home

hd_player__cd5mtcd22987_99d488c68719082dc0a1bc607bc18a17.exe

Vlc Player

2433082 Ontario Ltd

The application hd_player__cd5mtcd22987_99d488c68719082dc0a1bc607bc18a17.exe by 2433082 Ontario has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.hdrunnerz.com and multiple other hosts.
Publisher:
Downloadius  (signed by 2433082 Ontario Ltd)

Product:
Vlc Player

Description:
vlcplayer

Version:
6.1.0.0

MD5:
d49e989d2ba66ec81a712d0f9280b09e

SHA-1:
41e9d7ddf5e7e0b84cfd88b25591fb489ddf2e7c

SHA-256:
7ee3a72aa8e2ab15dc8f4a9d41ef25282373947e77d716ec5c2e8a61d51eedcb

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 6:36:24 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Montiera
2014.10.11

Avira AntiVirus
APPL/Bundler.ader
7.11.177.162

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.141011

ESET NOD32
Win32/Toolbar.Montiera
8.10544

Malwarebytes
PUP.Optional.Montiera
v2014.10.11.08

McAfee
Artemis!D49E989D2BA6
5600.6981

Sophos
Generic PUA EB
4.98

Trend Micro House Call
ADW_MONTIERA
7.2.284

Trend Micro
ADW_MONTIERA
10.465.11

File size:
556 KB (569,328 bytes)

Product version:
2.0

Copyright:
Downloadius

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Digital Signature
Signed by:
2433082 Ontario Ltd

Authority:
DigiCert Inc

Valid from:
9/11/2014 2:00:00 AM

Valid to:
9/16/2015 2:00:00 PM

Subject:
CN=2433082 Ontario Ltd, O=2433082 Ontario Ltd, L=Richmond Hill, S=Ontario, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
029184A137823124926AEAE0CE01EBCE

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:aE6ap+6EBr/+Zvwc4Ht+pY9nWW6NPBSBdZchgB9goPis/LnaYDD:d6ap+6EBwwcfpYcPBSB/igB2WLn/DD

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9727

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hd_player__cd5mtcd22987_99d488c68719082dc0a1bc607bc18a17.exe has been seen being distributed by the following 7 URLs.

http://www.hdrunnerz.com/.../dlcbfa3f37cb29be3cc0d6c41084b3b719cd0f717b.php?aflt=CD5&mt_aflt=CD15092&cid=34c880227c303231d41a4e3d93c776a3

http://www.hdrunnerz.com/.../dle5dd7abde8581b7b7bb2ec148e4c47ca1213ca92.php?aflt=CD5&mt_aflt=CD15087&cid=6a7e8c09f4e7ab12dd1f92159ac1a7fd

http://www.hdrunnerz.com/.../dl0f86e9768623d35e183df720d7a3bfb27747e3f5.php?aflt=CD5&mt_aflt=CD13345&cid=b4376fcf6951344bdeac67fdb035fe38

http://www.hdrunnerz.com/.../dl686484f00b0d21493c28ab808149980dc08ee0e8.php?aflt=CD5&mt_aflt=CD15092&cid=2ed95adf01ff02bff9c48b3324fd5770

http://www.hditmyway.com/.../dl4300393c937f3bb52124727e1834564829875985.php?aflt=CD5&mt_aflt=CD15092&cid=bcc64bc06e3115e514ef993225b198dd

http://www.hdrunnerz.com/.../dl8692e03d56f41eade8f2a24fe2f7ace535702a2c.php?aflt=CD5&mt_aflt=CD15092&cid=ea0beb35e94fc446c423edff460da3c0

http://www.hdrunnerz.com/.../dl912059d636ecf76a3b87c001146d0f76583c5d31.php?aflt=CD5&mt_aflt=CD15092&cid=ea0beb35e94fc446c423edff460da3c0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.