blitzmediaplayersetup.exe

Jenkat Media, Inc

The BlitzMediaPlayer is an adware program that is desigend to provide a 'free' media player (which is just a wrap of a number of open source components) but also will monitor a user's web browser activity and display out of browser context advertisements and malvertisements based on such activity in order to get the user to download bundled adware distributions from (DomalIQ, AirInstaller and others). The application blitzmediaplayersetup.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Jenkat Media, Inc  (signed and verified)

MD5:
16957fda945d17fc2cad797c1fcfff9a

SHA-1:
e248aeaf42f3c6edba3607ef41da8e5f2a845677

SHA-256:
f6f18559d920709fe2729c47d756b79aa7e487a3647524c0a46339d54812565b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 3:52:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.22.6

File size:
10.5 MB (11,004,048 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\20160\blitzmediaplayersetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/26/2014 7:00:00 PM

Valid to:
3/29/2015 7:59:59 PM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D7470CB5DF1CA3BBA22A38CF2E4AF70

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:ountkJEcQx2Ushx6AyK8T3k/R4IQIFqigugpMpvdB5MlUspYEq:DgE1XKMtK8T3CaIQRvqpvdvMlBYEq

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9974

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove blitzmediaplayersetup.exe - Powered by Reason Core Security