webplayer.exe

Kreapixel

The application webplayer.exe by Kreapixel has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Version:
3.3.8.1

MD5:
0914d934ef1d0ac55d0d2714086bd870

SHA-1:
cab7c7588e53160e1a12dfaad1efb1520d82a27b

SHA-256:
487f98fba3fc1ec24732eea3594af956ec0a434a61add53721260048755cead0

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/5/2024 9:33:24 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.9
9.0.1.0113

G Data
Win32.Application.KreaPixWebplayer
14.4.24

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Toolbar
t3scan.2.2.29

McAfee
Artemis!0914D934EF1D
5600.7152

Reason Heuristics
PUP.Kreapixel.J
14.4.23.6

Sophos
Kreapixel
4.98

File size:
713.8 KB (730,944 bytes)

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\webplayer.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/28/2013 2:00:00 AM

Valid to:
4/29/2014 1:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:D6Wq4aaE6KwyF5L0Y2D1PqLU+LxbBZsVj9noC2WpDykN4CUdCr8p:pthEVaPqLU+LTZ09v2WpDiCUOm

Entry address:
0xDBEB0

Entry point:
60, BE, 00, A0, 49, 00, 8D, BE, 00, 70, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file webplayer.exe has been seen being distributed by the following 7 URLs.

http://clic.illyx.com/aff_c?offer_id=373&aff_id=1019

http://clic.illyx.com/aff_c?offer_id=373&aff_id=1560

Remove webplayer.exe - Powered by Reason Core Security