» updater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

updater.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MPlayerForWindows_AutoUpdateV2’.

File name:

updater.exe

MD5:

9085d4d9b871f7f29173643a1e7c41bc

SHA-1:

56e32b5b81cb12a78a8b5cb5ea4fe8be6c5c4903

SHA-256:

06c9f539b80ab7ac90a383877f9ab3a6247babe977caf1116a84eae4f8382355

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 6:52:54 PM UTC (today)

File size:

351.7 KB (360,190 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\mplayer for windows\updater.exe

File PE Metadata

Compilation timestamp:

2/24/2012 9:19:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:CC0bQlxEHF4/UD+uGSNicPl3LHW5bH8hkTYb+Foxe1DQKU/pMFLrU:CCRlxEHF4/USq0cxLHW5bcaTzFiIapKk

Entry address:

0x3883

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.2861

Packer / compiler:

Nullsoft install system v2.x

Code size:

27.5 KB (28,160 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MPlayerForWindows_AutoUpdateV2

Command:

"C:\Program Files\mplayer for windows\updater.exe" \l=1033 \autocheck

The file updater.exe has been discovered within the following program.

MPlayer for Windows by The MPlayer Team

mulder.at.gg

About 2% of users remove it

Scan updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.