hdqplayersetup.exe

The executable hdqplayersetup.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ttb.getnwfile.com and multiple other hosts. While running, it connects to the Internet address server-52-85-83-135.lax1.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
a041a5febf21ae04d666937e0db1860e

SHA-1:
c723b469d9ac34b0960893d15e65250d80fdfa18

SHA-256:
e06b7cff05c1960a49c66813a9ba53dd6b4e2cde4e112b68c4fafa1dcdcc12f3

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/22/2024 10:47:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.5.23

File size:
2 MB (2,139,058 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\hdqplayersetup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:04B5rIqOxcjcfx8JsFcIerT70o31qf3Z/YNNvJDy:0opIVcjcfx84te3I8QPyNt9y

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file hdqplayersetup.exe has been seen being distributed by the following 50 URLs.

http://ttb.getnwfile.com/download/request/.../iG7IkXww?__tc=1464990434.269&lpsl=8c5aa5ba988166cb1edbc3d9bc7bb8f5&expire=1465076827&PubID=17310&slp=www.newfrifile.com&uuid=313e18da-317b-4849-b3b8-474ef2ed0c6c&ClickID=201228662683&fileName=Setup

http://ttb.fivefilebv.com/download/request/.../v5UaierS?__tc=1465348311.03&lpsl=d1a5eb681fc327043861562cbfb3f790&expire=1465434706&subID=MjYzIzI3ODAjMTA1IzIwNjk2fDI4Nzg1OXxCUnwzfDF8fHx8MDQ3NGRlYjEtMmQxNS0xMWU2LWFmZWEtZjhiYzEyNTM5ZmY0&slp=www.getfileex.com&fileName=Setup

http://bkool.com.s3.amazonaws.com/.../setup.exe

http://ttb.getfileso.com/download/request/.../iG7IkXww?__tc=1463590249.601&lpsl=0bd8acca9beb32130a89dd43fed68637&expire=1463676632&PubID=17310&slp=www.newfrifile.com&ClickID=179796861754&fileName=Setup

http://gsf-cf.softonic.com/14c/c9e/.../setup.exe

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1476650837.844&ClickID=eyJpIjogIkZCQzJCQTA5LUQ5NDQtNENDNy1BNEFCLTMyQzk4NEQzMTkyRiJ9&s1=banner6040&fileName=Setup

http://ttb.dllfilebv.com/download/request/.../v5UaierS?__tc=1463052721.82&lpsl=8df09b683ed0c8f09f46afb0c40980c4&expire=1463139117&subID=MjYzIzI3ODAjMTA1IzIwNjY3fDI4NDM4NXxCUnwzfDF8fHx8MDc1NWFlNzItMDcyYy0xMWU2LWJkODUtMWNjMWRlMDQyZjAw&slp=www.getfileex.com&fileName=Setup

http://ttb.getfileso.com/download/request/.../v5UaierS?__tc=1463622296.646&lpsl=b09934d029e7d36eca1de2c40c5c89b3&expire=1463708691&subID=MjYzIzI3ODAjMTA1IzIwNjY3fDI4MjEyNnxCUnwzfDF8fHx8NWJkZTYxYzEtMWQ2Mi0xMWU2LWJhZmItMWNjMWRlMDQyZjAw&slp=www.getfileex.com&fileName=Setup

http://cdn.downloadcocci.com/.../setup.exe

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1471748403.698&ClickID=eyJpIjogIjY0ODg3NUNELUMyQTYtNDIyMy05NERBLTkyRUIxNEQ3MThBNCJ9&s1=banner6054&fileName=Setup

http://ttb.newfrifile.com/download/request/.../iG7IkXww?__tc=1471640727.408&ClickID=212016104215&PubID=17310&fileName=Setup

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1476555287.37&ClickID=eyJpIjogIjBDNTY0MUI2LUZDMTEtNEFCRC1BRDQ1LTg0MDU3MzcyRERCMyJ9&s1=banner6052&fileName=Setup

http://www.lpcloudsvr302.com/.../Setup.exe

http://ttb.bestileer.com/download/request/.../O8S4c3rB?__tc=1477846042.033&ClickID=eyJpIjogIjM3NUM4OTIwLTExQTYtNDgxMi1BMDNBLTg1NUQ2NDY2OTFDQSJ9&s1=bannerTR&fileName=Setup

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1476407634.125&ClickID=eyJpIjogIkRFQ0Y2RjU5LTVBNkMtNEI1OS1CMEY2LUFCOTRBMjc2N0ZDNSJ9&s1=banner6040&fileName=Setup

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1468120017.988&ClickID=eyJpIjogIjU2QjM4RjQzLUEwMEQtNDYyOC04RUIwLTk2RTc4NTAzQkNEMyJ9&s1=banner6040&fileName=Setup

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1464460694.325&lpsl=0d9dda5c63d34244d2c079aefc88886c&expire=1464547095&ClickID=eyJpIjogIjE0NTgzMUJDLUQ5QTItNDkzNS04NzNFLTg2NTkxOEE2N0YxRSJ9&s1=banner6036&fileName=Setup

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1477272435.526&ClickID=eyJpIjogIjk1QzUyMzJDLTEzNjctNEZDNi05MjE1LTgzRjVGRUQ5RjVFMCJ9&s1=banner6054&fileName=Setup

http://www.filesn42.com/.../AUudaKdqfqcQAJkrUjNygcM0Pa8aqCLF7iw2ao4hr8Rpf3IeA8kJhobFw5JeFs 4O5WH1Y1NC3YdPcG1dQkMdZfipAC&fallback_url=172.17.0.1&downloadAs=Setup.exe

http://ttb.gutrosoft.com/download/request/.../eQBQL8o9?__tc=1478653587.613&lpsl=2e2a4231dfaf9ac74951e32b23bd10f7&expire=1478739982&ClickID=V6B-IBVv83GshEmXuBxYDV_40GMlHmnsDq_0YDmShzXwAAAAgw_B02jLEbzijEGWO03Ox2g-VqtZjNBsvJcjQaYsMYu-GMQpwxRsvNbjdYrkaryWY02g1GsykQcjUbLAaLxRYIuZoNFoPFYg2dMFIKGyObNmY-NyPPxvXyNRcjI61p7bSmFstgdrLMCMvKzl-yOpbOuslNqjo4q2K102rUAQAAEPAAEIGUhgAAAABEAAAAACQAAAAAlIDKv0XgAgAAAID5____1wAgfgAAHnhAAAACFSQAgBKsEgDAwPwJAAAAAAAAAIAFAACQEAMwkMaQAQzwguwAAAAAArp_pXoAAT6AACJtZ5ERAAAAYFcfFuAo2YlqUf3__--3AlwBAAKwjD4zIsIAAAABY4l5uR1209NjdJkNL8td43e7DAAAAAAAAABg_j__o4UC5tfTwuoOVupfQACA9S8gAAD73QAA7wE!&PubID=9560-1011&fileName=Setup

http://ttb.newfrifile.com/download/request/.../iG7IkXww?__tc=1469747383.247&ClickID=200051897928&PubID=17310&fileName=Setup

http://ttb.myfiletor.com/download/request/.../O8S4c3rB?__tc=1449320403.31&lpsl=68af892d8ccffc38752520b3bc956aea&expire=1449406958&slp=www.bestileer.com&s1=bannerTR&ClickID=eyJpIjogIjE1QTRBRUI5LTAzNTEtNDY5Qi04NEEzLUU1MkFBMzVBNkM1OSJ9&fileName=Setup

http://ttb.youfileso.com/download/request/.../f8uDZejp?__tc=1463294746.187&lpsl=926fc743f937a55bf8ae914307ebef94&expire=1463380556&PubID=232744&slp=www.thefilekit.com&ClickID=31466706191463294155&fileName=Setup

http://ttb.thesoftwerup.com/download/request/.../JXcs82nq?__tc=1471747586.623&ClickID=eyJpIjogIjg5NDAwQTdELUE5QjMtNEVDRi05NTBCLUU0QUQ4M0Q4MkQ4NSJ9&s1=banner6054&fileName=Setup

http://ttb.4getfiley.com/download/request/.../3eXSuxzs?__tc=1463073779.094&lpsl=b73a231afb6d3cd960f10415285d00fb&expire=1463160162&utm_content=63960-1&utm_term=this video is unavailable&utm_campaign=w6kfRrLh&slp=www.thefilesd.com&utm_source=Advertisedotcom&utm_medium=1463073760768_V2_ajdICVnLc_YzBL1jeyQ08T-PEnJYw-BUcZ92Pm5D2BRZP1Oe2i9uCz6YSQHBJR8mSbdvnq2-pzDEj_Bpfkf53CoSXkoT4Q6K3tsrs9E_0UQ975dAp1uUXA&fileName=FlashPlayer

http://ttb.fivefilebv.com/download/request/.../PSNnQ1xP?__tc=1466075071.85&lpsl=0ba3d4d1e688705af32d9ac9a4937432&expire=1466161455&PubID=340505&slp=www.newfrifile.com&subid=178047242847&uuid=5805d8f7-0f5f-446d-8dfb-171b293c2a48&fileName=Setup

http://ttb.fivefilebv.com/download/request/.../ZR7KBfZ2?__tc=1465565585.673&lpsl=5aa6e310c4abf38fbc6e244f3bb22753&expire=1465651968&PubID=674&slp=www1.updateplugins.com&ClickID=215216616&fileName=Setup

http://ttb.youfilejds.com/download/request/.../0uEGsUPH?__tc=1465183258.871&lpsl=23928981787e035cbed4b14ab0addcc0&expire=1465269644&PubID=ima_pc_epom_5&clickid=-sLUTTJuFjvz1uFceCEW0kcVfgfAtDvk_9PqHQcYJdm0dvDtWefhgiAgECffSf2j7iuWUG47FaZheej3s0JPwDE4U-oq9MMLCgjFSTEUJt64y9Ex6MXnO9BkUW0rs4RaqA7qaa2cgcJ3W55IViR_stxm3ltUysxN-Y5hllHVPMulAFtYz4OiN44XBDn8H9hBxjG_lhU4y80pgSMq0us5_R-BNGxl3jHteyrwM0xlnDWByzE2u0UsNk85xfT_bxN9EYjTPzjhrYOovaQedvtxtoJcnkwK2C05xTyDMjbxN_s.&slp=www.newfileord.com&fileName=Setup

http://ttb.4u7ynbh3y0.com/download/request/.../ABbApjzh?__tc=1420464207.386&lpsl=01fa1ec8c239aa84b1394a3cb377f1aa&expire=1420550537&vurl=6573&dp=-_-NDZiN18xNzNfMzM4NV8zNDI0X0JSXzE4Ny4xMDcuOTAuOTlfYTdkXzU3MTBfQURT-_-ADSYS-dd8c899a-94dd-11e4-a1d1-f66196cd9d05&slp=www.greatprglist.com&fileName=Setup

http://ttb.youfileso.com/download/request/.../ToTSZTIZ?__tc=1463329890.309&lpsl=83620971e7066b2adcb002eb29617881&expire=1463416257&PubID=326708&slp=www.thefilekit.com&ClickID=31244522541463329856&fileName=Setup

Latest 30 of 346 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-55-171.jfk6.r.cloudfront.net  (54.192.55.171:80)

TCP (HTTP):
Connects to server-52-85-83-135.lax1.r.cloudfront.net  (52.85.83.135:80)

TCP (HTTP):
Connects to server-52-85-77-173.lax3.r.cloudfront.net  (52.85.77.173:80)

TCP (HTTP):
Connects to server-52-85-167-254.gig50.r.cloudfront.net  (52.85.167.254:80)

TCP (HTTP):
Connects to server-52-84-7-192.ord54.r.cloudfront.net  (52.84.7.192:80)

TCP (HTTP):
Connects to server-52-84-63-40.ord51.r.cloudfront.net  (52.84.63.40:80)

TCP (HTTP):
Connects to server-52-84-132-219.atl52.r.cloudfront.net  (52.84.132.219:80)

Remove hdqplayersetup.exe - Powered by Reason Core Security