home

RadPlayerSvc.exe

RadPlayer Service

altonav

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application RadPlayerSvc.exe by altonav has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “RadPlayerV1”. This file is typically installed with the program RadPlayer by MyRadioPlayer.
Publisher:
RadPlayer  (signed by altonav)

Product:
RadPlayer Service

Version:
4.0.1

MD5:
639f78f994a41018a0d2437a7c0693ca

SHA-1:
65bdf7a165a76a92355686c32af0f683e8572ca4

SHA-256:
3395a83d48f7a2419f3f08fd366cc9d32a2b598e06224d52f8db7f3b863fe720

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:15:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sendori (M)
16.10.8.8

File size:
115.7 KB (118,504 bytes)

Product version:
4.0.1

Copyright:
© Dynamic Network Services, Inc.

Trademarks:
Dyn (sm)

Original file name:
RadPlayerSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\radplayer\radplayersvc.exe

Digital Signature
Signed by:
altonav

Authority:
VeriSign, Inc.

Valid from:
8/17/2014 5:00:00 PM

Valid to:
8/17/2017 4:59:59 PM

Subject:
CN=altonav, O=altonav, L=San Leandro, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
10E276E0F710E2E93163C74E8E2FD691

File PE Metadata
Compilation timestamp:
1/6/2015 2:56:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:WMKg8xpiz3+g0uy0O7EepKsDbTUyoyC3SIx6stDQ5HQm6WgGrg:WM0xp+3+gDsB0gTdIx6stDQXgGM

Entry address:
0x27A7

Entry point:
E8, 32, 3B, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 04, D3, 40, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 48, D1, 40, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, 30, 41, 00, 89, 0D, 04, 30, 41, 00, 89, 15, 00, 30, 41, 00, 89, 1D, FC, 2F, 41, 00, 89, 35, F8, 2F, 41, 00, 89, 3D...
 
[+]

Entropy:
6.0033

Code size:
47.5 KB (48,640 bytes)

Service
Display name:
RadPlayerV1

Description:
Sets and maintains RadPlayer protection on this computer.

Type:
Win32OwnProcess

Depends on:
WINMGMT


The file RadPlayerSvc.exe has been discovered within the following program.

RadPlayer  by MyRadioPlayer
Publisher's description - “MyRadioPlayer is a free downloadable radio station application that acts as a search engine for all of radio: songs, artists, shows and stations. Search for your favorite artist and listen to their music.”
myradioplayer.net
38% remove it
 
Powered by Should I Remove It?

Remove RadPlayerSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.