kmplayer_en_3.1.0.0_r2.exe

KMP Media co., Ltd

The application kmplayer_en_3.1.0.0_r2.exe by KMP Media co. has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program The KMPlayer (remove only) by Pandora.TV. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software.oldversion.com and multiple other hosts.
Publisher:
KMP Media co., Ltd  (signed and verified)

MD5:
92e7307484facb0709489ba66753fbf3

SHA-1:
ac744002ccc72cbbcd73eee89d55acbefca37760

SHA-256:
bfa07d57f80c5ca3e43781c059f143c9f074ddc657398c999ac21326b8182704

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 2:00:44 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
8.9545

Fortinet FortiGate
W32/OpenCandy
3/28/2014

Malwarebytes
PUP.Optional.OpenCandy
v2014.03.28.03

File size:
21.4 MB (22,447,368 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmplayer 3.1.0.0 final.mazika2day.com.by.mooooka\kmplayer_en_3.1.0.0_r2.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/16/2011 2:00:00 AM

Valid to:
9/16/2012 1:59:59 AM

Subject:
CN="KMP Media co., Ltd", O="KMP Media co., Ltd", L="Gangnam-gu ", S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2F339DC7AF9B9CF34A626D51A53BE2DC

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:CZlAGRe5PJdBYHt2EYrX95IrBmIarYKXbVRlNfWOGg7oliSk+KT6DXZoa:CZl167BYH5YrXDIWYKXbVXNeOcvPK2D1

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9998

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file kmplayer_en_3.1.0.0_r2.exe has been discovered within the following program.

Publisher's description - “KMPlayer is all in one media player, covering various formats such as VCD, DVD, AVI, MKV, Ogg Theora, OGM, 3GP, MPEG-1/2/4, WMV, RealMedia, QuickTime.”
www.kmplayer.com
55% remove it
 
Powered by Should I Remove It?

The file kmplayer_en_3.1.0.0_r2.exe has been seen being distributed by the following 5 URLs.

http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTQ4MjE0MzE3OTtzOjI6ImlkIjtpOjM3Mjg7czo0OiJmaWxlIjtzOjM3OiIzLjEuMC4wX1IyX0tNUGxheWVyX0VOXzMuMS4wLjBfUjIuZXhlIjtzOjM6InVybCI7czo1MzoiaHR0cDovL3d3dy5vbGR2ZXJzaW9uLmNvbS93aW5kb3dzL2ttcGxheWVyLTMtMS0wLTAtcjIiO3M6NDoicGFzcyI7czozMjoiNGM2ZjZhZjcwNmQwNzIzODNmOWViMmViNmE5ZDk1ZmMiO30=

temp:KMPlayer_EN_3.1.0.0_R2.exe

Remove kmplayer_en_3.1.0.0_r2.exe - Powered by Reason Core Security