» kmplayer_en_3.1.0.0_r2.exe
Overview
Analysis
File Details
Programs (1)
Downloads (5)

kmplayer_en_3.1.0.0_r2.exe

KMP Media co., Ltd

The application kmplayer_en_3.1.0.0_r2.exe by KMP Media co. has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program The KMPlayer (remove only) by Pandora.TV. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software.oldversion.com and multiple other hosts.

File name:

Publisher:

KMP Media co., Ltd (signed and verified)

MD5:

92e7307484facb0709489ba66753fbf3

SHA-1:

ac744002ccc72cbbcd73eee89d55acbefca37760

SHA-256:

bfa07d57f80c5ca3e43781c059f143c9f074ddc657398c999ac21326b8182704

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/1/2024 4:30:04 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

8.9545

Fortinet FortiGate

W32/OpenCandy

3/28/2014

Malwarebytes

PUP.Optional.OpenCandy

v2014.03.28.03

File size:

21.4 MB (22,447,368 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\kmplayer 3.1.0.0 final.mazika2day.com.by.mooooka\kmplayer_en_3.1.0.0_r2.exe

Digital Signature

Signed by:

KMP Media co., Ltd

Authority:

Thawte, Inc.

Valid from:

9/16/2011 2:00:00 AM

Valid to:

9/16/2012 1:59:59 AM

Subject:

CN="KMP Media co., Ltd", O="KMP Media co., Ltd", L="Gangnam-gu ", S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2F339DC7AF9B9CF34A626D51A53BE2DC

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:CZlAGRe5PJdBYHt2EYrX95IrBmIarYKXbVRlNfWOGg7oliSk+KT6DXZoa:CZl167BYH5YrXDIWYKXbVXNeOcvPK2D1

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9998

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file kmplayer_en_3.1.0.0_r2.exe has been discovered within the following program.

The KMPlayer (remove only) by Pandora.TV

Publisher's description - “KMPlayer is all in one media player, covering various formats such as VCD, DVD, AVI, MKV, Ogg Theora, OGM, 3GP, MPEG-1/2/4, WMV, RealMedia, QuickTime.”

www.kmplayer.com

55% remove it

The file kmplayer_en_3.1.0.0_r2.exe has been seen being distributed by the following 5 URLs.

http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTQ4MjE0MzE3OTtzOjI6ImlkIjtpOjM3Mjg7czo0OiJmaWxlIjtzOjM3OiIzLjEuMC4wX1IyX0tNUGxheWVyX0VOXzMuMS4wLjBfUjIuZXhlIjtzOjM6InVybCI7czo1MzoiaHR0cDovL3d3dy5vbGR2ZXJzaW9uLmNvbS93aW5kb3dzL2ttcGxheWVyLTMtMS0wLTAtcjIiO3M6NDoicGFzcyI7czozMjoiNGM2ZjZhZjcwNmQwNzIzODNmOWViMmViNmE5ZDk1ZmMiO30=

temp:KMPlayer_EN_3.1.0.0_R2.exe

http://download.softpedia.ro/dl/f75f133e6db7138f992a0283548c369d/4f0ae2d5/100026726/software/MULTIMEDIA/.../KMPlayer_EN_3.1.0.0_R2.exe

http://cdn.kmplayer.com/KMP/.../KMPlayer_EN_3.1.0.0_R2.exe

http://thekmplayer.ru/kmp.exe

Remove kmplayer_en_3.1.0.0_r2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.