home

(www.sunpc.ir).exe

Multimedia Builder runtime

MediaChance

This is a setup program which is used to install the application. The file has been seen being downloaded from tb25.trainbit.com.
Publisher:
MediaChance

Product:
Multimedia Builder runtime

Description:
Runtime Module for MMB presentation

Version:
4.8.01

MD5:
0b9fc7dd19d92f5360f6789022affc13

SHA-1:
ac0cf9267062e63d307c2b578debdeb3c5309968

SHA-256:
26a435784f34f1904ef67761b83e34b90e187716874f0a7d00f34180e7262d61

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 7:41:11 AM UTC  (today)

File size:
799.5 KB (818,654 bytes)

Product version:
4.8.01

Copyright:
www.mediachance.com

Trademarks:
Mediachance

Original file name:
player.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\(www.sunpc.ir).exe

File PE Metadata
Compilation timestamp:
8/26/2001 11:23:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:AMAi00JcKpn053TAn8eEU56fTVlHjpE9pwU7jQgSPjUPFlcbHOQROMj+t7wEcjJ7:P00Jp0588eh5Oja9pN5SojcAYtvj

Entry address:
0x12010B

Entry point:
B8, 00, 00, 52, 00, 6A, 00, 68, 2D, E2, 4D, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 8B, D8, 03, 00, 68, 70, BC, 00, 00, 6A, 00, FF, 50, 1C, 8B, CC, 8D, A0, 70, BC, 00, 00, 89, 61, 2E, 68, 00, 00, 40, 00, 51, 8B, 7C, 24, 04, 8B, 33, 66, 81, C7, 80, 07, 8D, 74, 1E, 08, 89, 3B, 53, 8B, 5E, 10, 56, 6A, 02, 68, 80, 08, 00, 00, 57, 6A, 27, 6A, 06, 56, 6A, 04, 68, 80, 08, 00, 00, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 68, 81, C6, 2E, 01, 00, 00, F3, A5, FF, D3, 58...
 
[+]

Entropy:
7.9313

Packer / compiler:
Petite v2.1 (2)

Code size:
736 KB (753,664 bytes)

The file (www.sunpc.ir).exe has been seen being distributed by the following URL.

http://tb25.trainbit.com:8080/files/9678941884/.../

Scan (www.sunpc.ir).exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.