kmplayer-setup.exe

Recode

The application kmplayer-setup.exe by Recode has been detected as adware by 19 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising
Publisher:
Marvelous Lively Software Installer  (signed by Recode)

Product:
Marvelous Lively Software Installer

Version:
15.7.8.7188

MD5:
31a8ffd4931839313e00cbd57d39343b

SHA-1:
7888e858176b118c1ee8ed1f505b087c482b549b

SHA-256:
c21deabe893aea56c79a65ecd4f271ade713bf76dbb1399258624adbd4e6cf5b

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
11/5/2024 2:31:35 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

Arcabit
Trojan.Generic.D2B4891
1.0.0.590

AVG
Generic
2016.0.2910

Bitdefender
Trojan.GenericKD.2836625
1.0.20.1670

Dr.Web
Trojan.Vittalia.802
9.0.1.0334

Emsisoft Anti-Malware
Trojan.GenericKD.2836625
8.15.11.30.10

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
9.12532

Fortinet FortiGate
Riskware/DownloadAdmin
11/30/2015

F-Secure
Trojan.GenericKD.2836625
11.2015-30-11_2

G Data
Trojan.GenericKD.2836625
15.11.25

K7 AntiVirus
Adware
13.212.17783

McAfee
Artemis!31A8FFD49318
5600.6566

Microsoft Security Essentials
SoftwareBundler:Win32/Dowadmin
1.1.12205.0

MicroWorld eScan
Trojan.GenericKD.2836625
16.0.0.1002

nProtect
Trojan.GenericKD.2836625
15.11.06.01

Reason Heuristics
PUP.DownloadAdmin.Recode.Installer (M)
15.11.30.10

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151128

Sophos
Generic PUA HI (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45084

File size:
763.6 KB (781,936 bytes)

Product version:
15.7.8.7188

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\kmplayer-setup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
10/14/2015 4:47:38 AM

Valid to:
10/14/2016 4:47:38 AM

Subject:
CN=Recode, O=Recode, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
35D367DFBD312E49

File PE Metadata
Compilation timestamp:
11/19/2014 3:37:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9lgL4WW4lH2Qebe7jVk31TIYx3DA6TtS3X7WNB/KIdWdNy2Ahb0I5FXy95eOCNbD:GsUHxebe7MFAL3XyBCAWdNyLhrbOCBSO

Entry address:
0x1F27E0

Entry point:
60, BE, 00, 70, 53, 00, 8D, BE, 00, A0, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9226

Packer / compiler:
UPX 2.90LZMA

Code size:
752 KB (770,048 bytes)

Remove kmplayer-setup.exe - Powered by Reason Core Security