alloplayer.exe

Kreapixel

The application alloplayer.exe by Kreapixel has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Description:
Alloplayer

Version:
2.5.0.0

MD5:
2d0bb9dc460f04ad4a5b1d4ee2aea3c3

SHA-1:
cb10c138eadb10fdd55808ee520f592361911804

SHA-256:
0778bfea920b0780b4590f38ebf501fc3d8829400ecde77b3548a8fc40b2a164

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/25/2024 4:34:36 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
17623

Dr.Web
Trojan.Crossrider.9
9.0.1.018

ESET NOD32
Win32/AdWare.Illyx
8.9299

Fortinet FortiGate
Riskware/Illyx
1/18/2014

Reason Heuristics
PUP.Kreapixel.K
14.2.22.2

Sophos
Kreapixel
4.96

Trend Micro House Call
TROJ_GEN.F47V0115
7.2.18

ViRobot
Adware.Agent.828272
2011.4.7.4223

File size:
808.9 KB (828,272 bytes)

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\alloplayer.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/28/2013 2:00:00 AM

Valid to:
4/29/2014 1:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:c6Wq4aaE6KwyF5L0Y2D1PqLODFQORyvZD4j:athEVaPqLODFbhj

Entry address:
0x10CF20

Entry point:
60, BE, 00, B0, 4C, 00, 8D, BE, 00, 60, F3, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file alloplayer.exe has been seen being distributed by the following 7 URLs.

http://clic.illyx.com/aff_c?offer_id=1224&aff_id=3644&source=www.allostreaming-fr.com

http://clic.illyx.com/aff_c?offer_id=1224&aff_id=4418&source=www.mistergoodmovies.net

Remove alloplayer.exe - Powered by Reason Core Security