animated player mod-1.5.0.exe

Gesamubosi

Parsec Media S.L.

The application animated player mod-1.5.0.exe, “Gesamubosi Setup ” by Parsec Media S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.senddeliveryshare.com.
Publisher:
Parsec Media S.L.  (signed and verified)

Product:
Gesamubosi

Description:
Gesamubosi Setup

MD5:
d837fb0f1e56d7bfbc92e7b3c9909d1d

SHA-1:
2352e611dc0a5b44da0f9035623b3b51ba02a96d

SHA-256:
27572db670ac4c4e9e50528319ae6087049b50c7b4fe0545cf4abbab4ea158cc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/30/2024 8:53:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.4.9

File size:
1.2 MB (1,259,512 bytes)

Product version:
2.4.8

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\animated player mod-1.5.0.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/20/2016 5:02:38 PM

Valid to:
1/20/2017 5:02:38 PM

Subject:
CN=Parsec Media S.L., O=Parsec Media S.L., S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121664972E6D57B8AC3433073871EDF1FEA

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file animated player mod-1.5.0.exe has been seen being distributed by the following URL.

http://www.senddeliveryshare.com/Cr2LgXNb3siCYa3DkoOzzJyk1dH51LioodFnVjq_Qnv_g wANDe Ouw2zAJUPCNQoeIPpjAYZ0ifqT5Er0tuFfNmlRsd5uEiXwh_WAADCURrgfCPnM3xjRm0DyUmYYauuxM4lwxCXyF9kEnqsWzT5dgrM9z4whxIWlFkcxHaymLyz9TgJ6neKP6laWKijR4UX9wUhAzUjwgEru9G66msi2xiRb j_GoUXy6dGHKJbnA_ d CeazKx8KjoB4SF3t7qZ5anDKHooydE2NB7i9utnPz3JhZbk6dd2jWoUSudUVnvFcrBmoO6rtDJvCrJ442iv0IKcnkR0HemEvDcVZiVU4Rq1mMCjia9ax3JOrGelI1bDh9tstHf6jwnW8f9ELH 5l7PQsLaqrFFCv2H7s_7recSS680TaPIN979_AL 8DjQEupejFmSXBabz c7o547etlSzde60uExZklEwSw5 lUfbL6uQ==-G1IAAERPFpMLWZKUwDyaoNDJ6UHx8Acta4HkYR5jGd9AEr9xCM1BOSUK0cWan fwtK5qr5ttNVbbQCz4BA==

Remove animated player mod-1.5.0.exe - Powered by Reason Core Security