» windows-media-player-12_117534.exe
Overview
Analysis
File Details
Downloads (178)
Network (7)

windows-media-player-12_117534.exe

Downloader

DownloadAtoZ

The application windows-media-player-12_117534.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. The file has been seen being downloaded from www.com-about.com and multiple other hosts. While running, it connects to the Internet address 163-172-16-30.rev.poneytelecom.eu on port 80 using the HTTP protocol.

File name:

Publisher:

DownloadAtoZ

Product:

Downloader

Version:

1.0.0.1

MD5:

79004b97e5df0f1da5233b834f537e5e

SHA-1:

c6984d270f7366d99cf055be33a8c1f045cbfdf1

SHA-256:

e0b57b7eecc5e6ce660ed9f8a3555cb86311a14d550c982b58d3f3b4a9dec543

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 6:51:49 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.HDC

2015.01.05

Dr.Web

Adware.Mutabaha.301

9.0.1.05190

Emsisoft Anti-Malware

Application.AdLoad

10.0.0.5735

ESET NOD32

Win32/Downloader.AtoZ.A potentially unsafe application

8.0.319.0

McAfee

Artemis!79004B97E5DF

5600.6795

Norman

DLoader.ATMMQ

11.20150415

Reason Heuristics

PUP.DownloadAtoZ.Bundler.Meta (M)

16.3.30.8

Trend Micro House Call

Suspicious_GEN.F47V1225

7.2.4

ViRobot

Trojan.Win32.A.Gena.3173376.B[h]

2014.3.20.0

File size:

3 MB (3,173,376 bytes)

Product version:

1.0.0.1

Original file name:

Downloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\windows-media-player-12_117534.exe

File PE Metadata

Compilation timestamp:

12/17/2014 3:10:48 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:BNsJAeByoFhY2Oc2W8T8M5QT2pOnowyIbHu67T6ZEtsUSJNOvXY6G3gsvsFQQkaS:cJAek4u2i8COl6UAEA6VsQkaJ++Kio

Entry address:

0x13CF70

Entry point:

8B, FF, 55, 8B, EC, E8, 56, 35, 01, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, 70, 66, 60, 00, 68, E0, 6F, 54, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, 94, 53, 56, 57, A1, E0, 02, 61, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, AC, 84, 5B, 00, C7, 45, FC, FE, FF, FF, FF, EB, 26, B8, 01, 00, 00, 00, C3, 8B, 65, E8, C7... 
[+]

Entropy:

5.8667

Code size:

1.7 MB (1,795,072 bytes)

The file windows-media-player-12_117534.exe has been seen being distributed by the following 50 URLs.

http://www.com-about.com/download/.../digital-lock.exe

http://www.com-about.com/download/.../pista-gloria-aleluya-en-audio-mp3-j-luis-g.exe

http://www.com-about.com/download/.../mp3-g-toolz.exe

http://www.com-about.com/download/.../recoveryfix-for-excel.exe

http://www.com-about.com/download/.../id-serve.exe

http://www.com-about.com/download/.../driver-updater-pro.exe

http://www.com-about.com/download/.../isquint.exe

http://www.com-about.com/download/.../minh-s-free-photoresizer.exe

http://www.com-about.com/download/.../moorhuhn-winter-deutsch-tmd.exe

http://www.com-about.com/download/.../koala-mp4-video-converter.exe

http://www.com-about.com/download/.../nxpowerlite-3-7-2.exe

http://www.com-about.com/download/.../creative-textfx-v2.exe

http://www.com-about.com/download/.../multicast2unicast.exe

http://www.com-about.com/download/.../xren-qrcode.exe

http://www.com-about.com/download/.../cafezee.exe

http://www.com-about.com/download/.../mosanick.exe

http://www.com-about.com/download/.../stitch-maps-plus-2.exe

http://www.com-about.com/download/.../dts-parser.exe

http://www.com-about.com/download/.../superstring.exe

http://www.com-about.com/download/.../ibar.exe

http://www.com-about.com/download/.../pista-hoy-que-estamos-juntos-yuri.exe

http://www.com-about.com/download/.../govert-rotate-scale-pdf.exe

http://www.com-about.com/download/.../id-flow-premier.exe

http://www.com-about.com/download/.../winradius.exe

http://www.com-about.com/download/.../netdiscovery.exe

http://www.com-about.com/download/.../media-code-speed-edit.exe

http://www.com-about.com/download/.../typeit.exe

http://www.com-about.com/download/.../emsa-register-dll-tool.exe

http://www.com-about.com/download/.../pesview.exe

http://www.com-about.com/download/.../easy-numbering.exe

Latest 30 of 178 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 163-172-16-30.rev.poneytelecom.eu (163.172.16.30:80)

TCP (HTTP):

Connects to star-67.com (75.98.171.111:80)

TCP (HTTP):

Connects to ec2-54-84-24-27.compute-1.amazonaws.com (54.84.24.27:80)

TCP (HTTP):

Connects to a23-65-124-32.deploy.static.akamaitechnologies.com (23.65.124.32:80)

TCP (HTTP):

Connects to a23-223-97-211.deploy.static.akamaitechnologies.com (23.223.97.211:80)

TCP (HTTP):

Connects to a23-198-96-178.deploy.static.akamaitechnologies.com (23.198.96.178:80)

Remove windows-media-player-12_117534.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.