home

kmplayer-setup.exe

Download Verified

The application kmplayer-setup.exe by Download Verified has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dl3.vessoft.com and multiple other hosts. While running, it connects to the Internet address 8c.3f.1632.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Download Verified  (signed and verified)

MD5:
c76408e153ed15f598d39fd7f2162b95

SHA-1:
0e26b99285d0d6018ccefb7b847044fcc68ba179

SHA-256:
2b409bc9dad993077afa6ce8d79174a9e8776423d0ae1047e6b1382baae2efb8

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/26/2024 11:57:06 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Vittalia.69
9.0.1.0147

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.27.10

VIPRE Antivirus
DownloadAdmin
40596

File size:
655.5 KB (671,264 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\kmplayer-setup.exe

Digital Signature
Signed by:
Download Verified

Authority:
VeriSign, Inc.

Valid from:
2/5/2015 1:00:00 AM

Valid to:
2/6/2016 12:59:59 AM

Subject:
CN=Download Verified, O=Download Verified, L=san francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
374F6915B9875363C2CF0BCF19A679AF

File PE Metadata
Compilation timestamp:
5/11/2015 8:14:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:AE1osDN+hvzJWkaXyErEvhqfCkDUVaa0GFX5y8sVo94VVD9FgI:11osEvzAkaXyE4vkZDb1sJyTu4V3

Entry address:
0x1BB4

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, E8, DC, 51, 00, 00, 53, E8, 50, FD, FF, FF, 59, FF, 15, 50, 77, 40, 00, 68, 01, 80, 00, 00, FF, 15, 70, 70, 40, 00, 53, FF, 15, 4C, 77, 40, 00, 6A, 08, A3, 98, 2C, 42, 00, E8, B9, 09, 00, 00, 53, 68, 60, 01, 00, 00, A3, 00, 3D, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 73, 74, 40, 00, FF, 15, 9C, 71, 40, 00, 68, 68, 74, 40, 00, 68, 00, 35, 42, 00, E8, AB, 08, 00, 00, FF, 15, 6C, 70, 40, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file kmplayer-setup.exe has been seen being distributed by the following 2 URLs.

http://dl3.vessoft.com/files2/k/kmplayer_windows/4.0.0.1/.../kmplayer-setup.exe

http://mirror.fastmirror3.com/binstallers/BM2/kmplayer/exe/391136/.../kmplayer-setup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 8c.3f.1632.ip4.static.sl-reverse.com  (50.22.63.140:80)

Remove kmplayer-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.