mediaplayervideos_1.2_updating_service.exe

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
MD5:
0615e91d08f456044aa7893fcacfed73

SHA-1:
7c087371a5210f68c5d17fd90e841f869c6e089f

SHA-256:
c7dbc1505c1a507012dae72eb69b659bb907f4dd7f2e17c316b999a1d78572df

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/22/2024 9:55:42 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.CrossRider.CX potentially unwanted (variant)
9.12113

Trend Micro House Call
PAK_Generic.005
7.2.237

Trend Micro
PAK_Generic.005
10.465.25

VIPRE Antivirus
Crossrider
42998

File size:
99 KB (101,376 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mediaplayervideos 1.2\mediaplayervideos_1.2_updating_service.exe

File PE Metadata
Compilation timestamp:
8/18/2015 4:46:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:I8ObhiVfLYNiHMLmfDQvyjE9dhiMhiFoTx0eSmy9:nOqYNiH6mrHI1Mm

Entry address:
0x3B5A0

Entry point:
60, BE, 00, 40, 42, 00, 8D, BE, 00, D0, FD, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.8420

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
96 KB (98,304 bytes)

Scheduled Task
Task name:
mediaplayervideos_1.2_updating_service

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-62.ip.secureserver.net  (50.63.202.62:80)

TCP (HTTP):
Connects to hdc86-35-3-192.romtelecom.net  (86.35.3.192:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to ec2-54-225-154-132.compute-1.amazonaws.com  (54.225.154.132:80)

TCP (HTTP):
Connects to ec2-107-20-143-123.compute-1.amazonaws.com  (107.20.143.123:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-107-20-234-107.compute-1.amazonaws.com  (107.20.234.107:80)

TCP (HTTP):
Connects to ec2-54-243-171-118.compute-1.amazonaws.com  (54.243.171.118:80)

TCP (HTTP):
Connects to ec2-107-22-213-25.compute-1.amazonaws.com  (107.22.213.25:80)

TCP (HTTP):
Connects to ec2-54-235-102-46.compute-1.amazonaws.com  (54.235.102.46:80)

TCP (HTTP):
Connects to hdc86-35-3-193.romtelecom.net  (86.35.3.193:80)

TCP (HTTP):
Connects to ec2-54-243-91-79.compute-1.amazonaws.com  (54.243.91.79:80)

TCP (HTTP):
Connects to ec2-23-21-45-51.compute-1.amazonaws.com  (23.21.45.51:80)

TCP (HTTP):
Connects to ec2-174-129-6-130.compute-1.amazonaws.com  (174.129.6.130:80)

TCP (HTTP):
Connects to ec2-54-243-119-53.compute-1.amazonaws.com  (54.243.119.53:80)

TCP (HTTP):
Connects to ec2-54-235-218-133.compute-1.amazonaws.com  (54.235.218.133:80)

TCP (HTTP):
Connects to ec2-54-225-148-67.compute-1.amazonaws.com  (54.225.148.67:80)

TCP (HTTP):
Connects to ec2-54-225-133-127.compute-1.amazonaws.com  (54.225.133.127:80)

TCP (HTTP):
Connects to ec2-54-225-112-16.compute-1.amazonaws.com  (54.225.112.16:80)

TCP (HTTP):
Connects to ec2-54-221-207-153.compute-1.amazonaws.com  (54.221.207.153:80)

Scan mediaplayervideos_1.2_updating_service.exe - Powered by Reason Core Security