movie_player10.5_setup.exe

The application movie_player10.5_setup.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
MD5:
58cdd4e7214cc31ac93ed65449022fbb

SHA-1:
b0dc816f25e89dcd393c489cbbd148d6870e667c

SHA-256:
20b06903b072b52f71b6094288898f5eed3e59a379ecf8ab27f591ce619fa551

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/29/2024 8:19:36 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.01.27

AVG
MalSign.OutBrowse
2015.0.3581

Baidu Antivirus
Trojan.Win32.OutBrowse
4.0.3.14127

Bkav FE
W32.Clod5a5.Trojan
1.3.0.4613

Comodo Security
Application.Win32.OutBrowse.~B
17556

Dr.Web
Adware.Downware.1664
9.0.1.027

ESET NOD32
Win32/OutBrowse (variant)
8.9252

Fortinet FortiGate
Riskware/NSIS_OutBrowse
1/27/2014

K7 AntiVirus
Unwanted-Program
13.175.10735

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.4400

Malwarebytes
PUP.Optional.Smart
v2014.01.27.11

McAfee
Artemis!3084E250299E
5600.7237

NANO AntiVirus
Trojan.Win32.OutBrowse.crkqqe
0.28.0.57029

Panda Antivirus
Suspicious file
14.01.27.11

Reason Heuristics
Unnamed.Threat.14
14.2.27.1

Sophos
Generic PUA MB
4.96

Trend Micro House Call
TROJ_GEN.F47V1125
7.2.27

Trend Micro
TROJ_GEN.R0CBC0OKH13
10.465.15

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
25108

ViRobot
Trojan.Win32.Agent.87672
2011.4.7.4223

XVirus List
Win.Detected
2.3.31

File size:
601.4 KB (615,804 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\programs\movie_player10.5_setup.exe

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ny5cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJlK:norNKPbDVmH0uf+HSkHl+RsnNFSgcD6a

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9774

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Scheduled Task
Task name:
{52A10D0F-62E3-4578-AB71-E8F481399F56}

Trigger:
Registration (Runs on registration)


The file movie_player10.5_setup.exe has been seen being distributed by the following 6 URLs.

http://k007.kiwi6.com/.../skhxk9pz3w

Remove movie_player10.5_setup.exe - Powered by Reason Core Security