uplayermediaplayer-setup.exe

Full Spectrum Interactive

The application uplayermediaplayer-setup.exe by Full Spectrum Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files4.mirror2.info.
Publisher:
Full Spectrum Interactive  (signed and verified)

MD5:
400aaaceed48039071cf21ccf2da609a

SHA-1:
d43bb5b2cdceb72aead9c45dbe58e9ef2b389fde

SHA-256:
fd93550c42f2ef5f50ec1899ea39bd883edf8a3b5fcf8e66197cb0c27dd94b47

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 7:51:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin.FullSpectrumInteractive.Installer (M)
16.2.19.14

File size:
575.9 KB (589,768 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\uplayermediaplayer-setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/10/2012 7:00:00 PM

Valid to:
6/10/2014 6:59:59 PM

Subject:
CN=Full Spectrum Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Full Spectrum Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1A1AEF489C94F2C514EA16B9BEBCDEFC

File PE Metadata
Compilation timestamp:
6/22/2012 1:07:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:hYQxt2ctKQEGvjITZD+jcEckHnyudpc5y/zDnYDBrfw8AA:hlxIQEMIT5dAzc5y/zUDBrP

Entry address:
0x333B

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2C, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1D, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0B, 24, 00, 00...
 
[+]

Entropy:
7.9663

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file uplayermediaplayer-setup.exe has been seen being distributed by the following URL.

Remove uplayermediaplayer-setup.exe - Powered by Reason Core Security