» flv-media-player.exe
Overview
Analysis
File Details
Downloads (1)

flv-media-player.exe

META., JSC

The application flv-media-player.exe by META., JSC has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from files.downloadsmart.net.

File name:

Publisher:

META., JSC (signed and verified)

MD5:

9a56c821d794304eaafa8fdb7ff269e3

SHA-1:

ad1d808f5135547ecb137f1a394b123f266b4056

SHA-256:

2abcff662d6427f9746d24ae180c476a254aab65ac6a040ef706f88b4efd4e3e

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 3:13:36 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.InstallCore.80

9.0.1.05190

ESET NOD32

Win32/InstallCore.AZ potentially unwanted application

8.0.319.0

F-Prot

W32/InstallCore.S.gen

4.6.5.141

Reason Heuristics

PUP.installCore.METAJSC (M)

16.3.29.15

File size:

1.2 MB (1,220,856 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\flv-media-player.exe

Digital Signature

Signed by:

META., JSC

Authority:

COMODO CA Limited

Valid from:

11/30/2012 12:00:00 AM

Valid to:

11/30/2013 11:59:59 PM

Subject:

CN="META., JSC", O="META., JSC", STREET="B49, Duy Tan Street, Dich Vong Hau Ward, Cau Giay District", L=Hanoi, S=Hanoi, PostalCode=--, C=VN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AEB911FEC8E8CFE1A51FB4237872B0FF

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:7/Cz4qMlKPkBaUepfS2/sBSneEXhqDpsl:7/CzMKM8UaKMXhl

Entry address:

0xD6210

Entry point:

55, 8B, EC, 83, C4, F0, B8, CC, EA, 41, 00, E8, 34, F8, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

869.5 KB (890,368 bytes)

The file flv-media-player.exe has been seen being distributed by the following URL.

http://files.downloadsmart.net/i/.../FLV-Media-Player.exe

Remove flv-media-player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.