comboplayerinstaller.exe

ComboPlayer Installer

ROSTPEI LTD

The application comboplayerinstaller.exe by ROSTPEI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.comboplayer.ru. While running, it connects to the Internet address server10.ext.freeteam.org on port 80 using the HTTP protocol.
Publisher:
ROSTPAY LTD.  (signed by ROSTPEI LTD)

Product:
ComboPlayer Installer

Version:
1.0.0.2

MD5:
b9f4a1d4790997a6944e56fca7a614b0

SHA-1:
b0db6691d79360f60d89fde4e9b36d4758f7af84

SHA-256:
abae435166eeed47e55c17d8aaed9228280fb655ba45b7443b9f5aa9e2be502a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 11:18:12 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog (M)
17.1.25.13

File size:
1.2 MB (1,307,864 bytes)

Product version:
1.0.0.2

Copyright:
ROSTPAY LTD. All rights reserved. 2014

Original file name:
ComboPlayer Installer

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\comboplayerinstaller.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2016 3:00:00 AM

Valid to:
8/27/2019 2:59:59 AM

Subject:
CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET="str. Dolomanovsky, 70D, office 1001", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
57F3D607DA7727B586CD4AFC0D5D8D37

File PE Metadata
Compilation timestamp:
1/25/2017 1:12:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x318A50

Entry point:
60, BE, 00, 80, 63, 00, 8D, BE, 00, 90, DC, FF, C7, 87, B0, 71, 27, 00, E3, E3, DB, 36, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 98, 68, 31, 00, 57, 83, C3, 04, 53, 68, 4A, 0A, 0E, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Code size:
904 KB (925,696 bytes)

The file comboplayerinstaller.exe has been seen being distributed by the following URL.

https://www.comboplayer.ru/download_installer?p=du&silent_mode=true

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server10.ext.freeteam.org  (46.46.160.235:80)

TCP (HTTP):
Connects to bd05821d.virtua.com.br  (189.5.130.29:80)

Remove comboplayerinstaller.exe - Powered by Reason Core Security