in Turkish:

shot_130328_212835[6]

Obviously, it’s disguised as an Adobe Flash Player 11 installer.

Here is more info about the file:

File Name: FlashPlayer.exe
MD5: e2856b1ad6c74c51767cab05bdedc5d1
SHA1: 1ac150ddb964722b6b7c96808763b3e4d0472daf
CRC32: a8464606
SHA-256: b5f37cc44365a5a1b240e649ea07bbb17959ceddc3f8b67a793df694a6f03a88
SHA-512: e2d1388bd5feec51227cfa10a5606f7d3bc58f12ea95d688acb5178ff31a156a1092f739e7dd276f4c5368d89c33ed6a15b08ff5df294b9c3647905c1083921d
SHA-384: 5d622afcf87e33334a446df5dfd2be7769cab596cc9a121bfd6269bc85ee980f75e1a2d1472f0eb379788845230d883b
File Size: 561,152
Version: 2.01
Source: hxxps://flash-player-download.com/FlashPlayer.exe
VirusTotal: Latest Report

Read the rest of analyze in Microsoft TechNet: http://blogs.technet.com/b/mmpc/archive/2013/03/26/there-was-a-flash-and-then-my-startpage-was-gone.aspx

This Post Has 4 Comments

  1. Omid Farhang
    Jimmy Graham

    “I recently came across the file.” <– changing Microsoft's "We" to "I" makes it look like you are attmepting to credit yourself…

  2. Omid Farhang
    Jimmy Graham

    Yes, I realize that. I’m just letting you know the impact of your first sentence in case you were unaware.

  3. Omid Farhang
    Omid Farhang

    And I appreciate that! 🙂
    I really got that file during my daily malware hunting, you can see that I posted my own screenshot and additional file report and link to source of file, which is not available in TechNet report.

Leave a Reply