mediaplayer12.2-setup.exe

File

TrUsTeD DownLoad tyy

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application mediaplayer12.2-setup.exe by TrUsTeD DownLoad tyy has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.position0102.info.
Publisher:
TrUsTeD DownLoad tyy  (signed and verified)

Product:
File

Version:
1.9.3.0

MD5:
cf94a984258c3912fdbb8175fd81be0d

SHA-1:
a72311c2ce2c9c29d508a5cafc656014adb6e18c

SHA-256:
9a33fd0878c5e7e0112d2a51b31db05ea0daea20661b1f29a164eb7f58225bc3

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 12:49:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.BE
5570222

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.28

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

AVG
Potentially harmful program Downloader.GHX
2014.0.4311

Bitdefender
Application.Bundler.Outbrowse.BE
1.0.20.740

Dr.Web
Trojan.OutBrowse.630
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BE
10.0.0.5366

ESET NOD32
Win32/OutBrowse.CB potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
5/28/2015

F-Secure
Riskware.Application.Bundler.Outbrowse
5.14.151

G Data
Application.Bundler.Outbrowse.BE
15.5.25

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.9.2.0

K7 AntiVirus
Unwanted-Program
13.204.16053

McAfee
Adware-OutBrowse.g
5600.6752

MicroWorld eScan
Application.Bundler.Outbrowse.BE
16.0.0.444

NANO AntiVirus
Trojan.Win32.OutBrowse.drthpz
0.30.24.1636

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.28.5

SUPERAntiSpyware
Adware.OutBrowse/Variant
9848

Trend Micro House Call
Suspici.A885EC74
7.2.148

VIPRE Antivirus
Threat.4150696
40552

File size:
1.1 MB (1,124,560 bytes)

Product version:
1.9.3.0

Copyright:
File

Original file name:
Ionic.Zip-2015May15-012754-23cf9659-18de-472d-b61e-97dca15221a9.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mediaplayer12.2-setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
5/11/2015 1:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=TrUsTeD DownLoad tyy, O=TrUsTeD DownLoad tyy, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2AE0E4D565BDF7075B74C0D41A6276D3

File PE Metadata
Compilation timestamp:
5/15/2015 2:27:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:nbSaE4mvt/m2r3LIJjbLRDfAq3ndfEdCGKi:nbSv4mvsb9bLBAq3npODKi

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5623

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

The file mediaplayer12.2-setup.exe has been seen being distributed by the following URL.

Remove mediaplayer12.2-setup.exe - Powered by Reason Core Security