www.mediaplayercodecpack.com

Cole Williams

Domain Information

The domain www.mediaplayercodecpack.com registered by Cole Williams was initially registered in April of 2007 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH (NWK) network.
Remove Malware from www.mediaplayercodecpack.com - Powered by Reason Core Security
Registrar:
GANDI SAS

Server location:
Quebec, Canada (CA)

Create date:
Wednesday, April 18, 2007

Expires date:
Wednesday, April 18, 2018

Updated date:
Thursday, June 04, 2015

Scanner detections:
Detections  (82% detected)

Scan engine
Details
Detections

Trend Micro House Call
TROJ_GE.44D467D2, HV_ZYX_BL130105.TOMC, TROJ_GEN.F47V0210, TROJ_GEN.F47V0519, Suspicious_GEN.F47V0705, Suspicious_GEN.F47V0814, HV_ZYX_.A632A135
66.67%

Reason Heuristics
PUP.Installer.ColeWilliams.DD, PUP.ColeWilliams.L, PUP.OpenCandy.Installer (L)
61.90%

Dr.Web
Win32.Sector.21, Adware.OpenCandy.4, Adware.Spigot.9, Adware.OpenCandy.137, Adware.Spigot.76
52.38%

ESET NOD32
Win32/OpenCandy, Win32/Toolbar.Widgi (variant), Win32/OpenCandy potentially unsafe, Win32/OpenCandy.C potentially unsafe (variant)
52.38%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5, PE:Malware.RDM.37!5.2B[F1]
47.62%

Antiy Labs AVL
Trojan[:HEUR]/Win32.AGeneric, GrayWare[AdWare:not-a-virus]/Win32.Agent
42.86%

G Data
NSIS.Application.OpenCandy, NSIS.Adware.SoftBundled, Win32.Adware.OpenCandy, Win32.Adware.Spigot, Win32.Application.OpenCandy
38.10%

McAfee Web Gateway
Artemis!E8C4F5511D7F, BehavesLike.Win32.Suspicious.wc, BehavesLike.Win32.Suspicious.vc
28.57%

VIPRE Antivirus
Opencandy, Spigot
28.57%

Kingsoft AntiVirus
VIRUS_UNKNOWN
28.57%

McAfee
Artemis!E8C4F5511D7F, Artemis!C426E3252DA1, Artemis!2A69647E32A1
19.05%

NANO AntiVirus
Riskware.Win32.OpenCandy.cxjcyz, Riskware.Win32.OpenCandy.ddwoan, Riskware.Win32.OpenCandy.dvwkdm
19.05%

AVG
OpenCandy
19.05%

K7 Gateway Antivirus
Unwanted-Program , Riskware
19.05%

K7 AntiVirus
Unwanted-Program , Riskware
19.05%

The domain www.mediaplayercodecpack.com has been seen to resolve to the following 3 IP addresses.

li362-65.members.linode.com
December 1, 2014

vps-us-nj.puregeni.us
March 14, 2014

cluster010.ovh.net
February 6, 2014

File downloads found at URLs served by www.mediaplayercodecpack.com.

10 / 68    (PUP)
https://www.mediaplayercodecpack.com/download.php?download=codecpack  (media.player.codec.pack.v4.3.6.setup.exe)

8 / 68      (PUP)

8 / 68      (PUP)
http://www.mediaplayercodecpack.com/download.php?download=codecpack  (media.player.codec.pack.v4.4.0.setup.exe)

11 / 68    (PUP)
https://www.mediaplayercodecpack.com/download.php?download=codecpackplus  (media.player.codec.pack.plus.v4.4.0.setup.exe)

The following 8 files have been seen to comunicate with www.mediaplayercodecpack.com in live environments.

URL:
http://www.mediaplayercodecpack.com/

Google Analytics:
UA-27079580

Title:
“Media Player Codec Pack for Microsoft Windows”

SSL certificate subject:
CN=www.mediaplayercodecpack.com, OU=COMODO EV SSL, O=Cole Williams Software Limited, STREET=36 High Street, L=Cleethorpes, S=South Humberside, PostalCode=DN35 8JN, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=08633225

SSL certificate issuer:
CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (PHP/5.4.16)

Facebook:
Likes:  4,553
Shares:  1,077
Comments:  118

Statistics are for the previous month.

Remove Malware from www.mediaplayercodecpack.com - Powered by Reason Core Security