home

flvplayer_downloader-ndmjdoh1k.exe

The application flvplayer_downloader-ndmjdoh1k.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
MD5:
6c421cb8cd005889f1ac49662797d804

SHA-1:
866f4c634a999f7835495e0a7407757767758c99

SHA-256:
4f91af6b29e9c900308d82294456891cfc5be22daa951f6b919afe8a8992bc4b

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/20/2024 3:11:52 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160118-1

AVG
Win32/Sality
2015.0.4489

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.562

McAfee
Program.Artemis!8866A9E90CA4
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5053.0

Norman
Win32.Sality.3
11.01.2016 17:30:26

Sophos
PUA 'Somoto BetterInstaller'
5.22

VIPRE Antivirus
Threat.4721115
46244

File size:
292 KB (299,048 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\flvplayer_downloader-ndmjdoh1k.exe

File PE Metadata
Compilation timestamp:
12/17/2010 4:14:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:HA0m3D0oO9yvwt6AXHHYIvh6TF0+NbK4fq/rAqgoj+Oep64K+Vet5qThS:HA0iD0oO9KY60H1hSF0+zfq/rAquBo5V

Entry address:
0x39AC

Entry point:
0F, AF, C8, 1B, C3, 87, C8, 85, FA, 81, EE, AC, 55, FE, 08, 00, C1, 85, C0, 8B, D6, 8D, 05, ED, 7F, 45, BF, 3B, DB, F6, C0, 9E, B7, F8, 1B, C7, F2, 85, FB, E8, 00, 00, 00, 00, 8B, FD, 8D, 05, 05, 11, B5, F6, FE, CB, FF, C7, 13, C9, 48, 8A, D0, 8B, F0, F6, C3, 67, 5F, 0C, 8B, F7, C1, 39, F8, 58, 7D, 68, 83, 18, DB, 00, 89, D0, F6, C3, 72, 8A, D3, BE, 9B, A2, F5, 89, 19, C8, 88, EE, 84, D3, FE, CF, 81, CB, 76, 7B, BD, 6A, 8D, 05, F2, 36, 5C, 9D, 69, C0, 95, 11, 63, EE, 49, 0F, BE, D8, 81, C0, 51, 37, 03, 8A...
 
[+]

Entropy:
7.8354  (probably packed)

Code size:
28.5 KB (29,184 bytes)

Remove flvplayer_downloader-ndmjdoh1k.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.