setup_movie player_plugin v41.exe

The application setup_movie player_plugin v41.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from doomovieonliness.com.
MD5:
a13df6df3dc1069414aaa764c1246637

SHA-1:
efc2e45d58a5fc667ee00dd8b0322fbaeb6c04a6

SHA-256:
75e94ba17805fdd2bc60943d550f2b4b8934d58c23e4d389ec52b1b762644bf0

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 1:42:55 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160119-0

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

McAfee
Program.Artemis!4B49CFB7E5A5
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5826.0

VIPRE Antivirus
Threat.4721115
46910

File size:
526.6 KB (539,219 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\Documents and Settings\{user}\My documents\downloads\setup_movie player_plugin v41.exe

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Qme80ZWaRd7ZNCNC77lZbJd5A8eneBW4PRVdmQd7L+Rfuj65wbfp:QmB04aRjoNC7jbJd5A8enepPRm4L3p1

Entry address:
0x30FA

Entry point:
8D, 0D, D0, 3D, 81, C3, C7, C2, E0, 32, 15, 8E, FF, C1, 80, D7, 11, 69, D7, 1E, 31, D6, 6F, 81, CD, 06, BD, 02, F5, FE, C4, FF, CF, 69, C3, EA, 35, F5, B0, 69, EF, 9C, 78, DE, CA, 87, F1, 8D, 35, F9, 97, 6D, 7B, 87, CA, 33, C3, BB, B0, 03, 00, 00, 2A, E5, 81, EB, 26, 00, 00, 00, 8B, F3, C6, C4, 9E, 8D, 2D, 0F, EC, 63, 6D, 8D, 05, 6D, 4E, 99, DF, B6, 93, 81, EB, 14, A8, F2, FF, 88, E0, 80, E4, 7E, 88, E2, 81, EB, ED, 57, 0D, 00, 69, C7, 59, 84, 3C, 25, 4D, 80, ED, F7, 85, C8, 75, 06, F3, 84, C0, 0F, B6, C7...
 
[+]

Entropy:
7.9535  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file setup_movie player_plugin v41.exe has been seen being distributed by the following URL.

Remove setup_movie player_plugin v41.exe - Powered by Reason Core Security