home

vzlom lyuboy opki.exe

Windows Media Player Folder Sharing Executable

Strong Media

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application vzlom lyuboy opki.exe, “Windows Media Player Folder Sharing Executable” by Strong Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from mediadisk.net.
Publisher:
Microsoft Corporation  (signed by Strong Media)

Product:
Microsoft® Windows® Operating System

Description:
Windows Media Player Folder Sharing Executable

Version:
11.0.5721.5262 (WMP_11.090130-1421)

MD5:
11917f10438112fa83c7776431b02b40

SHA-1:
6200ae6a6a9cd108685c728406bb8989d8515a98

SHA-256:
cec14f39450d7880e896b1d63f0c66b6b10e98226c059ff639508dba91dc624d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/10/2025 3:07:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.StrongMe (M)
16.7.15.14

File size:
914 KB (935,912 bytes)

Product version:
11.0.5721.5262

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wmpshare.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vzlom lyuboy opki.exe

Digital Signature
Signed by:
Strong Media

Authority:
COMODO CA Limited

Valid from:
6/14/2016 3:00:00 AM

Valid to:
6/15/2017 2:59:59 AM

Subject:
CN=Strong Media, O=Strong Media, STREET="Sokolniki Square, 4 A", L=Moscow, S=Moscow, PostalCode=107113, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE80B6BBB2E40F5F7B3C2F4B76F141D9

File PE Metadata
Compilation timestamp:
7/14/2016 3:14:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:RtbFgq60ijPuYGfMze8+o6xRpcOH4kLZwQRhkbN:Rti0qPufrtCODLZhRhkbN

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, 20, 04, 00, 00, 68, 4C, 20, 4D, 00, FF, 15, 0C, 70, 4B, 00, 8B, 45, EC, 69, C0, 56, A0, EC, 11, 89, 45, F8, 68, 54, 20, 4D, 00, FF, 15, 98, 70, 4B, 00, 8B, 55, F8, 8B, 4D, EC, D3, E2, 89, 55, F8, 8B, 45, A4, 2B, 45, AC, 89, 45, AC, 8B, 55, 90, 8B, 4D, AC, D3, E2, 89, 55, B4, 8B, 45, 9C, C1, E0, 75, 89, 45, 98, 8B, 55, 90, 8B, 4D, 88, D3, EA, 89, 55, 8C, 8B, 45, A8, 69, C0, FF, 92, 4C, 0A, 89, 45, A8, FF, 15, 28, 71, 4B, 00, C6, 85, D4, FE, FF, FF, EA, 8B, D2, 8B, 55, 08, 8B, D2, 89, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
725.5 KB (742,912 bytes)

The file vzlom lyuboy opki.exe has been seen being distributed by the following URL.

http://mediadisk.net/go/.../1336909

Remove vzlom lyuboy opki.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.