tinymediaplayer.exe

Useful Software

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application tinymediaplayer.exe by Useful Software has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from i.apps-for-free.net.
Publisher:
Useful Software  (signed and verified)

Version:
1.0.0.1

MD5:
f1a9c0f038257187f3f82ffd85f7db19

SHA-1:
2df6689fc180e37fac0008e1748ec11224789ab9

SHA-256:
f661e4d472efd0b72c15a15bffa3cf4bd58edcad6732a5f1d2d9cf28bdc021a7

Scanner detections:
5 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 11:22:37 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Dr.Web
Adware.Downware.2712
9.0.1.0171

ESET NOD32
Win32/Verti (variant)
8.9727

Reason Heuristics
PUP.UsefulSoftware.P
14.6.20.16

VIPRE Antivirus
Rocketfuel Installer
28618

File size:
367.5 KB (376,280 bytes)

Product version:
1.0.0.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tinymediaplayer.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/14/2014 12:00:00 AM

Valid to:
12/16/2014 11:59:59 PM

Subject:
CN=Useful Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Useful Software, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7DB9B4E338BDCF4F909F675C098B0E76

File PE Metadata
Compilation timestamp:
2/21/2014 6:09:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:B4+MixC0NSs6FHtHwotSUOF5bGiExOEO71TgSAOr5LqE1cxfro7zF1W+LVy5p6aV:BF+0cNt/MUOFQ5xYaSV5LqE1cxfro7zs

Entry address:
0x226E1

Entry point:
E8, 7E, A7, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 90, 10, 45, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 09, 86, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, EB, B3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.3848

Code size:
220 KB (225,280 bytes)

The file tinymediaplayer.exe has been seen being distributed by the following URL.

Remove tinymediaplayer.exe - Powered by Reason Core Security