home

vid plaY

Publisher Information

vid plaY is a software publisher located in Dublin, Ireland*. The company is a primary distributor of unwanted software. Thre are 21 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
3/15/2015 8:00:00 PM

Valid to:
12/17/2015 6:59:59 PM

Subject:
CN=vid plaY, O=vid plaY, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
35a9c40292102727c460d1cd1111d5b0

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Outborwse, PUP.Outborwse, Threat.Outbrowse.Installer.Outborwse, Threat.Outbrowse.Outborwse, PUP.Outbrowse.Installer.Outborwse, PUP.Outbrowse.Outborwse.Installer (M), PUP.Outbrowse (M)
100.00%

NANO AntiVirus
Trojan.Win32.OutBrowse.dpxqwg, Riskware.Win32.OutBrowse.dqfevg, Trojan.Win32.OutBrowse.dpuxby, Trojan.Win32.OutBrowse.dqucfx
20.00%

Dr.Web
Trojan.OutBrowse.323, Trojan.OutBrowse.325, Trojan.OutBrowse.334
20.00%

AVG
Downloader, Potentially harmful program Downloader.FRN
20.00%

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application, Win32/OutBrowse.BX potentially unwanted application
16.67%

AhnLab V3 Security
PUP/Win32.OutBrowse
16.67%

McAfee
Program.Adware-OutBrowse.e, Trojan.Adware-OutBrowse.e, Trojan.Artemis!1FB39DAC856B
13.33%

Quick Heal
Adware.NSIS.OutBrowse.A
13.33%

G Data
Win32.Adware.Outbrowse, Win32.Application.Agent.AT4F3R, Dropped:Adware.Generic.1252951
13.33%

Sophos
OutBrowse Revenyou, Generic PUA NA, Generic PUA MJ
13.33%

1 / 68      (Adware)
adobe_reader.exe  (cdc5df0341ccc5df8751f66b20896d07)

1 / 68      (Adware)
oovoo.exe  (36ebccf71612e9422e9061d6d3419db6)

1 / 68      (Adware)
oovoo.exe  (ee67202b2d37be8ee60e73251890d53a)

1 / 68      (Adware)
google_chrome.exe  (79086207c865fe50612db75d6cde5fdc)

1 / 68      (Adware)
adobe_reader.exe  (f613e3622c4691aba9c5697f233b7e77)

1 / 68      (Adware)
picasa_setup.exe  (0e6d421f42520adaff70e1858765e276)

1 / 68      (Adware)
picasa.exe  (b6f642adefcdbf80163bf619bbc38ab0)

1 / 68      (Adware)
picasa_setup.exe  (9cecafa4090671e42e442f1907192aac)

1 / 68      (Adware)
picasa_setup.exe  (36d1dd798496380bc9c8eb0542991cbc)

1 / 68      (Adware)
picasa_setup.exe  (29476476520712422c70dd4f1251a460)

1 / 68      (Adware)
adobe_reader.exe  (5f27c40fdbc210f3bd8e1f8c7f24f1f2)

1 / 68      (Adware)
adobe_reader.exe  (b957efd07b7df3fd3d1c5b9907a7762c)

1 / 68      (Adware)
adobe_reader.exe  (4ab39fb2d790de9ea92be355ac718bdd)

1 / 68      (Adware)
oovoo.exe  (ed2912f6e875a54982c5c980e7ef2895)

1 / 68      (Adware)
adobe_reader.exe  (f1149d8b11c3b6740e146ff844257ee9)

1 / 68      (Adware)
picasa_setup.exe  (8f7f556d81e86b7ef88a6ac9ff8a2a32)

1 / 68      (Adware)
adobe_reader.exe  (503e3607da96f651e072880f9fbfe5fa)

1 / 68      (Adware)
adobe_reader.exe  (916ab02b74fb5f802b84a765540afc71)

1 / 68      (Adware)
malwarebytes anti-malware.exe  (9ccaf4a23276ded2d5e9b6eb66142b8a)

1 / 68      (Adware)
malwarebytes anti-malware.exe  (49aa7b412d4415d8dfe0e7833e5ff206)

1 / 68      (Adware)
malwarebytes anti-malware.exe  (b434eecb9cd374468bbbf22abb99037d)

1 / 68      (Adware)
malwarebytes anti-malware.exe  (e9e7f84070ff4d6bbfec8cbbb991b927)

1 / 68      (Adware)
picasa.exe  (f46b36eeba2222f85951411fb37ade4f)

1 / 68      (Adware)
firefox.exe  (41650c433207fe5314f5d826e3efae0f)

29 / 68    (Adware)
java_setup.exe  (1fb39dac856b0a120481f3812552f4b0)

16 / 68    (Adware)
adobe_reader.exe  (b0fde0dd37fa4ec615c295fade9d6792)

11 / 68    (Adware)
ebdcabfihdj.exe  (ff74e890e0e6b8166a0f9fb1638daea2)

13 / 68    (Adware)
firefox.exe  (a2a65e61f3cf025a1796a7b0e71a618d)

10 / 68    (Adware)
ebccabfihcca.exe  (faace868d047d76dd85795a826bf9827)

9 / 68      (Adware)
firefox.exe  (cfcde83789ef32727fd9d279e05f621b)

 
Latest 30 of 30 files

Downloads URLs for files signed by vid plaY.

1 / 68      (Adware)
http://dl.downloadnet.org/download/669/.../  (picasa.exe)

1 / 68      (Adware)
http://download-file.downloadzone.org/download/229/.../  (firefox.exe)

29 / 68    (Adware)
http://download-file.downloadzone.org/download/107/.../  (java_setup.exe)

16 / 68    (Adware)
http://download.downloadease.net/download/706/.../  (adobe_reader.exe)

13 / 68    (Adware)
http://get.sad1209.info/1428954568/1428954568/get23?p=1955&d=18257&l=5187&n=1&exeurl=https://download-installer.cdn.mozilla.net/pub/firefox/releases/33.0/win32/en-US/Firefox Setup Stub 33.0.exe&productname=Firefox&d1=184526&d2=891&filename=Firefox&tyurl=http://www.postdownload.net/.../redirect.php?id=k19i8d7fo7lts4uc9pnsuor8dss69g55o2qfcifkbkq9gso74k20-7e50d2fd0a2bbfb48205f0924c275996&d=downloadzone.org&p=Firefox&pid=3&bex=1&countryid=265&icon=1  (a2a65e61f3cf025a1796a7b0e71a618d)

9 / 68      (Adware)
http://download-file.downloadzone.org/download/229/.../  (firefox.exe)

The following websites host and distribute files published by vid plaY.

get.sad1209.info

download.downloadease.net

dl.downloadnet.org

download-file.downloadzone.org

The certificates below are also signed by vid plaY.

494D796484B3D5B6685317AEFF4391C2  (Jan 26, 2015 to Dec 18, 2015)

4DB63F3D6B0DABE3D14F7BBD06CAB019  (May 07, 2015 to Dec 18, 2015)

2B8B482BDFACE8786CAF07829C5F5746  (Jan 04, 2015 to Dec 18, 2015)

3C99B5D1E3629AA36B14C97267AA7E1E  (Sep 08, 2015 to Dec 18, 2015)

525F3296FA386B468C94FE7C259A69E8  (Jan 09, 2015 to Dec 18, 2015)

6559B30CB367EA0752AFDD3F7ACAAD29  (Mar 10, 2015 to Dec 18, 2015)

6B2D2D546ACA529FD98EE1FB0CCCE693  (Jun 29, 2015 to Dec 17, 2015)

1F46BFB47C5C37B81198D1E77ED1EE63  (Feb 16, 2015 to Dec 17, 2015)

328594707220ABC52D2EE64DD82930D0  (Apr 20, 2015 to Dec 17, 2015)

35A26A5798780AA2A04523D508CA549A  (Feb 28, 2015 to Dec 17, 2015)

10 of 21 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Vid play

VID PLAY

SaFe SoftwaRe sLL

APPs MARket aBC

VID Play

Mari Mara

SAfe downlOAd gtL

Quick Downloader

Start Now

VId Play

APPS market ABC

APPs MarKet ABc

Yes apps

Just Accept

APPs MarKeT ABC

Click Yes

vId PLAY

apps Market AbC

BON DON JOV

FASt download got

DOZ-DEKORUM LLC

Salyutem Plyus LLC

YES apPS

CLICK trust OPT

YES APPS

TOV SONORA-KHARIKV

Downloadinfo

START now

* Note, the details and description above are based on the code signing digital signature issued to vid plaY by thawte, Inc. on March 15, 2015 with the serial number '35a9c40292102727c460d1cd1111d5b0'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.