comboplayer-silent-installer.exe

ComboPlayer Installer

ROSTPEI LTD

The application comboplayer-silent-installer.exe by ROSTPEI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.comboplayer.ru and multiple other hosts. While running, it connects to the Internet address server10.ext.freeteam.org on port 80 using the HTTP protocol.
Publisher:
ROSTPAY LTD.  (signed by ROSTPEI LTD)

Product:
ComboPlayer Installer

Version:
1.0.0.2

MD5:
e65b2d745c3d9858365622dde7679e80

SHA-1:
1778c1449aa17375109daeeabcfbc03f5e4ab7ca

SHA-256:
f0c68b945bd6dbb06fbbedab27465c100ac02efc27d3c056bd5bf1bdcf2d1e9b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 7:24:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog (M)
16.12.28.10

File size:
1.2 MB (1,306,840 bytes)

Product version:
1.0.0.2

Copyright:
ROSTPAY LTD. All rights reserved. 2014

Original file name:
ComboPlayer Installer

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2016 8:00:00 AM

Valid to:
8/27/2019 7:59:59 AM

Subject:
CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET="str. Dolomanovsky, 70D, office 1001", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
57F3D607DA7727B586CD4AFC0D5D8D37

File PE Metadata
Compilation timestamp:
12/28/2016 4:35:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x317640

Entry point:
60, BE, 00, 70, 63, 00, 8D, BE, 00, A0, DC, FF, C7, 87, 34, 61, 27, 00, F9, CA, E7, 7F, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 1E, 58, 31, 00, 57, 83, C3, 04, 53, 68, 3E, 06, 0E, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Code size:
904 KB (925,696 bytes)

The file comboplayer-silent-installer.exe has been seen being distributed by the following 2 URLs.

https://www.comboplayer.ru/download_installer?p=du&silent_mode=true

https://www.comboplayer.ru/download_installer?affalias=du&silent_mode=true

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server10.ext.freeteam.org  (46.46.160.235:80)

Remove comboplayer-silent-installer.exe - Powered by Reason Core Security