playerstubwrapper1.exe

The application playerstubwrapper1.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.file7desktop.com.
Version:
1.0

MD5:
75f80936fc185ff77aac85282fc08880

SHA-1:
e8cf2a7d8bd024c3c79276717a56b0b9436396cf

SHA-256:
6d9d781d4e0eb25137bc47287a29a39415c95696572a1e58820f9c4483bd23ee

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 1:44:01 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.15

Avira AntiVirus
TR/Rogue.58765
3.6.1.96

Dr.Web
Trojan.DownLoader12.233
9.0.1.0105

Fortinet FortiGate
W32/Downloader_x.MK!tr
4/15/2015

Malwarebytes
Trojan.Dropper.NS
v2015.04.15.08

McAfee
RDN/Generic Downloader.x!mk
5600.6794

Norman
Suspicious_Gen4.HOUHE
11.20150415

Trend Micro House Call
HV_DOWNLOADER_BK084262.TOMC
7.2.5

Trend Micro
TROJ_GEN.R04AC0PAL15
10.465.15

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36386

ViRobot
Adware.Agent.58765[h]
2014.3.20.0

File size:
57.4 KB (58,765 bytes)

Copyright:
©

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:1pgpHzb9dZVX9fHMvG0D3XJI4Romu/THakqIzjbanyx:ngXdZt9P6D3XJI45Ga5Kj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
6.7528

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file playerstubwrapper1.exe has been seen being distributed by the following URL.

Remove playerstubwrapper1.exe - Powered by Reason Core Security