home

hdvideoplayer_3102697573.exe

Ril

Secure Software Products

The application hdvideoplayer_3102697573.exe, “Ril Setup ” by Secure Software Products has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headmetavault.com.
Publisher:
Hirimop   (signed by Secure Software Products)

Product:
Ril

Description:
Ril Setup

MD5:
ee045bd7cd950aed64c08d65855c1edb

SHA-1:
00567e224d04dafa60e09db130a31f65a6b5d2f0

SHA-256:
b7a73c8272b16ea764d76088cc8014ed78f354ec110d844094b1e966b87e4e1f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 5:37:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.11

File size:
944.8 KB (967,432 bytes)

Product version:
2.5.8

Copyright:
Wizard web

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\hdvideoplayer_3102697573.exe

Digital Signature
Signed by:
Secure Software Products

Authority:
GoDaddy.com, Inc.

Valid from:
4/19/2016 4:29:38 PM

Valid to:
4/19/2017 4:29:38 PM

Subject:
CN=Secure Software Products, O=Secure Software Products, L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
5E7095902F2C0288

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdvideoplayer_3102697573.exe has been seen being distributed by the following URL.

http://www.headmetavault.com/mnC4vQP8CjDJwnRg9V4CjCb9tdt06AiVPP0dvFAPGc8k35daGAfNyJaaKqn3opGOgM20PI dYtCv64W8 MkMWkFiYzMe Ozvhxt9cnk2_0x_OqOhrO0j5XUonspvONspBqmbd1lWpSOZgd1BKi2dBuoj0T1 IY6iXKCmCOLIr7tcx3XcmEzaCDWJfSLWMeACb3Z5hi0XdLPqoJ2Gv029VYs7gsvpMBeKMVIlbdkvy0imJ1sFxT7iHq8fVul1AZ7tQFcd8mQI9HdzQwouhts21mK98f4TyCDB8v4JkxBBQsjby1cKwKerUzRVnsov3AaVARlNlfUiZciwBP73s2jgua9a1JlwVtFQ1Ly4B6RdGecH2a03gTNUbwEgtW8yIcS8upu1gPeA7QhH0N2evMdUt9CLQ4fSQG9tfp_NQB5S4eBq95pKJ6ql EJ4IicQSQWYHb_bEygeoxzr2f0TRDMBmXuaZW46IC7l9LUrL69aAEYh8i6bRv01sPi9EA8DTUX65EBkRRjW_5KKYzqW9nvmtEWN7Cj5B9lC_yhas4eqrH1bLmJYJ4FKFyPVPcb5wgVKMmIDY8b9nwPVOzviDsE10h5fKfnk_hrItmCNf8g135W2RkkxyPPDvRXkTL17Jk2hmjx9p69SFhl3CkT2PZbruLXopl3mk17FKwYwulWntCD9L0e6tqvAvJlLmqoao vWoCxGc_f7jB5RojjSjd86XY43kNJEELm3wosCEgDxWbnCtQbw514dCPl6_031zfqvC nm8 ICrNTUC10rEt6r93N3xh8x1LI 8TpxQzDLb S0wWdkaG8BJCKZOzVzhLqqT8YXJqhO_WzmjplodVeTzQuEXEoox4Nt5TbGuuuTKDHj4 jdlVY=-GzMAAERPFttLEnTrDwiKCRSwAQcO_ULjQDRsjJ2vBc28xvNoZCLa_MEjVhU2f2i5N_ga

Remove hdvideoplayer_3102697573.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.