home

media-player.exe

Download Manager

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application media-player.exe by Download Manager has been detected as adware by 18 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from software.download-free.com.
Publisher:
Download Manager  (signed and verified)

MD5:
13534e102d7f7186a95b9049335f6bc9

SHA-1:
f46174961206755022ca71cc032ef25de89c56f4

SHA-256:
34fc001da3032eda5d693dfd1c7281f78ae6ab69d7ec91fe8138eb695be7744a

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 7:26:11 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2013.09.18

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.102.236

avast!
Win32:InstallCore-FC [PUP]
2014.9-140717

Baidu Antivirus
Trojan.Win32.InstallCore
4.0.3.14717

Bitdefender
Adware.Generic.405929
1.0.20.990

Bkav FE
W32.HfsAuto
1.3.0.4246

Comodo Security
UnclassifiedMalware
16955

Dr.Web
Adware.InstallCore.45
9.0.1.0198

Emsisoft Anti-Malware
Adware.Generic.405929
8.14.07.17.05

ESET NOD32
Win32/InstallCore (variant)
8.8812

Fortinet FortiGate
Riskware/InstallCore
7/17/2014

F-Secure
Adware.Generic.405929
11.2014-17-07_5

G Data
Adware.Generic.405929
14.7.22

MicroWorld eScan
Adware.Generic.405929
15.0.0.594

Reason Heuristics
PUP.DownloadManager.M
14.8.7.23

Trend Micro House Call
TROJ_GEN.R47H1AJ
7.2.198

Vba32 AntiVirus
BScope.Malware-Cryptor.MTA.01650
3.12.24.2

VIPRE Antivirus
Trojan.Win32.Generic
21566

File size:
1015.2 KB (1,039,576 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Download Manager

Authority:
The USERTRUST Network

Valid from:
5/26/2011 5:00:00 PM

Valid to:
5/26/2012 4:59:59 PM

Subject:
CN=Download Manager, O=Download Manager, STREET=26 York Street, L=London, S=Westminster, PostalCode=W1U 6PZ, C=GB

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
7A29EA7E77DAC7B65FC20ECCCB2D8A3C

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:NxngSq0fYOdCfLtkVPHAfePCUzp3G6Om3NjxF:8Sq0AOdCfLyeqbzp3J3B

Entry address:
0xC1910

Entry point:
55, 8B, EC, 83, C4, F0, B8, 68, 19, 41, 00, E8, 5A, DF, FF, FF, 00, 50, E8, D6, F7, FF, FF, A1, DC, 65, 47, 00, 85, C0, 75, E9, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 1D, 1C, 40, 00, 80, 3D, 49, 60, 47, 00, 00, 74, 0A, 68, C4, 65, 47, 00, E8, D5, F7, FF, FF, 68, C4, 65, 47, 00, E8, D3, F7, FF, FF, C3, E9, 2D, 20, 00, 00, EB, DB, 5B, 5D, C3, 53, 3B, 05, 10, 66, 47, 00, 75, 09, 8B, 50, 04, 89, 15, 10, 66, 47, 00, 8B, 50, 04, 8B, 48, 08, 81, F9, 00, 10, 00, 00, 7F, 38, 3B, C2, 75, 17, 85, C9, 79, 03, 83, C1, 03...
 
[+]

Entropy:
6.9333

Developed / compiled with:
Microsoft Visual C++

Code size:
788 KB (806,912 bytes)

The file media-player.exe has been seen being distributed by the following URL.

http://software.download-free.com/.../Media-Player.exe

Remove media-player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.