mediaplayer__6147_i594460719_il52.exe

The application mediaplayer__6147_i594460719_il52.exe has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from nym1.ib.adnxs.com and multiple other hosts.
Version:
1.1.7.40

MD5:
4fecaf6d404d05f20bb7f56144974bab

SHA-1:
14d5243cf51600cae9d1d6d43c756b71a95bae37

SHA-256:
56e5e0deff356b842b7d625cee25329dcc733bfc5d5baa4c075c7f1f392ce99b

Scanner detections:
26 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:49:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11265505
918

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
14.07.13

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.146.82

avast!
Win32:Amonetize-AX [PUP]
2014.9-140713

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14713

Bitdefender
Trojan.Generic.11265505
1.0.20.1065

Dr.Web
Adware.Downware.3081
9.0.1.0194

Emsisoft Anti-Malware
Trojan.Generic.11265505
8.14.08.01.01

ESET NOD32
Win32/Amonetize.AO (variant)
8.9739

Fortinet FortiGate
Riskware/Amonetize
8/1/2014

F-Secure
Trojan.Generic.11265505
11.2014-01-08_6

G Data
Trojan.Generic.11265505
14.8.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12041

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.3475

Malwarebytes
PUP.Optional.Amonetize.A
v2014.07.13.10

McAfee
Artemis!15582E759EEA
5600.7052

MicroWorld eScan
Trojan.Generic.11265505
15.0.0.639

nProtect
Trojan.Generic.11265505
14.05.11.01

Qihoo 360 Security
Win32/Virus.Adware.932
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.1.1

Sophos
Amonetize
4.98

SUPERAntiSpyware
Adware.Amonetize/Variant
10449

Trend Micro House Call
TROJ_GEN.R011H05E414
7.2.213

VIPRE Antivirus
Trojan.Win32.Generic
29100

File size:
343.5 KB (351,744 bytes)

Product version:
1.1.7.40

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mediaplayer__6147_i594460719_il52.exe

File PE Metadata
Compilation timestamp:
4/24/2014 12:02:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:yrNqZS/mvkRf2clQnCoMVBfB17ZKYLeecaI5D+KHWmBaE/S2P/qLfO2WXUH:yrNqZS/qkRflQn9MVBZ17YFumAwS2h2l

Entry address:
0x29D31

Entry point:
E8, 97, 9F, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Code size:
245 KB (250,880 bytes)

The file mediaplayer__6147_i594460719_il52.exe has been seen being distributed by the following 6 URLs.

http://nym1.ib.adnxs.com/click?kBXyDUZmdT-otLeuDbFwP0Jg5dAi2-k_qLS3rg2xcD-PFfINRmZ1PxJL4qh8uiFALHn46bMDLCmhtFxTAAAAAGk7JwCtCQAAdgIAAAIAAADDjssASeAFAAAAAQBVU0QAVVNEACwB-gCinAAAg7UAAgUAAQIAAI4ARiemcwAAAAA./cnd=!QAY3OwjNoM0BEMOdrgYYycAXIAA./referrer=http://.../st?ad_type=iframe&ad_size=300x250&section=5644275/clickenc=http://.../clk?3,eJyljctugzAQRb-GHUF-YESEurDr0FdM1ZakdTeVCS8HKClYicLX122j5AN6dBfnjkYzEEdhgTJSzpWPMQYqCyLoE4UQnAcqc0EURRD5hAAchNB9aUt17YlyXdHkQQJGf1iIJKdn7n5zwi4wdl.K7akPb7PbP-Psq.fpP4j583h5eaC04iF92sm6b1bsvMVXU4LWjeB5vXxNmvcbaUQat-IItZgkWKaLQ7KlQHZx95hSLC73r1y3NmbnYOqg2GaPvE5.6tEUg1Yt8TZ9Z6eboVBG7wuraAYAgjjAiFgDAGoHs1FPhYM5tGpU9aFzW1CAyTe6cml8,http://www.winmediaplayer.com/direct-download.html?version=1.1.7.40&ci=6147&capp=MediaPlayer&ti1=nym1CKzy4c--9oCWKRACGJKWicfKz-6QQCIPMTc5LjIxNi4yMDYuMTkxKAEwoenymgU.&ti2=PMZ&ti3=

http://.../click?O5STNGAEiT-Bdcldi0OEP9nO91PjpeM_gXXJXYtDhD86lJM0YASJP62unjgq5pUThZB2qXJpahP9W1lTAAAAAKERJgACBgAAdgIAAAIAAADOjssAivgDAAAAAQBVU0QAVVNEANgCWgCCRwAA6rAAAgUAAQIAAI4AACf5VwAAAAA./cnd=!NQYWOwjNoM0BEM6drgYYivEPIAA./referrer=http://.../if?enc=AAAAAAAAAAAAAAAAAAAAAOkmMQisHMo_AAAAAAAAAAAAAAAAAAAAAKu1zH1awNl4hZB2qXJpahPrW1lTAAAAAJ9BIQCeAwAAngMAAAIAAAD9r7UAqqUEAAAAAQAAAAAAVVNEANgCWgCqMwAAAAAAAgIAAQIAAIwANhd5JQAAAAA.&vpid=51&apid=203835&referrer=http://cdn.sharedaddomain.com/ancbanner_general_728x90_264.htm?cat=51,107&clientId=c8e74950-97ba-4ff5-873e-0aac69478634&l=http%3A%2F%2Fwww.concursos.com.br%2Fconcursos%2F%3Fgclid%3DCMX-yY_k-b0CFTMA7AodoXkAbA&r=http%3A%2F%2Fwww.google.com.br%2Faclk%3Fsa%3Dl%26ai%3DCKk330ltZU9mzLdCKsAeFw4CACejz8KwDsKjY56wB4Lbz0_IBCAAQAigDUOKR4gZgzbjpgKQDoAH0hov7A8gBAakC4gEyjdgunj6qBCVP0MnNs0_oTir42HKh1iXVpkcAWoEIG-_sen2j8zbifp_c7Nu0gAf0-PQEkAcC%26sig%3DAOD64_08P6nrRPByqZsM7

http://www.holddownload.com/download.php?version=1.1.7.40&direct=1&prefix=MediaPlayer&campid=6147&ti1=nym1CLf4laeEuqmAaRACGMWmssGv9_bWaiIOMTkxLjE4My4xNC4xNjgoATDljuyaBQ..&ti2=PMZ&ti3=2540232&capp=MediaPlayer

http://.../click?AAAAAAAAAAAAAAAAAAAAAA4tsp3vp-o_jJl3dp1EYT_vfxXUxJVlP-qB3wVlgTYNYUnFHRkiyk8qLVlTAAAAAOQaJgCvBwAAdgIAAAIAAADDjssA7_YFAAAAAQBVU0QAVVNEACwB-gBZgwAAGKkAAgUAAQIAAI4AGx8O3wAAAAA./cnd=!kwapPAjNoM0BEMOdrgYY7-0XIAA./referrer=http://.../if?enc=fBSuR-F6lD-QU3Qkl_-QP0oMAiuHFuk_kFN0JJf_kD97FK5H4XqUP6lCUXTgcihyYUnFHRkiyk8pLVlTAAAAAGHVGwBfAAAArwcAAAIAAABSF90APZwEAAAAAQBVU0QAVVNEACwB-gCSeQAAJ9YAAgUAAQIAAI4AFyNLMwAAAAA.&cnd=!9yYfgwjFyt4BENKu9AYYACC9uBIwADgAQABIrw9Q4apvWABg8QZoAHAIeJQTgAEOiAGUE5ABAZgBAaABAagBA7ABALkBexSuR-F6lD_BAXsUrkfhepQ_yQG9oNEo3YPnP9kBAAAAAAAA8D_gAQD1AQrXIz0.&ccd=!wAbcQAjFyt4BENKu9AYYvbgSIAA.&udj=uf('a', 308072, 1398353193);uf('c', 3646789, 1398353193);uf('r', 14489426, 1398353193);&vpid=14&apid=201415&referrer=http://ads.depositfiles.org/upload/1404/ad18051655274200.htm&ct=0&dlo=1/clickenc=http://.../click?fBSuR-F6lD-QU3Qkl_-QP0oMAiuHFuk_kFN0JJf_kD97FK5H4XqUP6lCUXTgc

Remove mediaplayer__6147_i594460719_il52.exe - Powered by Reason Core Security