tinymediaplayer.exe

Useful Software

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application tinymediaplayer.exe by Useful Software has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from i.greatappsfree.com and multiple other hosts.
Publisher:
Useful Software  (signed and verified)

Version:
1.0.0.3

MD5:
c1847d539ec410b67fa203e16f1ebb72

SHA-1:
220a0826883fd08b66a38d9f559efc00f243abb2

SHA-256:
1d9fd263002f9af20bf823a4c572b0d5cda488c0546b24daaf0344719fd96617

Scanner detections:
8 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 6:46:55 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Usefus
2015.0.3382

ESET NOD32
Win32/Verti (variant)
8.9796

G Data
Win32.Trojan.Agent.BCA8IC
14.8.24

herdProtect (fuzzy)
2014.10.30.10

McAfee
Artemis!C1847D539EC4
5600.7038

Reason Heuristics
PUP.UsefulSoftware.P
14.8.14.14

Trend Micro House Call
TROJ_GEN.F47V0513
7.2.226

VIPRE Antivirus
Rocketfuel Installer
29184

File size:
366 KB (374,760 bytes)

Product version:
1.0.0.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tinymediaplayer.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/14/2014 1:00:00 AM

Valid to:
12/17/2014 12:59:59 AM

Subject:
CN=Useful Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Useful Software, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7DB9B4E338BDCF4F909F675C098B0E76

File PE Metadata
Compilation timestamp:
5/13/2014 7:23:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:iKk02wQjZnnUAHlESM9Pt/IBP4BoHg8dqqkSyorKvEAO9ALqE1cxfro7zF1W+LVR:iL02dncz9F/IBABoHVLv7bALqE1cxfr6

Entry address:
0x22009

Entry point:
E8, 46, A7, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 90, 10, 45, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, D1, 85, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 93, B3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Code size:
218.5 KB (223,744 bytes)

The file tinymediaplayer.exe has been seen being distributed by the following 2 URLs.

Remove tinymediaplayer.exe - Powered by Reason Core Security