home

video_player12.2_setup.exe

The application video_player12.2_setup.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from 69girls.up.269g.net and multiple other hosts.
MD5:
25deb0b2113ff1efb50e827d2844535f

SHA-1:
726e13fcd095254bc6a707356b126a999c556c5c

SHA-256:
ab669930c30061cb6dcc57809a38aa7e161e250bf296190e2de0058ac9514669

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/25/2024 1:27:18 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Generic
2.1.4+

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.10.15

Avira AntiVirus
APPL/Downloader.Gen
7.11.178.140

avast!
NSIS:OutBrowse-D [PUP]
2014.9-140918

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.14918

Dr.Web
Trojan.Packed.28873
9.0.1.0330

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10567

K7 AntiVirus
Trojan
13.183.13690

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.3230

Malwarebytes
PUP.Optional.OutBrowse
v2014.11.26.10

McAfee
Artemis!5F76CE0B1930
5600.7003

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.62671

nProtect
Trojan-Clicker/W32.OutBrowse.726919
14.10.15.01

Panda Antivirus
Trj/Chgt.E
14.09.18.09

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
11.14.14.00

Sophos
Generic PUA JK
4.98

Trend Micro House Call
Suspici.12797D5E
7.2.261

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
33942

Zillya! Antivirus
Adware.OutBrowse.Win32.8284
2.0.0.1956

File size:
709.9 KB (726,917 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\video_player12.2_setup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:1xm4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XLE:1Q48b/qczqEVf1idYY4t7+vVCtBNluqY

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9469

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file video_player12.2_setup.exe has been seen being distributed by the following 2 URLs.

http://69girls.up.269g.net/.../Play_Video_Now.exe

http://nnlove.info/.../Media_Player12.2_Setup.exe

Remove video_player12.2_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.