home

chit vaym robit.exe

Windows Media Player Folder Sharing Executable

Strong Media

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application chit vaym robit.exe, “Windows Media Player Folder Sharing Executable” by Strong Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from mediadisk.net.
Publisher:
Microsoft Corporation  (signed by Strong Media)

Product:
Microsoft® Windows® Operating System

Description:
Windows Media Player Folder Sharing Executable

Version:
11.0.5721.5262 (WMP_11.090130-1421)

MD5:
78f7acc47edb3e0a85c7c0e9eb8193ce

SHA-1:
8293f67a3b21e14834ede2046923873bfeffd149

SHA-256:
5cf566e10b81a434dbadbe7481e5d93e329269c219a43a4ac18249ec4e840ffc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/10/2025 3:12:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Strongmedia
16.7.18.8

File size:
914 KB (935,912 bytes)

Product version:
11.0.5721.5262

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wmpshare.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\chit vaym robit.exe

Digital Signature
Signed by:
Strong Media

Authority:
COMODO CA Limited

Valid from:
6/14/2016 6:00:00 AM

Valid to:
6/15/2017 5:59:59 AM

Subject:
CN=Strong Media, O=Strong Media, STREET="Sokolniki Square, 4 A", L=Moscow, S=Moscow, PostalCode=107113, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE80B6BBB2E40F5F7B3C2F4B76F141D9

File PE Metadata
Compilation timestamp:
7/14/2016 6:14:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:qtbFgq60ijPuYGfMze8+o6xRpcOH4kLZwQRhk7n:qti0qPufrtCODLZhRhk7n

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, 20, 04, 00, 00, 68, 4C, 20, 4D, 00, FF, 15, 0C, 70, 4B, 00, 8B, 45, EC, 69, C0, 56, A0, EC, 11, 89, 45, F8, 68, 54, 20, 4D, 00, FF, 15, 98, 70, 4B, 00, 8B, 55, F8, 8B, 4D, EC, D3, E2, 89, 55, F8, 8B, 45, A4, 2B, 45, AC, 89, 45, AC, 8B, 55, 90, 8B, 4D, AC, D3, E2, 89, 55, B4, 8B, 45, 9C, C1, E0, 75, 89, 45, 98, 8B, 55, 90, 8B, 4D, 88, D3, EA, 89, 55, 8C, 8B, 45, A8, 69, C0, FF, 92, 4C, 0A, 89, 45, A8, FF, 15, 28, 71, 4B, 00, C6, 85, D4, FE, FF, FF, EA, 8B, D2, 8B, 55, 08, 8B, D2, 89, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
725.5 KB (742,912 bytes)

The file chit vaym robit.exe has been seen being distributed by the following URL.

http://mediadisk.net/go/.../1360274

Remove chit vaym robit.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.