home

hd_player.exe

Square Network Tech Co.,LTD.

The application hd_player.exe by Square Network Tech Co.,LTD has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from istdownload.net and multiple other hosts.
Publisher:
Square Network Tech Co.,LTD.  (signed and verified)

MD5:
f5ef3347080230fc07c5d6851a9ff70b

SHA-1:
1ac2f57eec702d50202fa7a33029cc1dc5c9ca70

SHA-256:
329317723b74bab90a145d49397b4f867d94079f6762f4cebef918cd3afa6f4a

Scanner detections:
23 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/29/2024 5:51:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.E
918

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.29

Avira AntiVirus
APPL/SquareNet.AO
7.11.164.82

avast!
Win32:Malware-gen
2014.9-140731

AVG
Adware BundleApp_r.N
2015.0.3396

Bitdefender
Application.Bundler.E
1.0.20.1060

Clam AntiVirus
Win.Trojan.Bundler
0.98/19168

Dr.Web
Adware.Downware.4148
9.0.1.0212

ESET NOD32
Win32/SquareNet.A potentially unwanted application
8.7.0.302.0

F-Secure
Application.Bundler.E
11.2014-31-07_5

G Data
Application.Bundler
14.7.24

IKARUS anti.virus
PUA.Bundler
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.181.12872

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.07.31.11

McAfee
PUP-FAU
5600.7052

MicroWorld eScan
Application.Bundler.E
15.0.0.636

Panda Antivirus
Trj/Genetic.gen
14.07.31.11

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.SquareNetworkTechCoLTD.J
14.7.31.23

Sophos
Square Network Installer
4.98

SUPERAntiSpyware
Heur.Agent/Gen-FakeChrome
10449

VIPRE Antivirus
Trojan.Win32.Generic
31700

File size:
940.8 KB (963,376 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Common path:
C:\users\{user}\downloads\hd_player.exe

Digital Signature
Signed by:
Square Network Tech Co.,LTD.

Authority:
VeriSign, Inc.

Valid from:
12/30/2013 6:00:00 PM

Valid to:
12/31/2014 5:59:59 PM

Subject:
CN="Square Network Tech Co.,LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Square Network Tech Co.,LTD.", L=Zhongshan, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08F1CEE1EA15CE4F4CA29FDEBE3DACA3

File PE Metadata
Compilation timestamp:
5/9/2014 7:09:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:HmujC/7jg4fqgQ53Q1fsIXfYxMCJSuOIKe/I:Hmuj2rQ5kfsIPfKjK2I

Entry address:
0x5F7CC

Entry point:
E8, 24, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.6402

Code size:
484 KB (495,616 bytes)

The file hd_player.exe has been seen being distributed by the following 2 URLs.

http://istdownload.net/entry/node/file/pkg/vp/.../HD_Player.exe

http://istdownload.net/entry/.../exefile?ref=sadxpansion&site_id=38942

Remove hd_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.