Should I block it?

90%

90% of PCs block this file from running.

Possible reason:

Multiple malware detections

Relationships

Parent process

explorer.exe (Windows Explorer by Microsoft Corporation)

Related files

PE file structure

Show functions

Import table

advapi32.dll

RegSetValueExW, RegCreateKeyExW, RegQueryValueW, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey

comdlg32.dll

GetFileTitleW

gdi32.dll

PtVisible, RectVisible, TextOutW, ExtTextOutW, Escape, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, SetBkColor, RestoreDC, SaveDC, CreateBitmap, GetDeviceCaps, StretchBlt, GetDIBits, CreateDCW, SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, DeleteObject, GetClipBox, SetMapMode, SetTextColor

kernel32.dll

LocalAlloc, TlsGetValue, GlobalReAlloc, GlobalHandle, TlsAlloc, TlsSetValue, LocalReAlloc, TlsFree, InterlockedIncrement, SetErrorMode, GetFileAttributesW, GetFileSizeEx, GetFileTime, GetStartupInfoW, ExitProcess, HeapAlloc, HeapFree, RtlUnwind, HeapReAlloc, RaiseException, ExitThread, CreateThread, HeapSize, SetUnhandledExceptionFilter, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, InitializeCriticalSectionAndSpinCount, VirtualAlloc, GetTimeZoneInformation, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetConsoleCP, GetConsoleMode, GetLocaleInfoA, GetCurrentDirectoryA, GetDriveTypeA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEnvironmentVariableA, WritePrivateProfileStringW, lstrlenA, GlobalFlags, DeleteCriticalSection, GlobalFindAtomW, CompareStringW, LoadLibraryA, GetVersionExA, GlobalFree, FormatMessageW, LocalFree, InterlockedDecrement, CreateEventW, SuspendThread, SetEvent, WaitForSingleObject, ResumeThread, SetThreadPriority, CreateFileW, GetFullPathNameW, GetCurrentProcess, DuplicateHandle, CloseHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalUnlock, GetModuleHandleA, GlobalAddAtomW, GetCurrentProcessId, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesW, GetModuleFileNameW, lstrcmpA, GetLocaleInfoW, LoadLibraryW, CompareStringA, InterlockedExchange, GlobalLock, lstrcmpW, GlobalAlloc, FreeLibrary, GetModuleHandleW, GetProcAddress, FindFirstFileW, GetLastError, SetLastError, FileTimeToLocalFileTime, FileTimeToSystemTime, FindNextFileW, FindClose, lstrlenW, WideCharToMultiByte, GetVolumeInformationW, LockResource, GetLocalTime, EnterCriticalSection, MultiByteToWideChar, GetTimeFormatW, LeaveCriticalSection, SizeofResource, Sleep, InitializeCriticalSection, CreateDirectoryW, LoadResource, FindResourceW, GetDateFormatW, GetCommandLineW

ole32.dll

CoInitialize, CoTaskMemFree, CoCreateInstance, CoUninitialize

shell32.dll

ShellExecuteW

shlwapi.dll

PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathFindExtensionW

user32.dll

RegisterWindowMessageW, LoadIconW, WinHelpW, GetCapture, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetMenu, SetForegroundWindow, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, CopyRect, DefWindowProcW, CallWindowProcW, GetMenu, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, SetWindowPos, ShowWindow, SetWindowLongW, GetDlgCtrlID, IsWindow, SetWindowTextW, GetDlgItem, GetWindow, GetMenuItemID, GetMenuItemCount, GetSubMenu, CallNextHookEx, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, CharUpperW, GetSystemMetrics, GetSysColor, ReleaseDC, GetDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, GetWindowThreadProcessId, GetWindowLongW, GetLastActivePopup, IsWindowEnabled, MessageBoxW, SetCursor, PostMessageW, PostQuitMessage, DestroyMenu, UnregisterClassW, LoadCursorW, PtInRect, GetSysColorBrush, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, GetFocus, GetParent, ModifyMenuW, GetMenuState, EnableMenuItem, CheckMenuItem, GetClientRect, EnableWindow, GetMessageW, SendInput, ToAscii, TranslateMessage, GetKeyboardState, GetForegroundWindow, GetWindowTextW, SetWindowsHookExW, UnhookWindowsHookEx, SendMessageW, DispatchMessageW

winspool.drv

DocumentPropertiesW, ClosePrinter, OpenPrinterW

adobe_flash_update.exe

Flash Player Installer/Uninstaller by Adobe Systems

Remove adobe_flash_update.exe

Version:	10, 1, 53, 64
MD5:	beb2b6c28d7bc86f969f49b2185dd372
SHA1:	c963a36e099377390ec3ebfa5320a181aeab2e4f
SHA256:	e732d07252428bcfe935614b27cf86168c32b52ffc1234a15a12487b5dd81c7a

Warning 10 antivirus scanners has detected malware.

Overview

adobe_flash_update.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).

Details

File name:	adobe_flash_update.exe
Publisher:	Adobe Systems, Inc.
Product name:	Flash® Player Installer/Uninstaller
Description:	Adobe® Flash® Player Installer/Uninstaller 10.1 r53
Typical file path:	C:\users\user\appdata\roaming\adobe_flash_update.exe
Original name:	FlashUtil.exe
File version:	10, 1, 53, 64
Size:	312.5 KB (320,000 bytes)
Build date:	10/9/2011 5:21 PM
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Behaviors

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'Adobe_Flash_Update.exe' → C:\users\user\appdata\Roaming\Adobe_Flash_Update.exe

Network connections

[TCP] 183178245037.ctinets.com (183.178.245.37:20181)

Malware detections

Based on 40+ industry antivirus scanners, 10 of them detected the following malware.

Antivirus engine	Engine version	Detection
Avira AntiVir	7.11.105.42	TR/Agent.anpr.5
avast!	8.0.1489.320	Win32:Agent-ANPR [Trj]
AVG	13.0.0.3169	Win32/DH{QS17ICQi}
G Data	13.10.22	Win32.Trojan.Agent.HHAVLU
Ikarus	T3.1.5.4.0	Trojan.Win32.Agent
McAfee	5.600.1067	RDN/Generic.tfr!dp
McAfee Gateway Anti-Malware	v2013-dat	RDN/Generic.tfr!dp
Norman	7.02.06	Suspicious_Gen4.EITNY
Panda Antivirus	10.0.3.5	Suspicious file
Trend Micro HouseCall	9.700.0.1001	TROJ_GEN.RFFFH01FJ13

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00041056%	0.028634%
Kernel CPU:	0.00018693%	0.013761%
User CPU:	0.00022363%	0.014873%
Kernel CPU time:	2,652 ms/min	100,923,805ms/min
CPU cycles:	72,792/sec	17,470,203/sec
Context switches:	1/sec	284/sec
Memory
Private memory:	4.17 MB	21.59 MB
Private (maximum):	8.64 MB
Private (minimum):	5.07 MB
Non-paged memory:	4.17 MB	21.59 MB
Virtual memory:	64 MB	140.96 MB
Virtual memory (peak):	70.98 MB	169.69 MB
Working set:	8.61 MB	18.61 MB
Working set (peak):	13.8 MB	37.95 MB
Page faults:	14,931/min	2,039/min
I/O
I/O other transfer:	108 Bytes/sec	448.09 KB/min
I/O other operations:	8/sec	1,671/min
Resource allocations
Threads:	4	12
Handles:	5368	600
GUI GDI count:	9	103
GUI GDI peak:	13	142
GUI USER count:	20	49
GUI USER peak:	20	71

Process properties

Integrety level:	Medium
Platform:	32-bit
Command line:	"C:\users\user\appdata\roaming\adobe_flash_update.exe"
Owner:	User
Parent process:	explorer.exe (Windows Explorer by Microsoft Corporation)

Threads