» fplayer_86_64.exe
Overview
Analysis
File Details
Downloads (1)

fplayer_86_64.exe

The executable fplayer_86_64.exe has been detected as malware by 31 anti-virus scanners. The file has been seen being downloaded from doc-0s-10-docs.googleusercontent.com.

File name:

fplayer_86_64.exe

Version:

1.1.13.01

MD5:

461854d6b937255eff3944b4f84116cb

SHA-1:

d9642f9ed73a430489050778a95bba79374039b6

SHA-256:

c6cfda4ceff7e2d7cf16600376ec7385510edcfaa85a0c1e0c8051b9831462b3

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

11/23/2024 6:13:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.50329

219

AhnLab V3 Security

Trojan/Win32.Generic

2014.06.06

Avira AntiVirus

TR/Cutolomo.A.8

7.11.153.56

avast!

Win32:Dropper-gen [Drp]

2014.9-160629

AVG

Generic35

2017.0.2697

Baidu Antivirus

Trojan.Win32.Dapato

4.0.3.16629

Bitdefender

Gen:Variant.Strictor.50329

1.0.20.905

Bkav FE

HW32.CDB

1.3.0.4959

Comodo Security

UnclassifiedMalware

18444

Dr.Web

Trojan.DownLoad3.31540

9.0.1.0181

Emsisoft Anti-Malware

Gen:Variant.Strictor.50329

8.16.06.29.03

ESET NOD32

JS/ExtenBro.FBook.AM

10.9898

Fortinet FortiGate

W32/Dapato.DLFR!tr

6/29/2016

F-Secure

Gen:Variant.Strictor.50329

11.2016-29-06_4

G Data

Gen:Variant.Strictor.50329

16.6.24

IKARUS anti.virus

Trojan.Win32.Cutolomo

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.1712319

Kaspersky

Trojan-Dropper.Win32.Dapato

14.0.0.-18

McAfee

RDN/Generic Dropper!tt

5600.6353

Microsoft Security Essentials

Trojan:Win32/Kilim.H

1.10600

MicroWorld eScan

Gen:Variant.Strictor.50329

17.0.0.543

NANO AntiVirus

Trojan.Win32.Dapato.ctkohj

0.28.0.60100

Norman

Troj_Generic.SJOMF

11.20160629

Panda Antivirus

Trj/CI.A

16.06.29.03

Qihoo 360 Security

Win32/Trojan.2d1

1.0.0.1015

Quick Heal

Trojan.Cutolomo.r3

6.16.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.181

Trend Micro

TROJ_FORUCON.BMC

10.465.29

Vba32 AntiVirus

TrojanDropper.Dapato

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29974

File size:

459.5 KB (470,528 bytes)

Product version:

1.1.13.01

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\fplayer_86_64.exe

File PE Metadata

Compilation timestamp:

1/28/2014 9:56:09 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:8NjL6R54mcyC/7nMfoAXgtPeoNgLgIzga28y3+v8q/vOIO6jIkaq:WZmVDXXgReo6LQa281xv1O1

Entry address:

0xDA2CB

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Entropy:

7.0850

Packer / compiler:

ASPack v1.08.04

Code size:

579 KB (592,896 bytes)

The file fplayer_86_64.exe has been seen being distributed by the following URL.

https://doc-0s-10-docs.googleusercontent.com/docs/securesc/qgb0ieu9ho3ngfrqvo53nhips4puggkk/h26epg7gk8rsp5a0ndq4qvkeghnhlq1i/1391018400000/07882080035361256283/.../0B63UaIFEQAI7OTd3UUpzZDlpUTQ?h=16653014193614665626&e=download

Remove fplayer_86_64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.