3.8.0.118_20140117010318.exe

The KMPlayer

KMP Media co., Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
PandoraTV  (signed by KMP Media co., Ltd)

Product:
The KMPlayer

Description:
The KMPlayer Setup/Install

Version:
3.8.0.118

MD5:
d33c6774f8be77df75f1e5701be42934

SHA-1:
5d05ba9bc524a907fef69a88fd9ceddc3797d577

SHA-256:
1c168efbf955067247e51bb12211f92e442e2a7661c699c87323190d57ef89e7

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/23/2024 11:53:36 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14120

Trend Micro House Call
TROJ_GEN.F47V0117
7.2.22

File size:
30.7 MB (32,228,904 bytes)

Product version:
3.8

Copyright:
Copyright PandoraTV 2013.

Trademarks:
Freeware

Original file name:
KMPlayer_3.8.0.118.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/8/2012 4:00:00 AM

Valid to:
10/9/2014 3:59:59 AM

Subject:
CN="KMP Media co., Ltd", O="KMP Media co., Ltd", L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
66502206A0488141A898E4B41EE1FD92

File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
786432:zt1SssrZSlG+ynH/Q7E4+s8hvZ8WLn45FI1zOn4OQA:zDSsMZSIHo7E4+RhmWLmqEdh

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file 3.8.0.118_20140117010318.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file 3.8.0.118_20140117010318.exe has been seen being distributed by the following 12 URLs.

https://dw.uptodown.com/dwn/8gJAtnhwzGTThhyjzLahheOLpB6HSsemYbjW60ZYtEhi-OtOC3_iozkRFyhpbJhAeKTeptvQtb85CxHbCtOi8_z2zoPAbuMArEvh9rEJV7jOrziVFBnNz649aULYSuNE/WQxT8btttWRvDoEFGK6bFczKrigh66g6lxq1HvYFzZOb1CLXeS8p0cxzeASr7pIllF0-j0Sp-DRjnDmpCcAJdJT1zSWFVZHDtOGrkCr1Nvg3ee5fa_tcgcJmGktANblO/psH7KecuM-I8U_-8Jz_5mt0ify_4P34kxUv0SiwHdp2Uy_w7q4r6Uq0wxGSb7Gmun0Pbrv2pkG4iDtqrQ7Cyv42BQO4HwcTzUcZRQucvQKWC6RjAlcQo7MHRHgUfs0oo/.../

https://dw.uptodown.com/dwn/BnIRrlK-TmDu1Khxbv_3BnzGJCBh71196nlr3KkPv34rdSZD5i5ogOStkJ8UFhdw2SY5zEg_wn6mdy-j5_4tH761MzpvmiXb5ja0pDfFDcwoi5YhNaT_-zQ3LeUngEyt/Cuzzq3tDHxO2f-8O--QXl9xEZITCDikSxfS36KNtNjdFgl_erc9Nx870nHP_ngB5WrwW-zaFlCsX7LoAxAUrjfd3Y96x86jIydAEngGoTxUo3dJqLDcCsm_9izKcWQMv/R0PZnQ3NtdoELGzamt6Ruz1-6-7q47yTjoxT0X47QZepcoY8l0uoTG2EFwt7qgzSjI2IWT3P88O8PJRJy9NojVq3bcVEzFL10zL7_mMeaP22MGdpijSLH9AyOyr1p8pU/.../

http://software.thaiware.com/download_url.php?id=10794

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Scan 3.8.0.118_20140117010318.exe - Powered by Reason Core Security