home

homefront-the-revolution-trainer-9-v678462-mrantifun.exe

Windows Media Player Folder Sharing Executable

Strong Media

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable homefront-the-revolution-trainer-9-v678462-mrantifun.exe, “Windows Media Player Folder Sharing Executable” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by Strong Media)

Product:
Microsoft® Windows® Operating System

Description:
Windows Media Player Folder Sharing Executable

Version:
11.0.5721.5262 (WMP_11.090130-1421)

MD5:
7ed76d08e547156e0a38e1858d15872f

SHA-1:
e1c26363896f9d4dc3abf60c1dcdf460667b3581

SHA-256:
93ca01a5afa3a14a966d72ec79355c88f297af3e99f5552b219687bc59bda302

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/6/2024 7:42:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.29.12

File size:
936.5 KB (958,952 bytes)

Product version:
11.0.5721.5262

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wmpshare.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\homefront-the-revolution-trainer-9-v678462-mrantifun.exe

Digital Signature
Signed by:
Strong Media

Authority:
COMODO CA Limited

Valid from:
6/14/2016 2:00:00 AM

Valid to:
6/15/2017 1:59:59 AM

Subject:
CN=Strong Media, O=Strong Media, STREET="Sokolniki Square, 4 A", L=Moscow, S=Moscow, PostalCode=107113, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE80B6BBB2E40F5F7B3C2F4B76F141D9

File PE Metadata
Compilation timestamp:
7/15/2016 2:09:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, 40, 04, 00, 00, 8B, 45, F8, 03, 45, F8, 89, 45, F0, 8B, 4D, F4, 2B, 4D, F0, 89, 4D, F0, 8B, 55, DC, 0F, AF, 55, E0, 89, 55, F4, 8B, 45, E4, C1, E0, 04, 89, 45, F4, 8B, 55, F4, 8B, 4D, F4, D3, E2, 89, 55, E4, 68, 4C, 80, 4D, 00, FF, 15, 20, C0, 4B, 00, 68, 58, 80, 4D, 00, FF, 15, 1C, C0, 4B, 00, 8B, 45, EC, 69, C0, 6F, 6D, 3E, 12, 89, 45, F8, 8B, 4D, F0, 51, 8B, 55, F0, 52, FF, 15, 0C, C0, 4B, 00, 68, 70, 80, 4D, 00, FF, 15, 20, C0, 4B, 00, 68, 93, 15, 00, 00, A1, 34, 43, 4E, 00, 50, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
744.5 KB (762,368 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.