webplayer.exe

Kreapixel

The application webplayer.exe by Kreapixel has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Version:
3.3.8.1

MD5:
7fdba942dc27436dd9386c55a7ec89bf

SHA-1:
1104386fe69e7964cefd5a3570c56a602c89217e

SHA-256:
8b58f6670d4b3f73ad2d191499434891e2e60f588ef83b81bdfc0be6e78ec24c

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/27/2024 2:44:03 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic8_c
2015.0.3396

Bkav FE
W32.Clod9e1.Trojan
1.3.0.4959

Dr.Web
Trojan.Crossrider.9
9.0.1.0212

ESET NOD32
Win32/Toolbar.Babylon
8.9613

Fortinet FortiGate
Riskware/Toolbar
7/31/2014

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Toolbar
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11595

Kaspersky
not-a-virus:WebToolbar.Win32.Toolbar
14.0.0.3272

McAfee
Artemis!684B8B642CF7
5600.7052

Qihoo 360 Security
HEUR/Malware.QVM11.Gen
1.0.0.1015

Reason Heuristics
PUP.Kreapixel.J
14.7.31.16

Sophos
Kreapixel
4.98

Trend Micro House Call
HV_TOOLBAR_CH16024C.UVPA
7.2.212

Trend Micro
TROJ_SPNR.03FD13
10.465.31

VIPRE Antivirus
Trojan.Win32.Generic
27864

File size:
711.5 KB (728,592 bytes)

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\webplayer.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/22/2012 2:00:00 AM

Valid to:
4/23/2013 1:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
452FBFB1AEBD907CC222ACC2D160BC37

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Q6Wq4aaE6KwyF5L0Y2D1PqLU+LxbydV5vMj3FxMPD0:mthEVaPqLU+LKHSZ

Entry address:
0xDBEB0

Entry point:
60, BE, 00, A0, 49, 00, 8D, BE, 00, 70, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file webplayer.exe has been seen being distributed by the following 22 URLs.

http://.../aff_c?offer_id=25&aff_id=1377&source=only-stream.com &clickTAG=http://.../aff_c?offer_id=25&aff_id=1377&source=only-stream.com

http://.../aff_c?offer_id=25&aff_id=1043&source=www.streamnolimit.com lecteur&clickTAG=http://.../aff_c?offer_id=25&aff_id=1043&source=www.streamnolimit.com lecteur

http://.../aff_c?offer_id=25&aff_id=3142&source=www.filmstreamingvf.com &clickTAG=http://.../aff_c?offer_id=25&aff_id=3142&source=www.filmstreamingvf.com

http://.../aff_c?offer_id=25&aff_id=3644&source=www.allostreaming-fr.com &clickTAG=http://.../aff_c?offer_id=25&aff_id=3644&source=www.allostreaming-fr.com

http://clic.illyx.com/aff_c?offer_id=25&aff_id=7369&source=www.sport-show.fr

Remove webplayer.exe - Powered by Reason Core Security