media.player.codec.pack.v4.4.0.setup.exe

Cole Williams Software Limited

The application media.player.codec.pack.v4.4.0.setup.exe by Cole Williams Software Limited has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.wmpcodecpack.com and multiple other hosts. While running, it connects to the Internet address 14.d7.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Media Player - Codec Pack  (signed by Cole Williams Software Limited)

Product:
Media Player - Codec Pack

Version:
4.4.0.1007

MD5:
01cd133ce8678cf1069f1c5b8fbf9abb

SHA-1:
83f41af6df9055c9c0f9ac9e4569f94c0712ec56

SHA-256:
5c0049bb7b1110707487c34123161a313ec1aebfb1f0ef85228653d88b275d43

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 4:25:27 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Fortinet FortiGate
Adware/Agent
10/11/2015

K7 AntiVirus
Riskware
13.210.17494

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1293

Rising Antivirus
PE:Malware.RDM.37!5.2B[F1]
23.00.65.151009

VIPRE Antivirus
Spigot
44438

File size:
40.2 MB (42,185,512 bytes)

Copyright:
© 2015 Cole Williams

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\media.player.codec.pack.v4.4.0.setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/6/2014 7:00:00 PM

Valid to:
10/6/2017 6:59:59 PM

Subject:
CN=Cole Williams Software Limited, O=Cole Williams Software Limited, STREET=36 HIGH STREET, L=CLEETHORPES, S=North East Lincolnshire, PostalCode=DN35 8JN, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7B34F7BF986A7A767AD50C2534671750

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:MGjUapwPlPKOalbZobdAAkiLeBGOD2MvdsTq4vnuFSMFryOpJ6imWbHcWb4G5+4:MG4aWPKOapIFgRDdsO4vuFzryWdxb4Gp

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9997

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file media.player.codec.pack.v4.4.0.setup.exe has been seen being distributed by the following 31 URLs.

http://www.wmpcodecpack.com/?download=codecpack

http://download.softpedia.com/dl/1e8d6199702941cb6e435bc3dc86f3b5/56916b82/100095465/software/multimedia/.../media.player.codec.pack.v4.4.0.setup.exe

http://download.mediaplayercodecpack.com/files/.../media.player.codec.pack.v4.4.0.setup.exe

http://ultradownloads.com.br/.../2,1175125.html

http://download.softpedia.com/dl/8f9cba0a2ad6dac9dc7d5f1be0c92328/565f3fdd/100095465/software/multimedia/.../media.player.codec.pack.v4.4.0.setup.exe

temp:media.player.codec.pack.v4.4.0.setup.exe

&onid=13632&oid=3001-13632_4-10749065&rsid=cbsidownloadcomsite&sl=es&sc=us&topicguid=video/players&topicbrcrm=&pid=14478332&mfgid=6300577&merid=6300577&ctype=dm&cval=NONE&devicetype=desktop&pguid=51a759c4fa5321f08bf44bf7&viewguid=Yhf9XsBl4DSzknZIt-3IrtajpJ@6V1efDTkz&destUrl=http://software-files-a.cnet.com/s/software/14/47/83/.../media.player.codec.pack.v4.4.0.setup.exe

Latest 30 of 31 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 14.d7.24ae.ip4.static.sl-reverse.com  (174.36.215.20:80)

Remove media.player.codec.pack.v4.4.0.setup.exe - Powered by Reason Core Security