home

wmplayer.exe

Windows Media Player

Microsoft Corporation

This is the main executable and user interface for the Windows Media Player (WMP), a player and library application used for playing and ripping audio and video. It is included with the Windows 7 OS. The file has been seen being downloaded from ka-erasmus.smartschool.be and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Media Player

 
Part of the Windows 7 Operating System

Version:
12.0.7600.16385 (win7_rtm.090713-1255)

MD5:
3f2e22c0ab860331cb04b5f95a7542fa

SHA-1:
e4ad02dc6463e68444ceaae6e34dfc6ecf385731

SHA-256:
c62f39fd8e7f069610751058da0aafdcd8142757f1e741c5e6e891aed1a8bed1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/24/2024 3:27:46 AM UTC  (today)

File size:
161 KB (164,864 bytes)

Product version:
12.0.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wmplayer.exe.mui

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\windows media player\wmplayer.exe

File PE Metadata
Compilation timestamp:
2/9/2016 1:13:16 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:8BMohYkQr0jeLwJr95rJolNAzyP+msVK0Zs:uYQqLwhHrWsOP+5VT

Entry address:
0x176D

Entry point:
E8, D0, FA, FF, FF, E9, 71, 04, 00, 00, 68, 18, 19, 00, 01, 53, 6A, 02, FF, 15, 7C, 10, 00, 01, 8B, F8, 3B, FB, 0F, 85, F5, 04, 00, 00, 53, 89, 9D, 28, FE, FF, FF, C6, 85, 6A, FE, FF, FF, 01, FF, 15, 70, 10, 00, 01, 89, 85, 24, FE, FF, FF, 89, 9D, 40, FE, FF, FF, 89, 9D, 34, FE, FF, FF, 89, 9D, 30, FE, FF, FF, 89, 9D, 2C, FE, FF, FF, 89, 9D, 38, FE, FF, FF, FF, 15, 6C, 10, 00, 01, 68, F4, 18, 00, 01, 50, 89, 85, 5C, FE, FF, FF, E8, 65, 01, 00, 00, 68, DC, 18, 00, 01, FF, B5, 5C, FE, FF, FF, 85, C0, 0F, 95...
 
[+]

Entropy:
6.4804

Code size:
8.5 KB (8,704 bytes)

Autoplay Handler
Display name:
MSPlayCDAudioOnArrival


The file wmplayer.exe has been seen being distributed by the following 3 URLs.

https://ka-erasmus.smartschool.be/index.php?module=Messages&file=download&fileID=42464&target=0

https://api.edmodo.com/files/.../download?f=4v2g27iyckmghb08u68uh7lyd

http://u.poczta.o2.pl/?cmd=getpart&link=IOcrA01k3YJtTF9viSAtPzbaNTOwa2OtLTPsNTM6hWaZjSMeP3OxPTPocTNkbDMJ8zcaNjNZejNZhmYjPTPsOTNAODOJ8jNZjTMJ8DbadiMs8CMskwAikHA3JGcN7WeUOmLUeQZk

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.