bsplayer266.1075.exe

AB Team d. o. o.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from 152.16.200.200 and multiple other hosts.
Publisher:
AB Team d. o. o.  (signed and verified)

MD5:
5a43da95b74563ae57884ed5c4543885

SHA-1:
aa1cee9018ade9af71e75d3868990c95247ea2e6

SHA-256:
8f2345e1ffafad8c6675c29f04d452e214706974d9e204c23076a3098a473d9b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 12:42:24 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131218

File size:
10 MB (10,511,384 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bsplayer266.1075.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
11/7/2012 6:56:23 PM

Valid to:
1/2/2015 3:31:31 PM

Subject:
E=info@abteam.si, CN=AB Team d. o. o., O=AB Team d. o. o., L=Ljubljana, S=Ljubljana, C=SI

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F5B096D2BC17224819F6D88085887D85

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:PMBCKWnSXmhvb9TrlQigJvsy8Yc1+QqFXZhoqhtHvKA4WbrNXmDc/0:GCKz4dQZvB8v1GNZhoqhBvKoEDcc

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file bsplayer266.1075.exe has been discovered within the following programs.

AION Free-To-Play  by Gameforge 4D GmbH
Aion is a massively multiplayer online role-playing game.
www.Gameforge.com
10% remove it
BS.Player FREE  by AB Team, d.o.o.
BS.Player FREE bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.bsplayer.com
28% remove it
 
Powered by Should I Remove It?

The file bsplayer266.1075.exe has been seen being distributed by the following 7 URLs.

http://152.16.200.200:8282/.../bsplayer_installer.exe

Scan bsplayer266.1075.exe - Powered by Reason Core Security