home

mediaplayersetup.exe

Famodofena

Safe Installer Company

The application mediaplayersetup.exe, “Famodofena Setup ” by Safe Installer Company has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalcentralheart.com.
Publisher:
Safe Installer Company  (signed and verified)

Product:
Famodofena

Description:
Famodofena Setup

MD5:
9ca771fd925a429392ff2f38e710c80f

SHA-1:
c055c665032d9899a3072ee35636702acbd6fb53

SHA-256:
ddea1d40b0193cd43886debe491f0f314f364e72407f16e4cc430d542f0d3508

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 10:00:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.6

File size:
953.5 KB (976,408 bytes)

Product version:
4.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mediaplayersetup.exe

Digital Signature
Signed by:
Safe Installer Company

Authority:
GoDaddy.com, Inc.

Valid from:
5/3/2016 4:12:38 AM

Valid to:
3/22/2017 3:38:38 AM

Subject:
CN=Safe Installer Company, O=Safe Installer Company, L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
6C5CD790DC645C41

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9365

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file mediaplayersetup.exe has been seen being distributed by the following URL.

http://www.capitalcentralheart.com/zR4vncOrMvgVY7DeqUztXqNuMaK96dBLeEoeT7nLwmV1TdkkGVhWArI2NwH8w2wVlJMCOSqONtdwdZFEjU6jW_Q8z091M1 JMzchW4gJ19HmjVeu5mc5Zj eSvdTXMcAexJpbHk6lHRDwMJcAx2E7ltc2AIThvys_J1 a2x9EnW1bB1_hAx8l9Mtl2wvAmxUIZGzzm7mt6rM5JHi_jrLf0jkQcofxqhYRm0zw8U4o9HQ3WVZVFnfZ7bYVH1YZXytKYwDRHpR4x_uu pE_9w6u66lk2t3A03eWHBc2hIpTzrKrlWaSx7kY7iRkTRrhsXnF8LD7Vi1nzkVgAkFn_XniHzaTkBP_jS7RPgTILv4iPU_swz2KSZQvTNo9edLxEmt7WV2nY3SST6KG2akAFqTLgoigkYKPFReuYEJmkhIcwdkaK4hyUtJ_VP_9bONbvGER3aP yJObzt7c_PYGas1zCKGLZ3ZKK1hQQ00gKiUEzL116k02Lp0HeA5TBvresqwGTzi5wgcqF_kkdC66 y3iGRsmDcFEZ1FErIeG Pkt2e14DOUviNTig8fkfkiFH93Ir kaODkFCun9QmtAULzgUvkYZyujCEjLN2fE opVeSbgGFAClceTdzXC8wMn9eT0JCYpVUOEfInz7idXs8cGNfl7R QKJSDC6XL2QtbkUecvHZc1NscIqmTZ4AuFwiEXEgHH8c2yqPkQoEs jnmwTZHRlgUZ4KegtPy_KYd 9lsQXhpDXFqePTaWnN7PnNM_9rCEfBcOjSMF_GacXNoA6k9d5RSmSfB_ctOntwXz_PlCY730oytyescIwyR4y_SSqgizoDnFuGGjiUui7XeNi_HiaNeYg==-GzYAAOSbnp_ndDz6JRQlKfYMNuDAoZ9owAFo2Bg7XwuaeY2r1pCJaPMHj9hgyQaXf5j83sDPAQ==

Remove mediaplayersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.