Sanflex – 33% Detection Rate – WebInstallBundle, DownloadAdmin and Artemis

Hello! Just a quick post on a file named installer_adobe_flash_player_Swedish.exe signed by Sanflex. The following screenshot shows the User Account Control dialog when running the Sanflex file:

Sanflex publisher

By looking at the certificate we can see that Sanflex appears to be located in San Fransisco, United States of America.

Sanflex certificate

The problem here is that if installer_adobe_flash_player_Swedish.exe really was a setup file for the official Adobe Flash Player, it would be digitally signed by Adobe Systems Incorporated and not by some unknown company. This looks very suspicious.

If you are considering to run the Sanflex signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program. Big thanks to VirusTotal for the scan result.

Sanflex virustotal

F-Secure detects installer_adobe_flash_player_Swedish.exe as Adware:W32/WebInstallBundle, Fortinet reports Riskware/DownloadAdmin, Malwarebytes classifies it as PUP.Optional.DownloadAdmin and McAfee detects it as Artemis.

Did you also find a Sanflex file? What kind of download was it?

Thanks for reading.

2 thoughts on “Sanflex – 33% Detection Rate – WebInstallBundle, DownloadAdmin and Artemis

  1. Hi Roger,
    File Viewer Lite 1.2 by Sharpened Productions also use a Sanflex signed installer file (fileviewerlite12-setup.exe). Should I avoid installing it? By the way, today I received an alert from SEP (Symantec) protection software that fileviewer_d5023377.exe had been removed and quarantined. I believe it was the installer file for my previous version of the program ( Should I uninstall this version?

Comments are closed.