windowsplayer_setup.exe

Windows Player Internet Setup

iTVA LLC

The application windowsplayer_setup.exe by iTVA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from download.windowsplayer.ru.
Publisher:
iTVA LLC  (signed and verified)

Product:
Windows Player Internet Setup

Version:
2.3.0.0

MD5:
99cc5251c52ee9febd902112c31ee31d

SHA-1:
c0129af7720f3ad93876a1ff0a7cb7aee7d7c4c1

SHA-256:
69c89b83343de4838c98da819954c86500e81e8db036e82588851bd0fbdd4e26

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/26/2024 1:24:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.iTVA.T
14.9.27.16

File size:
28.5 MB (29,936,328 bytes)

Product version:
2.3.0.0

Copyright:
iTVA LLC (Freeware product)

Trademarks:
iTVA.ru, windowsplayer.ru

Original file name:
InternetSetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windowsplayer_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/23/2012 4:00:00 AM

Valid to:
11/24/2014 3:59:59 AM

Subject:
CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
65EB772671D39CAF088B0D4A828C5E61

File PE Metadata
Compilation timestamp:
11/8/2013 3:07:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:bfFwH7tAb5WquhyZi/+tvdPQeqSQH1WJJdaSt4:bfFwbtu5ohUkqdlTTku

Entry address:
0x1C013C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 54, 7E, 5B, 00, E8, C0, AF, E4, FF, A1, D4, 83, 5C, 00, 8B, 00, E8, 98, FA, EF, FF, A1, D4, 83, 5C, 00, 8B, 00, 33, D2, E8, 7E, 17, F0, FF, 8B, 0D, 5C, 84, 5C, 00, A1, D4, 83, 5C, 00, 8B, 00, 8B, 15, 10, 5B, 5B, 00, E8, 8A, FA, EF, FF, A1, D4, 83, 5C, 00, 8B, 00, E8, CE, FB, EF, FF, E8, E5, 6C, E4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,828,352 bytes)

The file windowsplayer_setup.exe has been seen being distributed by the following URL.

Remove windowsplayer_setup.exe - Powered by Reason Core Security