home

avs_media_player.exe

The application avs_media_player.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from dl.downloadsireigheesae.com.
MD5:
5395d36c5583bd30c5f0ec6c429be718

SHA-1:
e0fd6acd968b4abbfb4368edc909dbde873c69ed

SHA-256:
8119e8292b258d1e8ab2c6f2b69dd065d56ca091937d5f663720c993a26ecb44

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
4/23/2024 7:11:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Firseria.A
922

Agnitum Outpost
PUA.Firseria
7.1.1

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:Adware-BQN [Trj]
140617-1

AVG
Adware BundleApp.A
2015.0.3400

Bitdefender
Application.Bundler.Firseria.A
1.0.20.1045

Clam AntiVirus
Win.Adware.Firseriainstaller-1
0.98/19086

Comodo Security
Application.Win32.Firseria.NKP
18788

Dr.Web
Trojan.Damaged.1
9.0.1.05190

ESET NOD32
Win32/FirseriaInstaller.F potentially unwanted application
8.7.0.302.0

F-Secure
Application.Bundler.Firseria
11.2014-28-07_2

G Data
Application.Bundler.Firseria
14.7.24

IKARUS anti.virus
PUA.Solimba
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.180.12626

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
14.0.0.3493

MicroWorld eScan
Application.Bundler.Firseria.A
15.0.0.627

NANO AntiVirus
Riskware.Win32.Downware.daufsj
0.28.0.60577

Panda Antivirus
Trj/Genetic.gen
14.07.28.08

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.28.8

Sophos
Solimba Installer
4.98

SUPERAntiSpyware
Adware.BundleInstaller/Variant
10456

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4150696
29708

Zillya! Antivirus
Adware.Fiseria.Win32.16
2.0.0.1846

File size:
293.4 KB (300,432 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\avs_media_player.exe

File PE Metadata
Compilation timestamp:
3/10/2014 4:48:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:lanPst8v78IwA7I97x4fg+8t9d5Z0DRUIH0xsNJEU:loPstEPwA7I9750Nz0ONJEU

Entry address:
0xE459

Entry point:
E8, CD, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 80, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 30, E1, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Entropy:
7.2624

Code size:
115 KB (117,760 bytes)

The file avs_media_player.exe has been seen being distributed by the following URL.

http://dl.downloadsireigheesae.com/n/.../AVS_Media_Player.exe

Remove avs_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.