home

NexGenMediaPlayerApp.exe

NexGenMediaPlayerApp

Jenkat Media, Inc

The application NexGenMediaPlayerApp.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 11 anti-malware scanners.
Publisher:
Jenkat Media, Inc  (signed and verified)

Product:
NexGenMediaPlayerApp

Version:
1.0.0.5

MD5:
907ea476859cf3479a183219dd0fc401

SHA-1:
c892572229f979438d5f60d81bdfaac92802b6d8

SHA-256:
b08f73d10b5ad605903ee491405c782b9532377464d3c411ed47edcf43550da1

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:42:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.HiddenRoutine
7.1.1

AVG
Skodna.Generic
2014.0.3627

Comodo Security
ApplicUnwnt
17154

ESET NOD32
MSIL/Adware.StrongVault (variant)
7.8963

Fortinet FortiGate
Adware/MSIL_HiddenRoutine
11/20/2013

McAfee
Artemis!907EA476859C
5600.7265

Microsoft Security Essentials
Adware:MSIL/Strongvault
1.163.1557.3

Quick Heal
AdWare.Hotbar (Not a Virus)
11.13.12.00

Reason Heuristics
PUP.JenkatMedia.U
14.3.1.1

Sophos
Generic PUA MI
4.94

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.24.3

File size:
433.8 KB (444,200 bytes)

Product version:
1.0.0.5

Original file name:
NexGenMediaPlayerApp.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\nexgenmediaplayer\nexgenmediaplayerapp.exe

Digital Signature
Signed by:
Jenkat Media, Inc

Authority:
VeriSign, Inc.

Valid from:
3/11/2013 5:00:00 PM

Valid to:
3/12/2014 4:59:59 PM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47743B817765EA78BDF014A9A76FBFB2

File PE Metadata
Compilation timestamp:
4/24/2013 9:35:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:kpSQ5dyWl60nXL8dTU3ieNvhBd9rDasqGVkl9NX2HjL8dTU3w:Mdyq60ncU3ieJbdpVS9NX2HAU3w

Entry address:
0x6630E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9955

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
401 KB (410,624 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-244-249-173.us-west-2.compute.amazonaws.com  (54.244.249.173:80)

TCP (HTTP):
Connects to ec2-54-244-235-164.us-west-2.compute.amazonaws.com  (54.244.235.164:80)

Remove NexGenMediaPlayerApp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.