home

kmplayer-setup.exe

Files Info

The application kmplayer-setup.exe by Files Info has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from mirror.downloadnet1048.com. While running, it connects to the Internet address net-inst-ash.opera.com on port 80 using the HTTP protocol.
Publisher:
KMP Setup  (signed by Files Info)

Product:
KMP Setup

Version:
47.0.9.2069

MD5:
9fd12ebff59e805e75d93719aa946151

SHA-1:
21130cec0f3d56aa17f9577763f7bd64b20fa2f0

SHA-256:
e096230c02882a65f02fe055f0a7bffadf418893806f03658c876c356f39fa89

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/27/2024 5:17:18 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DownloadAdmin
2015.08.01

Avira AntiVirus
PUA/DownloadAdmin.Gen7
8.3.1.6

Bkav FE
HW32.Packed
1.3.0.6979

Dr.Web
Adware.DownloadAdmin.12
9.0.1.0237

ESET NOD32
Win32/DownloadAdmin.M potentially unwanted (variant)
9.12026

herdProtect (fuzzy)
variant of kmp_3.9.1.138.exe
2015.8.25.20

K7 AntiVirus
Adware
13.207.16754

McAfee
DownloadAdmin
5600.6662

NANO AntiVirus
Trojan.Win32.Vittalia.dunmel
0.30.24.2668

Reason Heuristics
Threat.Win.Reputation.IMP
15.7.24.14

Rising Antivirus
PE:Malware.DownloadAdmin!6.26F9
23.00.65.15722

File size:
838.7 KB (858,840 bytes)

Product version:
47.0.9.2069

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\kmplayer-setup.exe

Digital Signature
Signed by:
Files Info

Authority:
VeriSign, Inc.

Valid from:
7/6/2015 1:00:00 AM

Valid to:
7/6/2016 12:59:59 AM

Subject:
CN=Files Info, O=Files Info, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26EF78F082E8C0088E7BD3C5B15581F6

File PE Metadata
Compilation timestamp:
8/7/2014 9:05:41 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:iZMLKmtvPyHu7xtwhUKqkCYviUbo5cN+2QHC5I:EiKmHyOltWNpCdU0wQT

Entry address:
0xC822

Entry point:
E8, 3C, 05, 00, 00, E9, 57, FD, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, 4B, 41, 00, 89, 0D, A4, 4B, 41, 00, 89, 15, A0, 4B, 41, 00, 89, 1D, 9C, 4B, 41, 00, 89, 35, 98, 4B, 41, 00, 89, 3D, 94, 4B, 41, 00, 66, 8C, 15, C0, 4B, 41, 00, 66, 8C, 0D, B4, 4B, 41, 00, 66, 8C, 1D, 90, 4B, 41, 00, 66, 8C, 05, 8C...
 
[+]

Entropy:
7.9530  (probably packed)

Code size:
51.5 KB (52,736 bytes)

The file kmplayer-setup.exe has been seen being distributed by the following URL.

http://mirror.downloadnet1048.com/binstallers/BM2/kmplayer/exe/391138/.../kmplayer-setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to net-inst-ash.opera.com  (37.228.108.239:80)

TCP (HTTP SSL):
Connects to 8c.3f.1632.ip4.static.sl-reverse.com  (50.22.63.140:443)

Remove kmplayer-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.