home

NewPlayer.exe

NewPlayer

The application NewPlayer.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Product:
NewPlayer

Version:
2.1.1.6

MD5:
0486af1bc98641740e77aba9ebb11801

SHA-1:
ab7b8317edb5613fb1548fe5534a98d81140d0fa

SHA-256:
b9275f8fb25068b10a7f5f62708763992c6ad009fae887297dfdb6188b6e21ec

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 12:37:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewPlayer.J
14.4.15.0

File size:
2.7 MB (2,783,232 bytes)

Product version:
2.1.1.6

Copyright:
Copyright © 2013

Original file name:
NewPlayer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\newplayer\newplayer.exe

File PE Metadata
Compilation timestamp:
4/14/2014 5:29:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:IwLgUUWA3MminLjQe8tSnLHzJeszOAfGxyZwhh98ezXUUW:IwLgdWA16jQH8FeszOAfGxyZwhDzzfW

Entry address:
0x2A0FAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 78, 00, 00, 80, 18, 00, 00, 00, 90, 00...
 
[+]

Entropy:
5.4953

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.6 MB (2,748,416 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mad01s09-in-f2.1e100.net  (173.194.34.226:80)

TCP (HTTP):
Connects to ec2-54-201-62-44.us-west-2.compute.amazonaws.com  (54.201.62.44:80)

Remove NewPlayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.