blitzmediaplayersetup.exe

Jenkat Media, Inc

The BlitzMediaPlayer is an adware program that is desigend to provide a 'free' media player (which is just a wrap of a number of open source components) but also will monitor a user's web browser activity and display out of browser context advertisements and malvertisements based on such activity in order to get the user to download bundled adware distributions from (DomalIQ, AirInstaller and others). The application blitzmediaplayersetup.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Jenkat Media, Inc  (signed and verified)

MD5:
427e85f195aae475a7e9426ba2ec62ed

SHA-1:
9c9d2314830eb9c4345d872add4e95c127d382a8

SHA-256:
27df6015d9e8cb172b5c6d8986d16dd58013c1ee99b5f2ca56c7a4d642d9cdb8

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Analysis date:
11/23/2024 4:28:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.StrongVault.B
913

AVG
Downloader
2015.0.3391

Comodo Security
ApplicUnwnt
19100

Dr.Web
Adware.W3i.39
9.0.1.0218

ESET NOD32
MSIL/Adware.StrongVault (variant)
8.10212

F-Secure
Adware.StrongVault.B
11.2014-06-08_4

McAfee
Artemis!427E85F195AA
5600.7047

MicroWorld eScan
Adware.StrongVault.B
15.0.0.654

Qihoo 360 Security
Win32/Trojan.Adware.9be
1.0.0.1015

Reason Heuristics
PUP.Installer.JenkatMedia.V
14.8.6.10

Rising Antivirus
PE:Trojan.Win32.Generic.16D39039!382963769
23.00.65.14804

Trend Micro House Call
TROJ_GEN.F47V0527
7.2.218

VIPRE Antivirus
Jenkat Media
31974

File size:
10.5 MB (11,015,880 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\blitzmediaplayersetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/26/2014 6:00:00 PM

Valid to:
3/29/2015 6:59:59 PM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D7470CB5DF1CA3BBA22A38CF2E4AF70

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:ECntkJEcQx2Ushx6AyK8T3k/R4IQIFqigugpMpvdB5MlUspYEM:E8gE1XKMtK8T3CaIQRvqpvdvMlBYEM

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9973

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file blitzmediaplayersetup.exe has been seen being distributed by the following URL.

Remove blitzmediaplayersetup.exe - Powered by Reason Core Security