home

videoplayersetup.exe

Generic

Mow Digital Ltd.

The application videoplayersetup.exe, “Generic Setup ” by Mow Digital has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdn.jddfmlafmdamracsoftwarepresent.com.
Publisher:
Generic Web Program   (signed by Mow Digital Ltd.)

Product:
Generic

Description:
Generic Setup

MD5:
2b32124e75097daa90077d783e366941

SHA-1:
e2ebabf0aa88909d9459c76460d3ce4c51be904d

SHA-256:
76e2a675192c286bd2026fb6fcf76b2cc856e07c95a5674eed38d0d27b84b1c2

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/25/2024 12:33:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/ANDR.Airpush.M.Gen
8.3.2.4

AVG
Adware InstallCore
2017.0.2867

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Adware.Installcore-803
0.98/21157

Comodo Security
Application.Win32.InstallCore.AVX
23755

Dr.Web
Trojan.InstallCore.890
9.0.1.011

ESET NOD32
Win32/InstallCore.ACZ potentially unwanted application
10.7.0.302.0

F-Prot
W32/InstallCore.BB.gen
v6.4.7.1.166

G Data
Win32.Application.InstallCore.EG
16.1.25

IKARUS anti.virus
not-a-virus:AdWare.Eorezo
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.18090

Kaspersky
not-a-virus:AdWare.Win32.Eorezo
14.0.0.831

Malwarebytes
PUP.Optional.InstallCore
v2016.01.11.06

NANO AntiVirus
Riskware.Win32.InstallCore.dwrvta
1.0.10.5081

nProtect
Trojan-Clicker/W32.Eorezo.841752
15.12.11.01

Qihoo 360 Security
QVM06.1.Malware.Gen
1.0.0.1077

Reason Heuristics
Win32.Generic
16.1.11.18

Sophos
PUA 'Install Core Click run software'
5.22

SUPERAntiSpyware
PUP.InstallCore/Variant
9391

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
Threat.4786018
45800

Zillya! Antivirus
Adware.Eorezo.Win32.12173
2.0.0.2561

File size:
822 KB (841,752 bytes)

Product version:
3.7

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\videoplayersetup.exe

Digital Signature
Signed by:
Mow Digital Ltd.

Authority:
thawte, Inc.

Valid from:
5/11/2015 2:00:00 AM

Valid to:
5/11/2016 1:59:59 AM

Subject:
CN=Mow Digital Ltd., OU=IT, O=Mow Digital Ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
21991B3B5A467E63DDD9AD5CEE2C886E

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:DgXx2gzxPRrplsJUtyAPJLRTdUHZ1b0qKMPO58NT6:D8JzxPRrp+JTAPJLPob0qRWa2

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file videoplayersetup.exe has been seen being distributed by the following URL.

http://cdn.jddfmlafmdamracsoftwarepresent.com/.../B5hLktyqJI5wAUgIXmnIuJgyPMdx5laDqgiRMR0HnlB1UzlFDuc35MxtwS1UGZJrugvqz1uakom mcS9FjsUx8Xo7SgDXOuHANJ2h6h2 N8EAhcAQ nSw==

Remove videoplayersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.