webplayer.exe

Kreapixel

The application webplayer.exe by Kreapixel has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from securelinkdownload.com.
Publisher:
Kreapixel  (signed and verified)

Version:
3, 3, 8, 1

MD5:
0452a30092ba667f062a1efb2ed0ca94

SHA-1:
5b96f2ac2fe2063fa295f654c4ff77799af800ed

SHA-256:
0d05b0fd6faac1891c79ba952be752dfd5f3ba95addb65d44433c61a4eaead45

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 2:41:12 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1119
9.0.1.0294

ESET NOD32
Win32/Toolbar.Babylon
8.8805

IKARUS anti.virus
Trojan-Downloader.Win32.Genome
t3scan.2.0.127

K7 AntiVirus
Unwanted-Program
13.172.9576

NANO AntiVirus
Trojan.Win32.Downware.cchoom
0.26.0.54404

Reason Heuristics
PUP.Kreapixel.J
14.10.21.16

Sophos
Generic PUA FL
4.91

Trend Micro House Call
TROJ_GEN.RC1H1E4
7.2.294

VIPRE Antivirus
Trojan.Win32.Generic
21510

File size:
723.3 KB (740,696 bytes)

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\webplayer.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/22/2012 2:00:00 AM

Valid to:
4/23/2013 1:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
452FBFB1AEBD907CC222ACC2D160BC37

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:C6Wq4aaE6KwyF5L0Y2D1PqLo+Txb3Ii6/Zk6yZMMB+9DMu6/2lFhaXO:AthEVaPqLo+Th8/Zk6hbM1+Po+

Entry address:
0xDBEB0

Entry point:
60, BE, 00, A0, 49, 00, 8D, BE, 00, 70, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file webplayer.exe has been seen being distributed by the following URL.

Remove webplayer.exe - Powered by Reason Core Security