Video Player.exe

system video player

The executable Video Player.exe has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address ip-50-63-202-35.ip.secureserver.net on port 80 using the HTTP protocol.
Product:
system video player

Version:
1.0.0.0

MD5:
b2418072fab83428b3e392b89716bc69

SHA-1:
95f28aa38d9cc2eba261ca550280a49db4472b83

SHA-256:
da5b850b0b3ba92cd2cd45c74c5c27fd9f1c8db7b11b2293c29c46117112dd49

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/24/2024 12:36:54 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Spy.Agent.AES trojan
7.0.302.0

Microsoft Security Essentials
Threat.Undefined
1.225.2223.0

VIPRE Antivirus
Threat.4150696
50750

File size:
969.5 KB (992,768 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
Video Player.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\adobeplayer\video player.exe

File PE Metadata
Compilation timestamp:
7/21/2016 7:12:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:P8TcHfoJq93gcTnXW4SuoqXZw78mCU3MAWH:Mq9ZTnmNLC3b

Entry address:
0xF003E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
952.5 KB (975,360 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-35.ip.secureserver.net  (50.63.202.35:80)

TCP (HTTP):
Connects to a92-122-48-42.deploy.akamaitechnologies.com  (92.122.48.42:80)

TCP (HTTP):

TCP (HTTP):
Connects to 110.147.96.66.static.eigbox.net  (66.96.147.110:80)

Remove Video Player.exe - Powered by Reason Core Security