» sweetplayerch.exe
Overview
Analysis
File Details
Downloads (1)

sweetplayerch.exe

SweetPlayer

Think Future Technologies Pvt Ltd

The application sweetplayerch.exe, “SweetPlayer Setup ” by Think Future Technologies Pvt has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from s3.amazonaws.com.

File name:

sweetplayerch.exe

Publisher:

Think Future Technologies Pvt Ltd (signed and verified)

Product:

SweetPlayer

Description:

SweetPlayer Setup

MD5:

4d1198bc844cacc87e6f5f9f789c754a

SHA-1:

27c1a14a7554ebb3bb91201aee6bd9d03cba4044

SHA-256:

2258df568b0d1745d457e029485270c0f8f0280049e1c5c04d8e6a4502557758

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

11/24/2024 2:45:38 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Conduit.411

9.0.1.028

ESET NOD32

Win32/Conduit.SearchProtect.AF potentially unwanted

10.12353

Malwarebytes

PUP.Optional.SweetPlayer.A

v2016.01.28.09

Qihoo 360 Security

HEUR/QVM42.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.ThinkFutureTechnologiesPvt.Installer (M)

16.1.28.9

File size:

1.2 MB (1,215,600 bytes)

Product version:

'1.10.2.2.3'

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\sweetplayerch.exe

Digital Signature

Signed by:

Think Future Technologies Pvt Ltd

Authority:

COMODO CA Limited

Valid from:

5/6/2015 2:00:00 AM

Valid to:

5/6/2016 1:59:59 AM

Subject:

CN=Think Future Technologies Pvt Ltd, OU=Mailing, O=Think Future Technologies Pvt Ltd, STREET=12th Floor JMD Regent Square, L=Gurgaon, S=HR, PostalCode=122002, C=IN

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D7465B495AC5992A0AED02D4C94C0674

File PE Metadata

Compilation timestamp:

7/9/2014 9:58:13 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:TxGVggbxkD+pqgYfrwGPzQ1u7xLKbKMmNboQleVXz76ri3L8iVJe0flR:MVxfberwGPzSu2mNpg7RvJe0fz

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file sweetplayerch.exe has been seen being distributed by the following URL.

https://s3.amazonaws.com/www.informativesetup.com/guardbox/.../SweetPlayerCH.exe

Remove sweetplayerch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.