kmplayer_patch_cie_codex.exe

Pandora TV Co., Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with multiple programs including KMPlayer (remove only) and The KMPlayer (remove only). The file has been seen being downloaded from go.microsoft.com and multiple other hosts.
Publisher:
Pandora TV Co., Ltd.  (signed and verified)

MD5:
a0018c3d810ce5ecdd37563d7031a550

SHA-1:
06f1997760b05ffc277caccc9f5e954fe4b84d28

SHA-256:
edd167d042944aa37c39f211569b1c1d6ea331115c523378881573956ee56e96

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/27/2024 5:49:59 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
riskware program Program.Kmplayer.1
9.0.1.05190

File size:
108.2 KB (110,800 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\kmplayer_patch_cie_codex.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
4/29/2016 4:00:00 AM

Valid to:
5/30/2019 3:59:59 AM

Subject:
CN="Pandora TV Co., Ltd.", OU=IT Team, O="Pandora TV Co., Ltd.", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
39880BE01FE37120AD98698509663F92

File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:mweqOYEUXPndhXVUs9MKfJ++HkgSt2hdFzF:jEUXlf9HxHM2hdFZ

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
6.9655

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file kmplayer_patch_cie_codex.exe has been discovered within the following programs.

KMPlayer (remove only)  by Pandora.TV
www.kmplayer.com
About 7% of users remove it
Publisher's description - “KMPlayer is all in one media player, covering various formats such as VCD, DVD, AVI, MKV, Ogg Theora, OGM, 3GP, MPEG-1/2/4, WMV, RealMedia, QuickTime.”
55% remove it
 
Powered by Should I Remove It?

The file kmplayer_patch_cie_codex.exe has been seen being distributed by the following 16 URLs.

http://go.microsoft.com/.../?LinkID=306276

http://www.bing.com/search?q=google&src=IE-SearchBox&FORM=IESR02&pc=EUPP_

http://113.171.224.215/.../KMPlayer_Patch_CIE_Codex.exe

http://go.microsoft.com/.../?LinkID=211974

http://113.171.224.242/.../KMPlayer_Patch_CIE_Codex.exe

http://113.171.224.207/.../KMPlayer_Patch_CIE_Codex.exe

http://www.bing.com/search?q=www.google.com&form=PRLNC1&src=IE11TR&pc=LCTE

http://google.com.br/

C:\Users\admin\Downloads\KMPlayer_Patch_CIE_Codex.exe

http://10.130.24.197:6610/cdn.kmplayer.com/KMP/Download/release/.../KMPlayer_Patch_CIE_Codex.exe

http://113.171.224.170/.../KMPlayer_Patch_CIE_Codex.exe

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LB4TVEEM\KMPlayer_Patch_CIE_Codex.exe

http://113.171.224.214/.../KMPlayer_Patch_CIE_Codex.exe

http://113.171.224.244/.../KMPlayer_Patch_CIE_Codex.exe

Scan kmplayer_patch_cie_codex.exe - Powered by Reason Core Security