» 5kplayer.exe
Overview
Analysis
File Details
Downloads (2)

5kplayer.exe

Lom

ConnectorPrompt (Alpha Criteria Ltd.)

The application 5kplayer.exe, “Lom Setup ” by ConnectorPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.clearcentralmega.com and multiple other hosts.

File name:

5kplayer.exe

Publisher:

Cesefu (signed by ConnectorPrompt (Alpha Criteria Ltd.))

Product:

Lom

Description:

Lom Setup

Version:

5.6.1.6

MD5:

3dc2462eaa50ea4f20e70134f8753373

SHA-1:

1ed77b0887e917a8e8c893853bcee82200ac7cb2

SHA-256:

f755340939af7a435fbe07553487e254fc827c4adc603255dc0123b921d282e9

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/28/2024 1:55:52 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.12.26.8

File size:

984.8 KB (1,008,424 bytes)

Product version:

2.7

Program

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\5kplayer.exe

Digital Signature

Signed by:

ConnectorPrompt (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/16/2015 1:14:48 PM

Valid to:

9/2/2016 1:24:46 PM

Subject:

CN=ConnectorPrompt (Alpha Criteria Ltd.), O=ConnectorPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217E0EDD2E1DDD472DD3F530839DDFB6DF

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9016

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file 5kplayer.exe has been seen being distributed by the following 2 URLs.

http://www.clearcentralmega.com/jJK_uNZ9mhsYjjDGud eBTeLP1EDn4oQN0zAhF1TEIvJD7uhubUrgivXLk0TUCskHQj3gQzl4pjanh2z3PG12och8kfqRUl5sNzEi OTcnnBBp5oOulE4W_koI5zhB8xjdCk_Jp54WPTofipvNlv83OQaMqtpcHrqDpqmBnTQ0HOSYbFZL5 sV4mfFZpxw c_MKnJ5ujEIUidPv8aWkuh_obdCh_pWbH0aZDFTBtTk OhEQFiQr2k6FJiP9RqkYSyF5JIabJknI3sJ6S4Z11cyaVqc4ssF OyEXHsB i1Hr0qBUQB6P2DQ8GujINcETVDGQGZfjWka9IZkOwxMIMqb0aw8c59jdeMqtMiwe3JTKQl9ScJI VUgBvZ5uawJWljIuBHCbKzwcqjHfGB6xrm2ifPCDy7aLjG uzqoa3nIV5rGWIy23Xv3GM5lyxTVGA7XG5RHoq6z6gnXQ7fzqhxg2oWeXIf8 TBaxbRttDAvps9JZqvrMe51 UyQ8QD6am1EzRwwjN-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/rsRvWXjX2AgTjP8D7 m2 LXLL5o1UtsihzpLzs0BG8I1t1UrWoh6FRa_I0eP4av957S7 MpJCj7a71HbUsyVylaCl5VzNWKZ nCMvapy50cJ CIsgRuGT5dbdj 8YpclMOor8YL3LECU_jp_fgrwuC1nBlrjyuSoVTGkGTSMlWzGE25x6TfPBtY7OlEoLo0ZEEeBvf9mRCu4aflL9tg1s0VuI4ufpVVPXZFt2OMlt5AvVHoXlRjunkk2_4enAmYJDuFURZ5DeG7Y5FIIyAlrZ1TOWm0dcOgjmhnWSJ hWo2tZR uk0eVv4Pcq0x _5PUrnteQaC3NZ_754QUr otaNkHqSZB36MiSS EqZaHD0tjQIQN1kFITovoYWolxl_ozwWdbJ93Bf5g5Es3g O1tMjwDfIqrx3czpmYbP7umYXUxu9IOMmOCAe8WmVrwZajH7xz oWUj7pmXC8XRTI3apLIlgyxDuwe1y1DPFagRn_UiIytBaXvsnf_szSjWEQltpw5HU5-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

Remove 5kplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.