wmp12.exe

AutoPlay Media Studio Launcher

The executable wmp12.exe, “AutoPlay Application” has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download998.mediafire.com and multiple other hosts.
Product:
AutoPlay Media Studio Launcher

Description:
AutoPlay Application

Version:
8.0.1.0

MD5:
8ba0878f15d1682ed2aea2703e4c7d09

SHA-1:
9e91e2a398bf81c0000fea10223de8efc46105c4

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/24/2024 3:39:08 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Fullscreen
7.1.1

Avira AntiVirus
SPR/HideWindows.I
7.11.90.76

ESET NOD32
Win32/CMDOW.143
9.8559

Fortinet FortiGate
Riskware/HideWindows
6/5/2015

F-Prot
W32/Hidewnd.D
v6.4.7.1.166

IKARUS anti.virus
not-a-virus:RiskTool.HideWindows
t3scan.2.0.3.0

Kaspersky
not-a-virus:RiskTool.Win32.HideWindows
14.0.0.1931

McAfee
Artemis!1958DDD1A60C
5600.6743

Norman
Suspicious_Gen4.UUZA
11.20150605

Trend Micro House Call
TROJ_GEN.RCEH1J2
7.2.156

VIPRE Antivirus
Trojan.Win32.Generic
19538

File size:
40 MB (41,949,608 bytes)

Product version:
8.0.1.0

Copyright:
Runtime Engine Copyright © 2010 Indigo Rose Corporation (www.indigorose.com)

Trademarks:
AutoPlay Media Studio is a Trademark of Indigo Rose Corporation

Original file name:
ams_launch.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\wmp12.exe

File PE Metadata
Compilation timestamp:
5/14/2010 2:26:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:duDaGojoy0z/+voLHhjDDNdKnjoyRE2BchmXgjz0oKXIeMPPp:YDVoky0zlLHJ8MyRqjz0oK4XPp

Entry address:
0x2CB3C

Entry point:
E8, 15, C6, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 10, 06, 45, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 10, 06, 45, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
7.9992  (probably packed)

Code size:
253.5 KB (259,584 bytes)

The file wmp12.exe has been seen being distributed by the following 6 URLs.

http://download998.mediafire.com/dqeucd7xbh0g/.../WMP12 Tutoriles Alejandro.exe

http://download1220.mediafire.com/rbef6pahqfsg/.../WMP12 Tutoriles Alejandro.exe

Remove wmp12.exe - Powered by Reason Core Security