» mediaplayerlite-0540.exe
Overview
Analysis
File Details
Downloads (13)

mediaplayerlite-0540.exe

Golef

ConnectorPrompt (Alpha Criteria Ltd.)

The application mediaplayerlite-0540.exe, “Golef Setup ” by ConnectorPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.packagerepositorypackage.com and multiple other hosts.

File name:

Publisher:

ConnectorPrompt (Alpha Criteria Ltd.) (signed and verified)

Product:

Golef

Description:

Golef Setup

MD5:

d40143b2f0729d3172b834f7bd2ae59e

SHA-1:

b8b8a612adfcc155769056225eb064737a75255b

SHA-256:

360f8a276b4ad79e69a782e8ebeae81f44f11f5406f23eda24814eb45b9f76a7

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/5/2024 9:44:01 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.9.5.15

File size:

946.3 KB (968,992 bytes)

Product version:

3.1.9

Program Web

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\mediaplayerlite-0540.exe

Digital Signature

Signed by:

ConnectorPrompt (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/16/2015 7:14:48 PM

Valid to:

9/2/2016 6:24:46 PM

Subject:

CN=ConnectorPrompt (Alpha Criteria Ltd.), O=ConnectorPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217E0EDD2E1DDD472DD3F530839DDFB6DF

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:diGtw6r+nQQCSDHBphyg8CC+RYOV+Q/bxQhPXaRUy7tmq3qFWyTgcRl7q3C8pJt6:diMwe+n5wrX+RlV+SRUWbsWpml7uW1

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file mediaplayerlite-0540.exe has been seen being distributed by the following 13 URLs.

http://www.packagerepositorypackage.com/c?x=6uWaLF4Hq7SA480sbd4GELUQWl3qIxOwvfB1orDHYXc=&e=0&c=Zi M2 wPMTMe0 drHPyAShJ9ISQYcBVRr/9XGGnb5X26ewoS5VwqhI4Ik84hfIcvfaVpmdjyv51fEflkB3rvVuik0MXVZApqIHGpIdoZOpvYglg OW7Wb4ormW2SjOMcfRcoM7XD9k/wDv2Uc gdNK1T7gwf2epYAfKfbHbyqlQ=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=G G5a6GHE29cM3rUpqwZP8yXBFwadceAskklaMdrwCE=&e=0&c=ArjkgRSzjP/mfvooa1I C0JKfigL8VI40am0 uSfS4LKidBH497G/84RgcDDO P8EiPrirPXvS7bUziO48lJWj 4H00qMgD8RqGNJzlctmA3syPyy1E93WGxECUYb8jC1E4TMhphtReMWwWB1BKDb6J0btYN5A91f0ndrs/d4k0=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=LGs3CxyTuHj5EM4S7Cw4295XV5 2gcPnxV87slsLxlI=&e=0&c=09gzJhkySJrp3i3swkFfBTlf3Hv9qMO1V7WkCx73YW1hGhTRgIW IqZmv5 29xNKq2jM/v8cfdRcMHV1w7gyQNtpEiUEvwOMYbtye/EsmKgHi6b03625A/2DEbbrwf6qNWCzGOFHtz0g igqPOnV7prZK1Jka96//xuknorCTeo=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=xZYgfnBSyn5JfWzk5sUiyAMfluwCpNaR8fALs D m3g=&e=0&c=cjbjZYnXOAB MAV a9n7XtECckmaNJmjX4b8C N2eQpHf9MDvrZNB/yh9NAW0ioazkh1v4uRqyCBGi/hai47j hQnYFL1nCe6nW4 BJ6wAxW/VdmnUM1D6 luvTj9ZA05CrcCoT8xGt9LpL4MJLpjnhGd9At5al1jLuRJlgWwjE=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=UQcPzE0mF3aHsXMrwaeHb9SKqzct lJNj46S0BkaoIU=&e=0&c=qD2CevIGm5T1cX4fXwFB8JAhK/K7GLKONIlNRjLkiHDH25q129LiWk0DY FcVPFvESfrGaBJt8PTqOQ5AHPt19LUOf890sh0PAZH5f56nnjMn13JCEGfQL834HavHGU/JNfYTgb4yKKiP9jC/z0d8w9xsGZjluOl6fOVJ0YYBXA=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=YX2wR3OucVqq9pRwlVNVBwrp8vAswEH7jCmyR4e0t9k=&e=0&c=cKoFnStuqyJnwrpKTJu31 gw m1N5tU/CpCeWFA3Jaujkvr8AB7t9R1XvpRm4 4mBsa PfGY87pVJIvYabKDZU4AlUCL655PVLWLllq1f9KknxzZWZCME4aIwxPgWRMYK3 ajCpV5n8OFuuzTa2KZ0llto31HF01o6J6u/IDtuE=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=ShAH480LfYgjkvsiL3K2MEK8Vzj8jO2X4xeG D9rOkw=&e=0&c=YgJAy07W7HOCgXrQl1jNRliMVaU32P2OE iyEFJHGW2fJHhkXzoAimF6YcbQk0GGhDq8NT6FKdlIFxpOnLjMgPjv3gZLSgylGGnJwd 7L33TZG8PxKBWe5SNoEM7UVPB/OAQM4OOVItCdxdg6cjqrYezKueMe68Jo6reQ7txFrU=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=enpQfZDk2eIoP6O/GrAWYm9kJBGOS/DwCrs1FQQntNM=&e=0&c=C1d5PIexjkP7GBRlkaLNSotFSceGz/ISTmXwlJjUzv5ZluPV8VrK3V9pkR7o5iEZ1JFSgEogMfb3eObPUSZi6nt5KSqBXSDShnwgX3UrtEc98e5mt 7ZzRUhdGeEMv5ULqg46h4KVPKuy6cUY/Q9F rmNhrDfVfjWMaRASyZvfA=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=NHQaqBxAwj5V8dx17557QDejH jt4qjC Bp9RMif7uo=&e=0&c=VNSqkxtJXYqXK3ovwEnx/SJUuvi340NQmaPzqycCfqMmOqctYulMZiBelbxSFM8ozYJo3PjXnnc82v hJl3NQLHX5LKzRWMCV4BFS3NEPWzRTmBPuPRgEIE6or3O/f8sWlI0up5b1PJPm9h0XCdGctoz0W2nRuuYQY AbbTPidE=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=kD8pwJfArl8cpR1QpV0AKOJsIafetfbXgyhbBgg2Hm0=&e=0&c=lyJrF/ZuURRtPIV4 mgvwIvW5TIy8pmb0jY/5Ur1gzInd2NhvjnC3HUbosQj2bd2441a0gfwLu0nf0fuzZMwJg7737QSEpg8sA2sEcshT04XXXbp8AHPp6aI4KkbUS52fvKcZDAMOdEZvgGt0lDi1k7Loigi0/UtJ3Wwxl02Ggo=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=RyMFam061B3MFMGT9QtXz VBLmiYTLheNZUofd3HSq0=&e=0&c=d4aVp5PNGxwWwaVzR6tacwCZBYcMBxLC0bl 9QF1ZWwyVXTtQsfK7AHEyERspLmMb6/bi4Ne54IlEySsiYl8IFlOrn0nvgDmP6bvK 5ZMu2C75/RM/Lf3Rn04HnbIpiAWDhypJV0gbL1h5aR1FY1RJIuRgBQ0RXy o4OoI4g3xw=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=ZbQqaRakoMXC79ntc70LYfY4WWHTTTwTXDRVpUZYsZM=&e=0&c=sbsnaLBrFr BFa8lV8M81ZNeIgRkuPUjcAKQLiD0gUWhoi4t4ADB1wlCqltBxn5aLwvTbdh/ ZAJof/ROkAytL0mjZNN0bRuSyR8 HzjgUWsMPj64JC2ac32GdQrw8GcZRsackvsWIEQS/w1JJBukAR2D4R41r1emG2pP9K8duw=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

http://www.packagerepositorypackage.com/c?x=0Jc8hmijODn0Si2jeB34Vux3H3KM4WtlpE0DFUh2F2A=&e=0&c=hNplyyDqXb2fDkAqvKGz35 XE36wWN96gsYGtnN fZd7ewfFbKp7JvhbNtnNbXT46TlM1QBPOVWCksVk/dvVzg8ni2 c4D4QxnleXPiw8PDvMbQmORYhfOf94/KOGkjebqrBTOOAdBSpzOZn//ENql3xSqIC6X/OwjcOBj0zCM8=&downloadAs=MediaPlayerLite-0540.exe&fallback_url=http://.../setup-mediaplayerlite-0.5.4.0-silent.exe

Remove mediaplayerlite-0540.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.