hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe

Vlc Player

DOWNLOADIOUS

The application hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe by DOWNLOADIOUS has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.playmehdnows.com and multiple other hosts.
Publisher:
Downloadius  (signed by DOWNLOADIOUS)

Product:
Vlc Player

Description:
vlcplayer

Version:
6.1.0.0

MD5:
af1c7400e4c2abb5248ec5123bac7313

SHA-1:
be57e3114211a0426358d6d3c0b9638db9799ec0

SHA-256:
c4d61c46067e5d58b1bca232e5a819157b03cf152a084d8b1d48ce4a67ce9f81

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
4/1/2020 3:38:44 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.14103

ESET NOD32
Win32/Toolbar.Montiera
8.10505

Malwarebytes
PUP.Optional.Montiera
v2014.10.03.08

Reason Heuristics
PUP.DOWNLOADIOUS.y
15.1.4.13

File size:
553.2 KB (566,504 bytes)

Product version:
2.0

Copyright:
Downloadius

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/2/2014 4:00:00 AM

Valid to:
4/17/2015 3:59:59 AM

Subject:
CN=DOWNLOADIOUS, O=DOWNLOADIOUS, L=TEL AVIV, S=ISRAEL, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
67AAAF219EFE0304E095EA03F4AB7E9B

File PE Metadata
Compilation timestamp:
12/6/2009 2:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:UE6ap+6EBr/+Zvwc4Ht+pY9nWW6NPBSBdZchgB9goPis/LnaY8:H6ap+6EBwwcfpYcPBSB/igB2WLn/8

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9734

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hd_player__cd5mtcd13050_05cb89be8d0e2a0206ce9237a4a1fd94.exe has been seen being distributed by the following 33 URLs.

http://www.playmehdnows.com/.../dlcd5af28fe56c207cf78908104793a98ab694682e.php?aflt=CD5&mt_aflt=CD15092&cid=18600275f2a154873f8cb10a083a666a

http://mmtrksg.com/mt/.../&subid1=dL57STBP4C7BFM3F003IL78M&subid2=7f4026e0c5154bd5b54159f3769248a9

http://www.playmehdnows.com/.../dl1fa7d209800087e1bdb37b0ecc93094662788bc0.php?aflt=CD5&mt_aflt=CD15092&cid=5d1f89a32ca0085e141a6ae818c0167e

http://mmtrksg.com/mt/.../&subid1=d2LEO9ASF09T9I0F0CBTSM8U

Latest 30 of 33 download URLs