home

Player.exe

Player Application

This is a setup program which is used to install the application. The file has been seen being downloaded from doc-04-8c-docs.googleusercontent.com and multiple other hosts.
Product:
Player Application

Description:
Player Microsoft Application

Version:
4.8.0.0

MD5:
6267bec91890a2a78b8596a3de426eee

SHA-1:
77660ed88453f45723db6d1cb8d8dd9b5c29a83d

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/15/2024 12:34:48 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4959

K7 AntiVirus
Trojan
13.183.13113

File size:
464 KB (475,136 bytes)

Product version:
4.8.0.0

Original file name:
Player.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
3/13/2013 7:29:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:vp2vEBh4CgZOQxmPvu3VYfypjMK4CZcP2So/Zo:vp2vEBheZOwmPvu5jMBt+x

Entry address:
0x14A000

Entry point:
9C, 60, E8, 02, 00, 00, 00, 33, C0, 8B, C4, 83, C0, 04, 93, 8B, E3, 8B, 5B, FC, 81, EB, 07, 20, 40, 00, 87, DD, 01, AD, BB, 2F, 40, 00, 01, AD, E5, 30, 40, 00, 01, AD, 5E, 30, 40, 00, 01, AD, 92, 31, 40, 00, 01, AD, 42, 31, 40, 00, 01, AD, F7, 31, 40, 00, 01, AD, 66, 32, 40, 00, 01, AD, 2F, 32, 40, 00, 01, AD, FD, 34, 40, 00, 01, AD, 52, 35, 40, 00, E8, DF, 0B, 00, 00, E8, 74, 0E, 00, 00, 85, C0, 74, 15, FF, B5, B2, 21, 40, 00, E8, E5, 14, 00, 00, 89, 85, 01, 38, 40, 00, 85, C0, 75, 0E, 8D, 85, 3B, 23, 40...
 
[+]

Entropy:
7.7865

Packer / compiler:
PEBundle v2.0b5 - v2.3

Code size:
88 KB (90,112 bytes)

The file Player.exe has been seen being distributed by the following 3 URLs.

https://doc-04-8c-docs.googleusercontent.com/docs/securesc/2h6ua60g1snheteaspcose7bupmhe45p/slsec81e7tqckda5diicqpkgvjjl7ohl/1451973600000/16589053654983954388/.../0B5d_x2Dr7DEhc2FJOV9XZmExdzg?e=download&h=05042244598812755422&nonce=jej6l7cn7gdok&user=08655385246913374536&hash=lf6vqhogka3eqn0h71g37cio4qgfjc07

https://web.mail.comcast.net/service/home/.../?auth=co&loc=en_US&id=678146&part=4

http://jflalarmes.tecnologia.ws/.../jfl-download-softwares-drivers-software-player-dvr-48-mini.exe

Scan Player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.