video_player10.0_setup.exe

The application video_player10.0_setup.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from k007.kiwi6.com and multiple other hosts.
MD5:
a424a66bd278f925741a227493ddfdd3

SHA-1:
f76d0ef07d091042dd9c5d9066b61a4d850ece5b

SHA-256:
678ed25f1f70a7cde2eff4eba67cd1c05f6bd360bce849b3dd3a31b792dcdc8f

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 5:49:25 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
14.04.02

AVG
MalSign.OutBrowse
2015.0.3516

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.1442

Comodo Security
Application.Win32.OutBrowse.~B
18031

ESET NOD32
Win32/OutBrowse (variant)
8.9624

Fortinet FortiGate
Riskware/NSIS_OutBrowse
4/2/2014

G Data
Win32.Application.OutBrowse
14.4.24

K7 AntiVirus
Trojan
13.176.11623

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.4077

Malwarebytes
PUP.Optional.Smart
v2014.04.02.03

McAfee
RDN/Generic PUP.x!bpq
5600.7172

NANO AntiVirus
Trojan.Win32.OutBrowse.crkqqe
0.28.0.58873

Panda Antivirus
Trj/CI.A
14.04.02.03

Quick Heal
Trojan.NSIS.OutBrowse.b
4.14.12.00

Sophos
OutBrowse
4.98

Total Defense
Win32/Tnega.LTDCLND
37.0.10853

Trend Micro House Call
TROJ_SPNR.0CAS14
7.2.92

Trend Micro
TROJ_SPNR.0CAS14
10.465.02

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
27938

XVirus List
Win32.Detected
2.4.2

File size:
601.4 KB (615,803 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\video_player10.0_setup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Uj5cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJl1:UdrNKPbDVmH0uf+HSkHl+RsnNFSgcD6l

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9774

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file video_player10.0_setup.exe has been seen being distributed by the following 3 URLs.

http://k007.kiwi6.com/.../7j4jvj9vnf

Remove video_player10.0_setup.exe - Powered by Reason Core Security