home

amrplayer_setup.exe

AMR Player

www.amrplayer.com

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.laboratorycenterconecpt.com and multiple other hosts.
Publisher:
www.amrplayer.com

Product:
AMR Player

Description:
AMR Player Setup

MD5:
abc650da23601de45ebf03047b2892f2

SHA-1:
06f1fa61223464220c6372457a71aff76513ed99

SHA-256:
d524249e149603a42f63f456bd6ea39730de00ff480f422ebb47e9306c672397

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:16:37 AM UTC  (today)

File size:
4.2 MB (4,365,055 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\amrplayer_setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:+DTOCEehmFTxpdi/zdl2BCTNFWhfhwPa0+f65LeN44tm+r8ZMd1Zg:eOCE4ETxpOzWBwNFW54ahfg6Njtm+AZJ

Entry address:
0x9B60

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 66, 95, FF, FF, E8, 6D, A7, FF, FF, E8, 98, C9, FF, FF, E8, DF, C9, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 17, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, E0, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C8, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 17, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9985

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file amrplayer_setup.exe has been seen being distributed by the following 9 URLs.

http://www.laboratorycenterconecpt.com/5TuN0bJmMDe8vQcHrK2wrsEJqk8OP5HdMFJt906Es9RBu5u9lv6OaV17jLbZPEvRCgmO2942TQ44KZrg__0_w4AfKq3V4U9qyVX1PU5 v3dBfripfLRSI1QTvUSuPanjkZcfuvvjxL1v5wiv0jalX9hyaJXe6S_hSR1yuky09ZS7E5AD3Jz74 cHVwG1KTmZrQVSGzPFRAYDGtZzYKZSpC5F_JVdKNZVR6dRhVEiFRabe6MCFXh_shz2k31o1AgPh9qG7SRtawq0md65RtHB7NuUAG7BuHaiUd6mAM4uCIka2AbHCKVQNHTZzhqXz AlBQw K9wtyoSvV ltsAwNnsUGmeBFzkqZoa3ej4m_X8h4Gbm3RTpNAUWuZoutMUAdU5QhgPiBnrD26RWAi3HhobPLMMWo_xKd74YFiKc06M92LK7qdydxvCT7NJ2v2V3sZDD1f8UUzDtLSrr37MhSPNMXH2s5NbzF9vurIHbISx10yi08ivchSe3nEj90AlZ3VfYxhqNl1deR852wvN3SMZF4ViNtAInqFmC_s8O5wpFFsua4LI=-GysAAAR0Y7E91mNYFEQVBIccsP9riQRGwcbYmF7BRnljxl9kWwwqx8NeiQc=-e

http://amr-player.soft32.com/get/file/id/.../?rel=center

http://amr-player.soft32.com/get/file/id/.../?iframe=true&width=420&height=200&javascript=1&no_download_manager=1

http://www.laboratorycenterconecpt.com/uzh6YB8j6BtgzauJW9U6rkbJDI6 NpJFpCICB8welKQc2kpOqvb50hEHvYaIGy_AQdvLDy8T1upEp7ww0wXUISR4BCSsjyOXLSPMQn1OAv148YwoL71ndbACR042reNsS9SOM3Bi96Pkt5dGgd4WIAVRp11v26YHRev9UZ1U3aGJ3x78hdX1jyun3JKdYuvy14e5C7JWbOMFgwfi7jNTM5KRksY10kM3Hqnhd45OduGB9sO P611QzgnsleMSu7Xnigiajc6_7PUD01znAavOwMmCKdqZd6BtQ6S5Grqn5hcK8GCl_vxSM8aa M3G9oEWQtnG9KWd0zz6ekvA7TrbOzkK3XEmwKbwXCOoc7CqUMulwvGupzKtux7SI5SRWguaOqHlLU9l779b_8QtZg DScCFHf7ZgYyINsTPS_Axu_I8QYYi7DO5tI6hCpRXtN45yS3sDGHIB2gVvvU9BpH8sD7LiRewlx tILmrdRHncuIXFsVvqqRivq7i1 GvQ5tuoBGzeYnhBGfOpiwpj6sc6WcXIDDEKIpqbCCZg1cWV_0yUQOk54=-GysAAAR0Y7E91mNYFEQVBIccsP9riQRGwcbYmF7BRnljxl9kWwwqx8NeiQc=-e

http://fileshare1110.dfiles.ru/auth-142571874088e7df029814afcc64cb73-95.134.21.39-1975964172-99810108-guest/.../amrplayer_setup.exe

http://cs10.userfiles.me/f/0/1430323569/26498181/0/.../amrplayer_setup-spaces.ru.exe

http://amr-player.soft32.com/get/file/id/.../

http://amr-player.software.informer.com/.../

http://www.amrplayer.com/amrplayer_setup.exe

Scan amrplayer_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.