home

codecs-pack.exe

Java Web Player

stinger-Dev

The application codecs-pack.exe, “Reproductor Java Web” by stinger-Dev has been detected as a potentially unwanted program by 5 anti-malware scanners. The file has been seen being downloaded from subpelis.info.
Publisher:
Yaske  (signed by stinger-Dev)

Product:
Java Web Player

Description:
Reproductor Java Web

Version:
1.30

MD5:
1b19e15c2d538489e2dd5efcdc5e7ece

SHA-1:
36e8fb43cfd93c3c72666b653e44c4779ac55f0b

SHA-256:
2bd575609296147648524c5d2a20f4623fe9cb4b1a4419fce7c565cc960b0cb2

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 11:57:02 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OfferingMedia
4.0.3.1472

Comodo Security
ApplicUnwnt
17682

ESET NOD32
Win32/Adware.OfferingMedia (variant)
8.9341

K7 AntiVirus
Riskware
13.175.10963

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

File size:
873 KB (893,944 bytes)

Product version:
1.30

Copyright:
Yaske Copyright

Trademarks:
http://yaske.net

Original file name:
1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\codecs-pack.exe

Digital Signature
Signed by:
stinger-Dev

Authority:
stinger-Dev

Valid from:
12/31/2012 10:30:00 PM

Valid to:
12/31/2018 10:30:00 PM

Subject:
CN=stinger-Dev

Issuer:
CN=stinger-Dev

Serial number:
8C2375B588AE43AF44DEE8FB637F41B2

File PE Metadata
Compilation timestamp:
6/16/2013 1:41:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:APtSk100EFwYzwfZYxUdtSk100EFPOiQtSk100EFeYzwfZYwQBbCzDD0EjMkSiL:APASY0fZYxUdAt0A8Y0fZYg9L

Entry address:
0x159C

Entry point:
68, 28, 90, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 58, 00, 00, 00, 40, 00, 00, 00, 7A, EF, DF, E6, 91, 2E, 9C, 4A, 81, 83, 56, BD, AA, 69, 8E, 4A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4A, 61, 76, 61, 57, 65, 62, 50, 6C, 61, 79, 65, 72, 00, C1, 01, 52, 65, 70, 72, 6F, 64, 75, 63, 74, 6F, 72, 20, 4A, 61, 76, 61, 20, 57, 65, 62, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 07, 7C, 0C, 3B, D8, A5, FF, 0D, 46, AD, 1E, D8, E0, F8, 15, 62, F7, 67, 47, 32...
 
[+]

Entropy:
4.5533

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
672 KB (688,128 bytes)

The file codecs-pack.exe has been seen being distributed by the following URL.

http://subpelis.info/to/?http://master.dl.sourceforge.net/project/.../codecs-pack.exe&attempt=1

Remove codecs-pack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.