comboplayer-silent-installer.exe

ComboPlayer Installer

ROSTPAY

The application comboplayer-silent-installer.exe by ROSTPAY has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address server10.ext.freeteam.org on port 80 using the HTTP protocol.
Publisher:
ROSTPAY LTD.  (signed by ROSTPAY)

Product:
ComboPlayer Installer

Version:
1.0.0.2

MD5:
40a997409d7f783491dc854f6ad11cb4

SHA-1:
21a144d6916b3978c764927f25659e5b24a7348d

SHA-256:
99cb7912c651aab4a263125fbe101241c62519c2d6f5febeb3a71caa87b9ccf6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 8:38:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog.ROSTPAY.Installer (M)
16.6.29.14

File size:
1.2 MB (1,307,760 bytes)

Product version:
1.0.0.2

Copyright:
ROSTPAY LTD. All rights reserved. 2014

Original file name:
ComboPlayer Installer

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\comboplayer-silent-installer.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
12/17/2014 9:05:04 AM

Valid to:
12/16/2016 1:35:09 PM

Subject:
CN=ROSTPAY, O=ROSTPAY, L=Rostov-on-Don, C=RU

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27ED6D593F8321

File PE Metadata
Compilation timestamp:
6/28/2016 9:50:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:Q4M8jpzMcleKxN039+uHAbeJbuGUots1T695lOi:B1PfN037UotsF6vF

Entry address:
0x3175D0

Entry point:
60, BE, 00, 70, 63, 00, 8D, BE, 00, A0, DC, FF, C7, 87, 34, 61, 27, 00, F9, 39, 8D, C6, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 11, 58, 31, 00, 57, 83, C3, 04, 53, 68, CC, 05, 0E, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Code size:
904 KB (925,696 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server10.ext.freeteam.org  (46.46.160.235:80)

TCP (HTTP):
Connects to cache.google.com  (109.195.105.87:80)

TCP (HTTP):
Connects to nrt12s01-in-f142.1e100.net  (216.58.197.142:80)

Remove comboplayer-silent-installer.exe - Powered by Reason Core Security