» mixvideoplayersetup.exe
Overview
Analysis
File Details
Downloads (1)

mixvideoplayersetup.exe

The application mixvideoplayersetup.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from staticrr.getmixvideo.com.

File name:

MD5:

c6c57f7c87e8fa691c55266d5128d183

SHA-1:

4fa99dbb609d457366f9202909cc9ba9a195ff95

SHA-256:

77c02af02be47284f115d8241b7c7a9d6865af5aad61905f6fb3e8e4bb929851

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

1/13/2025 8:24:40 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160126-1

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.22

9.0.1.05190

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Program.Artemis!9D9147395142

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5996.0

Norman

Win32.Sality.3

08.02.2016 04:24:12

Sophos

Virus 'Mal/Sality-D'

5.23

File size:

3.6 MB (3,803,224 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mixvideoplayersetup.exe

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:58 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:NR/4OddPcUABDha4eIBxrsfyUdgFCroToomiN8NxAX:2U8agHrkuCrotEG

Entry address:

0x325E

Entry point:

85, D9, FE, CB, 89, C3, 85, CD, 85, CA, F2, B5, 24, B4, 47, 8B, C0, 1C, 63, B7, 91, 0F, B6, FA, 0F, B6, EA, 8D, 2D, E6, 9A, 66, FA, 01, C1, E8, 16, 00, 00, 00, 8B, FD, 0F, BE, CC, 05, 7E, 4A, 95, 81, 8B, F8, 69, C0, 93, 8F, 84, 8B, 8B, F6, 86, C3, 81, DD, 63, 39, 59, 52, 0F, BE, D5, 71, 02, 02, D3, 3A, C8, 69, C0, DC, 23, 47, AA, 85, EF, 68, 63, A0, 00, 00, F7, C7, B5, 5F, F3, 86, 5D, 0F, B7, C2, 81, C5, 97, 0D, 00, 00, 69, C8, D3, 18, FD, 35, 87, F2, 46, 33, DD, 0F, AF, CF, FF, C6, 0F, AF, FF, 5A, 89, E8... 
[+]

Code size:

23.5 KB (24,064 bytes)

The file mixvideoplayersetup.exe has been seen being distributed by the following URL.

http://staticrr.getmixvideo.com/sdb/.../MixVideoPlayerSetup.exe

Remove mixvideoplayersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.