home

rustbycff- installer.exe

Windows Media Player Folder Sharing Executable

Strong Media

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable rustbycff- installer.exe, “Windows Media Player Folder Sharing Executable” has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from rufile.net.
Publisher:
Microsoft Corporation  (signed by Strong Media)

Product:
Microsoft® Windows® Operating System

Description:
Windows Media Player Folder Sharing Executable

Version:
11.0.5721.5262 (WMP_11.090130-1421)

MD5:
7e67f17f09ed2f0ec961ee5fb7ab9e0a

SHA-1:
2b2382d189f9428af542e6b145e975524a91dad0

SHA-256:
13b9f1af68ba00ff49c3daccf1a12709033f9b65580983aa4bd094b29ffc0d90

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/6/2024 1:47:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.25.23

File size:
916 KB (937,960 bytes)

Product version:
11.0.5721.5262

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wmpshare.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rustbycff- installer.exe

Digital Signature
Signed by:
Strong Media

Authority:
COMODO CA Limited

Valid from:
6/14/2016 3:00:00 AM

Valid to:
6/15/2017 2:59:59 AM

Subject:
CN=Strong Media, O=Strong Media, STREET="Sokolniki Square, 4 A", L=Moscow, S=Moscow, PostalCode=107113, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE80B6BBB2E40F5F7B3C2F4B76F141D9

File PE Metadata
Compilation timestamp:
7/14/2016 11:13:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:RDLd8EwaMpRqGM/Qfy6sGCxd1GQRE6pbKATRE8GY:RDWaYRc/J1uQDpbHTRE8GY

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, 20, 04, 00, 00, 8B, 45, EC, 2B, 45, F0, 89, 45, F8, 8B, 4D, F4, 0F, AF, 4D, F0, 89, 4D, F0, FF, 15, F4, 63, 4B, 00, 8B, 55, F8, 2B, 55, F0, 89, 55, F4, FF, 15, F4, 63, 4B, 00, 68, 4C, 30, 4D, 00, FF, 15, F8, 63, 4B, 00, 8B, 45, EC, 69, C0, 56, A0, EC, 11, 89, 45, F8, 68, 54, 30, 4D, 00, FF, 15, FC, 63, 4B, 00, 8B, 55, F8, 8B, 4D, EC, D3, E2, 89, 55, F8, 8B, 45, CC, 05, DD, 56, 00, 12, 89, 45, B8, 8B, 55, E0, 8B, 4D, C8, D3, EA, 89, 55, E4, FF, 15, F4, 63, 4B, 00, 8B, 45, B8, 50, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
722 KB (739,328 bytes)

The file rustbycff- installer.exe has been seen being distributed by the following URL.

http://rufile.net/-rVG

Remove rustbycff- installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.