home

bsplayer257-1051ennew.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from www.go4it.ro.
MD5:
4c10411357d2a53ab646173fd93fbddd

SHA-1:
2c4c3daeca59aea636ac7e5ba60c361c0217bebb

SHA-256:
843569a9ff45bc0a1e49896cd7ab451572ab43bf16b3c1132476fa3b8323fbdc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 3:27:55 PM UTC  (today)

File size:
14 MB (14,642,392 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\bsplayer257-1051ennew.exe

File PE Metadata
Compilation timestamp:
3/30/2008 12:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:cB5NhttxkF6L5P58BQnc+PBvKwxLTOVkr39L:cZ8FQ5CmPtyVa

Entry address:
0x30E3

Entry point:
85, CE, 84, D8, 68, 01, 62, E8, 00, 57, 77, 07, F6, C4, B2, 84, DB, 2C, 2E, 84, C9, 01, D9, 0F, BE, DF, 69, F0, 4F, 97, 0F, 5A, 11, CE, F6, C1, D6, 78, 08, 0F, AF, EB, 03, D8, 0F, BF, CD, EB, 03, C6, C5, 4C, 8D, 15, DE, 04, 00, 00, 80, C0, 4B, 88, E9, 2D, EE, 47, E1, F2, 81, C2, 4B, 00, 00, 00, 89, FE, 19, F6, 87, F1, 8D, 3D, 95, 1D, 14, A9, 86, CC, 19, DF, 0F, AF, CF, BB, 87, EA, 00, 17, 0F, B6, CE, 81, EA, B5, 1E, 00, 00, C7, C3, 5D, 8F, 4B, 4D, 81, C2, B4, 1E, 00, 00, 89, FB, FE, CF, 0F, AF, EA, 0F, AF...
 
[+]

Entropy:
7.9990  (probably packed)

Code size:
23 KB (23,552 bytes)

The file bsplayer257-1051ennew.exe has been seen being distributed by the following URL.

http://www.go4it.ro/.../8037592

Scan bsplayer257-1051ennew.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.