Looks like I was infected by some virus, no idea where I got it.
It's .NET
 
You have to run it like this in order to run:
adobe_flash_player.exe /00000017

 

Anyone can decompile this and find out what's doing? Looks like a custom obfuscator was used. De4Dot is cleaning it up but strings and other data is still encrypted.

 

 

Thanks!

adobe_flash_player.rar

Edited September 30, 20159 yr by bomblader

"Malware" lol

 

 

 

Whatever protection was used, this looks like some seriously skidded shit

Pretty boring and ordinary malware, calls home, download commands, does some downloads (pay-per-click scam?), uploads stuff and other boring crap. 

 

Deobfuscate only inside VMware using this command-line:

de4dot adobe_flash_player.exe --strtyp delegate --strtok 06000195

I think it's some kind of shitty thing that visits webpages.

 

The problem is, I have absolutely no idea where I got this. I always run executables sandboxed and it also added itself to HKLM startup (I ran the infected .exe as administrator, wtf)

 

Also, what decompiler you are using? (Sweden)

Edited September 30, 20159 yr by bomblader

Only you can figure out where it came from, as that information is only present on your computer. I would start with information from NTFS LastWriteTime and registry key LastWriteTime, then move on to Prefetch folder, firewall logs, browser cache and other forensic information. But if you deleted it already, well... tough luck!