home

TyV1.exe

vumaa.com

The application TyV1.exe, “RadPlayer Notification Icon” by vumaa.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RadPlayer Tray’. This file is typically installed with the program RadPlayer by MyRadioPlayer.
Publisher:
RadPlayer  (signed by vumaa.com)

Product:
RadPlayer

Description:
RadPlayer Notification Icon

Version:
4.0.1

MD5:
c77e15daae571d08ce4d0b0c76cb2eb8

SHA-1:
56ad17ad5c235f7586ef932c6d109b5bc9a91a46

SHA-256:
7a8fd87c5560d99d044b562970949c4efbe48c282260d4613c77665c491c598c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:42:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.vumaa (M)
16.1.3.13

File size:
287.9 KB (294,824 bytes)

Product version:
4.0.1

Copyright:
© Dynamic Network Services, Inc.

Trademarks:
Dyn (sm)

Original file name:
TyV1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\radplayer\tyv1.exe

Digital Signature
Signed by:
vumaa.com

Authority:
Symantec Corporation

Valid from:
5/20/2015 5:00:00 PM

Valid to:
5/20/2016 4:59:59 PM

Subject:
CN=vumaa.com, O=vumaa.com, L=San Leandro, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
76E787BD1F62AC42BDA87B7DF6F59E21

File PE Metadata
Compilation timestamp:
5/29/2015 12:14:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:WCHRTY2v6vMyEjRNjeQUjhNHgkuiG1EDLnt2efGuCMN33QmaJi/7EZt+8ZvM1:vxKgjRoQiNAkPT4u5HQm6W7EjzvM1

Entry address:
0x1DA4

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, ED, 1D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, E0, E2, 03, 10, FF, 15, 80, 80, 00, 10, 85, C0, 75, 18, 56, E8, 7F, 03, 00, 00, 8B, F0, FF, 15, 50, 80, 00, 10, 50, E8, 2F, 03, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0...
 
[+]

Entropy:
2.3125

Code size:
26 KB (26,624 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RadPlayer Tray

Command:
"C:\Program Files\radplayer\tyv1.exe"


The file TyV1.exe has been discovered within the following program.

RadPlayer  by MyRadioPlayer
Publisher's description - “MyRadioPlayer is a free downloadable radio station application that acts as a search engine for all of radio: songs, artists, shows and stations. Search for your favorite artist and listen to their music.”
myradioplayer.net
38% remove it
 
Powered by Should I Remove It?

Remove TyV1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.