home

freeallinonemediaplayerzensetup.exe

Free All-In-One Media Player

Free Software Group

The application freeallinonemediaplayerzensetup.exe, “Free All-In-One Media Player Setup ” by Free Software Group has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdn1.freemediaplayer.net and multiple other hosts.
Publisher:
Free Software Group   (signed by Free Software Group)

Product:
Free All-In-One Media Player

Description:
Free All-In-One Media Player Setup

Version:
2012

MD5:
410a27b25887052d8148c0b607ca19d0

SHA-1:
49d20889021308de91834af2d6c404bd1e4674e2

SHA-256:
afa3e768cb51711fba03e18d3d223a9dabe92fad78135ab86b1ee5613fde936f

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 7:22:15 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/MyPCBackup
8.9460

Reason Heuristics
PUP.Installer.FreeSoftwareGroup.FF
14.8.15.13

Trend Micro House Call
TROJ_GEN.F47V0218
7.2.66

Vba32 AntiVirus
Signed-Adware.InstallCore
3.12.24.3

File size:
8.3 MB (8,730,376 bytes)

Product version:
2012

Copyright:
Copyright 2011-2012 Free Software Group

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freeallinonemediaplayerzensetup.exe

Digital Signature
Signed by:
Free Software Group

Authority:
COMODO CA Limited

Valid from:
8/12/2012 5:00:00 PM

Valid to:
8/13/2017 4:59:59 PM

Subject:
CN=Free Software Group, O=Free Software Group, STREET=International House, STREET=221 Bow Road, L=London, S=n/a, PostalCode=E3 2SJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
04EEFCFC85F257A2CF92069997C4C2C5

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:yUNaSTLHDh5t2ZWBeTp+huhyTBDBSRrZqvttEzzSE55P1SNJNuNZr:jwS3deZWBeTp+zTnSJgvttEzOaCJELr

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9996

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file freeallinonemediaplayerzensetup.exe has been seen being distributed by the following 2 URLs.

http://cdn1.freemediaplayer.net/freesoft/.../FreeAllInOneMediaPlayerZenSetup.exe

http://www.freemediaplayer.net/download.html

Remove freeallinonemediaplayerzensetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.