» Player.exe
Overview
Analysis
File Details

Player.exe

Player Application

System Q Ltd

The executable Player.exe, “Player Microsoft Application” has been detected as malware by 7 anti-virus scanners.

File name:

Player.exe

Publisher:

System Q Ltd (signed and verified)

Product:

Player Application

Description:

Player Microsoft Application

Version:

4.8.0.0

MD5:

85673ff2edc44001a6aa4c4009f4ecab

SHA-1:

2bf77befd84dc48795197d937ac51f42f4cdd824

SHA-256:

d98ca73ecf8065f009b68a8119489fae29f01af0264d2d8a3f6f3a2a90f24254

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

2/27/2025 6:07:13 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.CDB

1.3.0.4246

Dr.Web

Trojan.DownLoad3.21455

9.0.1.029

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.2.0.127

McAfee

Artemis!85673FF2EDC4

5600.6506

Norman

Obfuscated_NA

11.20160129

Trend Micro House Call

TROJ_GEN.RFFH1D8

7.2.29

Vba32 AntiVirus

Trojan.Agent

3.12.24.2

File size:

713.7 KB (730,800 bytes)

Product version:

4.8.0.0

Original file name:

Player.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cctvwindow\player.exe

Digital Signature

Signed by:

System Q Ltd

Authority:

GlobalSign nv-sa

Valid from:

3/2/2010 3:56:47 PM

Valid to:

3/2/2013 3:56:44 PM

Subject:

E=software@systemq.com, CN=System Q Ltd, OU=Software, O=System Q Ltd, L=Chesterfield, S=Derbyshire, C=GB

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001271FC17FF3

File PE Metadata

Compilation timestamp:

11/8/2010 6:10:01 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:I35h7mECjfAW+flQfl15q5+XkxJpDYBj8lfs5PJqO46DN4osmXJMmpqIB4:GHqECjfA1tQf0AuXYBcs5JqOtCnmXWGk

Entry address:

0x194000

Entry point:

9C, 60, E8, 02, 00, 00, 00, 33, C0, 8B, C4, 83, C0, 04, 93, 8B, E3, 8B, 5B, FC, 81, EB, 07, 20, 40, 00, 87, DD, 01, AD, BB, 2F, 40, 00, 01, AD, E5, 30, 40, 00, 01, AD, 5E, 30, 40, 00, 01, AD, 92, 31, 40, 00, 01, AD, 42, 31, 40, 00, 01, AD, F7, 31, 40, 00, 01, AD, 66, 32, 40, 00, 01, AD, 2F, 32, 40, 00, 01, AD, FD, 34, 40, 00, 01, AD, 52, 35, 40, 00, E8, DF, 0B, 00, 00, E8, 74, 0E, 00, 00, 85, C0, 74, 15, FF, B5, B2, 21, 40, 00, E8, E5, 14, 00, 00, 89, 85, 01, 38, 40, 00, 85, C0, 75, 0E, 8D, 85, 3B, 23, 40... 
[+]

Entropy:

7.3830

Packer / compiler:

PEBundle v2.0b5 - v2.3

Code size:

56 KB (57,344 bytes)

Remove Player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.