mediaplayerpro.exe

Fite

Perets Smart, TOV

The application mediaplayerpro.exe, “Fite Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bestdownloadshost.com.
Publisher:
Perets Smart, TOV  (signed and verified)

Product:
Fite

Description:
Fite Setup

Version:
4.3.3.8

MD5:
b123498f4f848b54890acd21fe545810

SHA-1:
7028ec6b48e742d986ca2a638ea964a0b2eb61c9

SHA-256:
5639fdf2916512d16cb62722e532090406411db09594af192d0967e2dca53b5f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 8:35:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.5

File size:
950.7 KB (973,544 bytes)

Product version:
4.5.5

Copyright:
Program Wizard

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mediaplayerpro.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/25/2016 5:00:00 PM

Valid to:
5/26/2017 4:59:59 PM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9125

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file mediaplayerpro.exe has been seen being distributed by the following URL.

http://www.bestdownloadshost.com/ahOFKHeZL06r9EBHfpCDLVUV_zc4D7aQSG6_ocBka0tJxLZnnG9HGzMru5TxB6MWOQfUjDkWCEzmX7lZDeVvhGI3GpbTwjJ52F1qK3tybdGcTa_zs5c4wYOA4tW Om h9qZ3DkYdpXVNpbqKgZCQ0BHFYGJSNmGw6wsBFSFdVQu3j9R4NgOkAotY2sp_k AXIkXiJgGB1FzuK5qfBgo0UWcQWPLEamcn669QBx7pXlq7WdU1JzPBSiHS7Vnay3fZoEdj1O3vBU4W5Sxtz9mH ScmYAH3o9VtES 5ZUjy5elq6ZdLjWGWgTmrp8S5z8iz4Grrr 6Uf_U8zpn_gjroC0yn_rccTcC 9Ij3npkQXRhenqsfaunpaXGoJCCMeBG_M6H_4j7sCnzPAgpaRg812dLx1i0 TAOFWL6Ul2fAWRxv6lLdUyQ_GnYjvRRzEngO _Bme_ErCo3JsyAihuIOFmQZsqp8rAHkBcDk6t3ChtCNxG0rK9HwUEwADcZ0B8crRZpZRYBdf_9w4bPS7bxyLjC0kGTasgSOmuqqPSXxfdJmiYO8RnGjnnwnpH1zSEg0DfCiQtJr0P9e3Hak7dNGAWYoAyisHfNKX6qHOcDmrtTtbpxlZZ3BKvAnjt1huuI_2 CyBKW1dWRETt2z0QbjGr3cEcFnMvnZ6MifQ1bbzXtjSjl6amzLLx4spnWJNearACp5_RL3da0HYsrNJcL9o8NRA8xpL JbFC4pUWsCW1aQoY8hHvp3U_mmc_XA6LrNNNn7oR3SvladB6F3nJWAz_vocr m4H4TzN7uqHXDSv0OBg7t41sqDUznC6yV5Jbo2ng6Y5BwNBFiNZxx BFvqvoym EV6JE3rTicnT4WJWppA1BcnK4=-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove mediaplayerpro.exe - Powered by Reason Core Security