home

Winamp.exe

Winamp

Nullsoft Inc.

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘tr_winamp’. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Nullsoft, Inc.  (signed by Nullsoft Inc.)

Product:
Winamp

Version:
5.6.6.3516

MD5:
c8e8f12b364c3a7ba45888fbbc474aaa

SHA-1:
bcf9bbb30c99d71497171a6809cdb009a5fdc326

SHA-256:
3e58ffc3b66a7b9676487e753a0e4da6968d4754faf1c68b51b300c625311782

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

False Positives:
A number of engines detected this file but were erroneous detections (false positives).

Analysis date:
11/27/2024 2:43:48 PM UTC  (today)

File size:
2.2 MB (2,326,624 bytes)

Product version:
5.6.6.3516

Copyright:
Copyright © 1997-2013 Nullsoft, Inc.

Trademarks:
Nullsoft and Winamp are trademarks of Nullsoft, Inc.

Original file name:
Winamp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winamp\winamp.exe

Digital Signature
Signed by:
Nullsoft Inc.

Authority:
America Online Inc.

Valid from:
3/16/2011 1:25:39 AM

Valid to:
3/15/2016 1:25:39 AM

Subject:
CN=Nullsoft Inc., OU=Winamp, O=Nullsoft Inc., C=US

Issuer:
CN=AOL Member CA, O=America Online Inc., L=Dulles, S=Virginia, C=US

Serial number:
5AA8C9C387719F49A16AF24065565550

File PE Metadata
Compilation timestamp:
12/13/2013 9:47:26 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:4stPx2wYbbFs2X9srREoQkTAc1nvYj/vc4TyxxxM444xxxC2oqbox275:4stP8wYgrRWvqA/vc5xxxM444xxxTolW

Entry address:
0x98C99

Entry point:
E8, EA, 02, 00, 00, E9, 36, FD, FF, FF, CC, FF, 25, D4, B3, 49, 00, FF, 25, D0, B3, 49, 00, FF, 25, C4, B3, 49, 00, FF, 25, BC, B3, 49, 00, FF, 25, B8, B3, 49, 00, FF, 25, B0, B3, 49, 00, 68, 21, 8D, 49, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 28, 40, 4B, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F...
 
[+]

Code size:
614.5 KB (629,248 bytes)

Autoplay Handler
Display name:
WinampPlayMediaOnArrival

CLSID name:
{5D09B1CA-EFDE-36C6-A789-0C0B73031865}


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
tr_winamp

Command:
C:\winamp\winamp.exe


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Winamp

Command:
C:\winamp\winamp.exe


5 Windows Firewall Allowed Programs
Name:
C:\Program Files\Winamp\winamp.exe

Name:
F:\Program Files\Winamp\winamp.exe

Name:
E:\Program Files (x86)\Winamp\winamp.exe

Name:
E:\Archivos de programa\Winamp\winamp.exe

Name:
E:\Program Files\Winamp\winamp.exe


The file Winamp.exe has been discovered within the following programs.

Chipamp  by OverClocked ReMix
chipamp.org
About 1% of users remove it
Cosmic Rhapsody Icon Pack  by Paweł Porwisz
www.winamp.com/plugins/plugin-skins/113
About 7% of users remove it
InFlac 1.1.1  by Michael Facquet
Publisher's description - “This plug-in allows to play native FLAC files with Winamp. It stands for Free Lossless Audio Codec.”
www.facquet.com
About 3% of users remove it
MiniTube v1.0  by SongReference.com
Runs as a Winamp plugin.
www.SongReference.com
42% remove it
RemoteControl for Winamp  by Martin Schlodinski
code.google.com/p/remotecontrol-for-winamp
About 9% of users remove it
Winamp  by Nullsoft, Inc
Winamp is a media player for Windows-based PCs and Android devices, written by Nullsoft, now a subsidiary of AOL.
www.winamp.com
9% remove it
Winamp (remove only)  by Nullsoft, Inc
Winamp is a media player for Windows-based PCs that is proprietary freeware/shareware, multi-format, extensible with plug-ins and skins, and is noted for its graphical sound visualization, playlist, and media library features.
5% remove it
Winamp Detector Plug-in  by Nullsoft, Inc
Winamp Application Detect is a browser plugin for Internet Explorer and/or Firefox that allows Winamp.com and other participating sites to detect a Winamp installation and version when delivering content. It does not collect or send other information.
5% remove it
Winamp Essentials Pack  by Christoph Grether
About 7% of users remove it
Winamp Icon Pack  by Paweł Porwisz
About 1% of users remove it
 
Latest 20 of 19 programs
Powered by Should I Remove It?

The file Winamp.exe has been seen being distributed by the following 4 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-vhXpiLrcnmLP205UUnzyUXQHLnVktcfM0-DP3RY94-Y47qmwwYjNa9NjoFLUT5cn/messages/@.id==AAl3w0MABcqAV_ebVwf-4DOHmHA/content/parts/@.id==3/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBboEL5eL2DctTXQ_jFsUZqtANBQsaqV3FBU2XCjNGF2NLAew-B27JarQuJzs7tQ_bsaXYsR4RvwvgV3QYEmzl84&error=https://us-mg4.mail.yahoo.com/.../iframemsg?id=bc99ed18-a432-7ab6-ab60-0502e202aa3c&ymreqid=396a8bd2-0513-6cc8-0107-890059010000

https://www.roblox.com/.../setup.ashx

http://www.profm.ro/assets/.../dancefm.m3u

http://www.radiosun.ro/love.m3u

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.