home

kmplayer-setup-5552607.exe

Garden Variety Media

The application kmplayer-setup-5552607.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from mirror.downloadnet253.com.
Publisher:
Garden Variety Media

Product:
Garden Variety Media

Version:
54.7.1.6637

MD5:
de211f779cd1f2fa3b3abed7835b319f

SHA-1:
6204135c50bcaabc89ba156e594595ac03893a06

SHA-256:
4a4c1aed09ed4b06715870928d5e3ebe4dba0cf911bd325fa14bc7a0f0e1ba73

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/3/2024 4:59:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
5813571

avast!
Win32:SaliCode
160118-1

AVG
Win32/Sality
2015.0.4489

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
not-a-virus:Downloader.Win32.DownloAdmin
15.0.0.562

McAfee
Trojan.Artemis!7BEED11B5DE0
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5004.0

Norman
Win32.Sality.3
18.01.2016 17:20:53

Sophos
Virus 'Mal/Sality-D'
5.23

VIPRE Antivirus
Threat.4721115
46444

File size:
956.2 KB (979,104 bytes)

Product version:
54.7.1.6637

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\kmplayer-setup-5552607.exe

File PE Metadata
Compilation timestamp:
12/2/2014 6:40:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:1H5QiLdmbBf502+ht3naZbSautQJNHHQ+ZuTbaSJj98:15QYmbBh0Lb3+mauCQ+ZuT2SJa

Entry address:
0x4AD6

Entry point:
89, D0, 69, FD, 85, CF, 16, 93, 69, D8, 85, E9, 2A, 15, 3B, F9, 88, E3, 0F, B7, D8, 84, EA, 1D, 32, 9F, 66, 34, C7, C5, 62, 86, 6E, 62, FE, CF, 0F, AF, C2, 89, F2, 80, E4, 73, 0F, BF, F8, E8, 3C, 00, 00, 00, 83, E3, 00, C6, C1, 25, F6, C2, 4F, 86, E4, 4A, 4F, 8A, C4, 19, ED, 86, D0, 81, C3, 59, F6, FF, FF, 89, DF, 4D, 81, C3, A8, 09, 00, 00, 0F, AF, FD, 85, CB, 72, 02, 85, D8, 1D, 90, 6C, 1F, 32, 81, FB, 96, 05, 00, 00, 0F, 82, C7, FF, FF, FF, 8B, F9, 4F, BB, 21, E4, F9, EA, 84, CD, 40, F7, C3, 54, 44, CC...
 
[+]

Entropy:
7.9688  (probably packed)

Code size:
56.5 KB (57,856 bytes)

The file kmplayer-setup-5552607.exe has been seen being distributed by the following URL.

http://mirror.downloadnet253.com/binstallers/BM2/kmplayer/exe/4031/.../kmplayer-setup-5552607.exe

Remove kmplayer-setup-5552607.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.