» hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe
Overview
Analysis
File Details
Downloads (33)

hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe

Vlc Player

DOWNLOADIOUS

The application hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe by DOWNLOADIOUS has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.playmehdnows.com and multiple other hosts.

File name:

Publisher:

Downloadius (signed by DOWNLOADIOUS)

Product:

Vlc Player

Description:

vlcplayer

Version:

6.1.0.0

MD5:

af1c7400e4c2abb5248ec5123bac7313

SHA-1:

be57e3114211a0426358d6d3c0b9638db9799ec0

SHA-256:

c4d61c46067e5d58b1bca232e5a819157b03cf152a084d8b1d48ce4a67ce9f81

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/19/2024 9:30:25 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.Montiera

4.0.3.14103

ESET NOD32

Win32/Toolbar.Montiera

8.10505

Malwarebytes

PUP.Optional.Montiera

v2014.10.03.08

Reason Heuristics

PUP.DOWNLOADIOUS.y

15.1.4.13

File size:

553.2 KB (566,504 bytes)

Product version:

2.0

Downloadius

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe

Digital Signature

Signed by:

DOWNLOADIOUS

Authority:

VeriSign, Inc.

Valid from:

7/2/2014 4:00:00 AM

Valid to:

4/17/2015 3:59:59 AM

Subject:

CN=DOWNLOADIOUS, O=DOWNLOADIOUS, L=TEL AVIV, S=ISRAEL, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

67AAAF219EFE0304E095EA03F4AB7E9B

File PE Metadata

Compilation timestamp:

12/6/2009 2:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:UE6ap+6EBr/+Zvwc4Ht+pY9nWW6NPBSBdZchgB9goPis/LnaY8:H6ap+6EBwwcfpYcPBSB/igB2WLn/8

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9734

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe has been seen being distributed by the following 33 URLs.

http://www.playmehdnows.com/.../dlcd5af28fe56c207cf78908104793a98ab694682e.php?aflt=CD5&mt_aflt=CD15092&cid=18600275f2a154873f8cb10a083a666a

http://mmtrksg.com/mt/.../&subid1=dL57STBP4C7BFM3F003IL78M&subid2=7f4026e0c5154bd5b54159f3769248a9

http://www.playmehdnows.com/.../dl1fa7d209800087e1bdb37b0ecc93094662788bc0.php?aflt=CD5&mt_aflt=CD15092&cid=5d1f89a32ca0085e141a6ae818c0167e

http://mmtrksg.com/mt/.../&subid1=d2LEO9ASF09T9I0F0CBTSM8U

http://www.mygreathdvids.com/.../dl701a224fc6cc9ff74cac300a60fe3392f9b28c8d.php?aflt=CD5&mt_aflt=CD13050&cid=9df7c4a43080ff4fef860268b4228da6

http://www.myfriendhdplayer.com/.../dlbda0a8da96086871cf7c8e44e9579f89b07430b5.php?aflt=CD5&mt_aflt=CD15092&cid=632463f38287936c8096def91782358f

http://www.playmehdnows.com/.../dlcee458766168f87774ece97a6f7426cdd79193b0.php?aflt=CD5&mt_aflt=CD15092&cid=9977c6baeae9e418fd16c9e6728f6c57

http://www.playmehdnows.com/.../dlc6b3128c5dc4c94bbf1a4bb6b0f9db3f4373726f.php?aflt=CD5&mt_aflt=CD13345&cid=c39c5be859cf86395ada75036a188c17

http://www.mygreathdvids.com/.../dl977e745871786e31602a9d0405a3e525ba3b8261.php?aflt=CD5&mt_aflt=CD4349&cid=1a4a813df8799a481696960e0c9cae82

http://mmtrksg.com/mt/.../&subid1=dQ6M9ML5R167AP3F05LC9P12&subid2=20516dcd616b4110927c0b875b3fe3a8

http://www.playmehdnows.com/.../dl736efbce805115ae3a938be1cff20b6984a8f51f.php?aflt=CD5&mt_aflt=CD15092&cid=1e2504b407361652cc3e3852ecd40965

http://www.playmehdnows.com/.../dl5a15f87b7223da4c24a3910cb4d40f7d779ee65d.php?aflt=CD5&mt_aflt=CD15092&cid=1e2504b407361652cc3e3852ecd40965

http://www.myfriendhdplayer.com/.../dl9d98db8379289f186115dbcc05cd6eb16da269f5.php?aflt=CD5&mt_aflt=CD15092&cid=867d7af592c259f35e5151ea2589b98b

http://www.mygreathdvids.com/.../dl4586e6a40c00768ad04bf62292064e120e69a94c.php?aflt=CD5&mt_aflt=CD5917&cid=a108d5073209a01a31971b61536013d5

http://www.playmehdnows.com/.../dle6a5b1e31b2940c64b4e6c9768ffabfae86841f0.php?aflt=CD5&mt_aflt=CD23864&cid=4f8e5d3449e9dcb5130e67f873d5d706

http://www.myfriendhdplayer.com/.../dl5f6073bb15fd59908f9c155906d44eff95e10d25.php?aflt=CD5&mt_aflt=CD15092&cid=242a01920c2def5d586342614befc37f

http://www.playmehdnows.com/.../dl809e1a3393c0ed7170a46e4c1f8b43e430d8cafe.php?aflt=CD5&mt_aflt=CD15092&cid=fbc108aae1678bacb42213af593fe087

http://www.mygreathdvids.com/.../dl9839bac2538c0edc88ad14276451ba790b6208ec.php?aflt=CD5&mt_aflt=CD13345&cid=a2e6d9db0bdb65a851059f46d1e1d799

http://www.sayyestohd.com/.../dled78252bac34a837858b102e8b4e193a799593ee.php?aflt=CD5&mt_aflt=CD13050&cid=67839d98bf001ed5f216368d78164181

http://www.playmehdnows.com/.../dl11509e31603b3a0a4387f37615c1a931ad075bc9.php?aflt=CD5&mt_aflt=CD13050&cid=8236c82f20b997c6853ea60bbcf3547f

http://www.playmehdnows.com/.../idx99150d5ee07fbb675a6b5638fb176ad5da3d1216d95454bfac2a8460d748e509?aflt=CD5&mt_aflt=CD13050&cid=8236c82f20b997c6853ea60bbcf3547f&subid1=dSHQ7S70KG5BBM2FGT4R0LDE

http://www.playmehdnows.com/.../?mt_aflt=CD13050&cid=8236c82f20b997c6853ea60bbcf3547f&subid1=dSHQ7S70KG5BBM2FGT4R0LDE&subid2=&subid3=&subid4=&subid5=

http://mmtrksg.com/mt/.../&subid1=dSHQ7S70KG5BBM2FGT4R0LDE

http://www.mygreathdvids.com/.../dl3a15bbeb142cc6cce45276d98ad584ee8bffbbcc.php?aflt=CD5&mt_aflt=CD13050&cid=943855f95b026bbffecfd01f0b1d4997

http://www.mygreathdvids.com/.../idx102c9617742f6ba6df3fe6465ce1094222e33763a27354e7d815c0187d30a347?aflt=CD5&mt_aflt=CD13050&cid=943855f95b026bbffecfd01f0b1d4997&subid1=dCTGE9GUU3TB333FGEVEC0C6

http://www.mygreathdvids.com/.../?mt_aflt=CD13050&cid=943855f95b026bbffecfd01f0b1d4997&subid1=dCTGE9GUU3TB333FGEVEC0C6&subid2=&subid3=&subid4=&subid5=

http://mmtrksg.com/mt/.../&subid1=dCTGE9GUU3TB333FGEVEC0C6

http://www.mygreathdvids.com/.../dl81da5ef6b0e840ccd5c08e221b0d60b568fe3195.php?aflt=CD5&mt_aflt=CD13050&cid=943855f95b026bbffecfd01f0b1d4997

http://www.playmehdnows.com/.../dl551ee90eeefd5858d49f0f706fbf794fbea845a0.php?aflt=CD5&mt_aflt=CD15092&cid=243f7216ce4cb3eb60543f0ac5382d72

http://www.sayyestohd.com/.../dl515a958ead2ecca6b8b78bc18409d896166c4fea.php?aflt=CD5&mt_aflt=CD13050&cid=d784dabcbc92b438ef7668a79012733b

Latest 30 of 33 download URLs

Remove hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.