playerinstaller_1.0.0.exe

ExpressPlayer Installer

http://express-player.com

The executable playerinstaller_1.0.0.exe, “Expess Player Installer” has been detected as malware by 11 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from express-player.com.
Publisher:
http://express-player.com

Product:
ExpressPlayer Installer

Description:
Expess Player Installer

Version:
1, 0, 471, 1

MD5:
bec6e87231e887e5c978fae5522911f6

SHA-1:
0f2aaf20c27fbeffa6aa5673a8f50ad4774e3989

SHA-256:
7d5df910e168430871aab7b6065e751b21eb6c2efd97816096b6bb3d6bf25714

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 2:35:04 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!49E67B6F5487
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.1159.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
3 MB (3,190,784 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://express-player.com (C) 2014

Original file name:
ExpressPlayer.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\playerinstaller_1.0.0.exe

File PE Metadata
Compilation timestamp:
12/29/2014 9:51:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:mxES3n/bMDzR3jDFwDthBdyI8UN4/OLYDLAMvMqAMZdyhEYjHHhY8P+:54/QDrktl8UN4VAMCf9rh5+

Entry address:
0x4F6000

Entry point:
60, 89, D8, 69, D0, CE, 25, 10, 9C, 8B, D8, 0F, AF, FD, FF, C2, 20, F6, 0F, AF, FB, F2, BD, 00, 00, 00, 00, 87, FF, 8D, 1D, A3, A5, 3F, 39, 33, EA, 81, FE, 52, 50, 00, 00, 78, 04, 8A, EF, 8A, DF, F6, C2, E0, 03, F9, 8D, 45, 00, F3, 81, D6, 26, 67, 62, A9, 81, FB, 6A, F2, 00, 00, 73, 01, F2, 8B, CA, 2B, C3, FF, C6, 8D, 35, 60, 2E, B2, 44, 18, C8, B6, D8, E8, 4B, 00, 00, 00, 2B, DB, FE, C6, 81, FD, 1B, 78, 00, 00, 73, 0A, FE, C6, B0, 61, 8D, 3D, 65, A6, 1E, F7, F6, C6, F0, 81, C3, 8D, A1, 08, 00, 23, D5, B6...
 
[+]

Entropy:
7.9085  (probably packed)

Code size:
790.5 KB (809,472 bytes)

The file playerinstaller_1.0.0.exe has been seen being distributed by the following URL.

Remove playerinstaller_1.0.0.exe - Powered by Reason Core Security