home

keys gou cherez torrent.exe

Windows Media Player Folder Sharing Executable

Strong Media

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable keys gou cherez torrent.exe, “Windows Media Player Folder Sharing Executable” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from upsrv.ru.
Publisher:
Microsoft Corporation  (signed by Strong Media)

Product:
Microsoft® Windows® Operating System

Description:
Windows Media Player Folder Sharing Executable

Version:
11.0.5721.5262 (WMP_11.090130-1421)

MD5:
de9823fea28e64b4083e770a0aa8a57e

SHA-1:
a6c43d34a43a8c45ec8c9c0f829eb4302f9c7801

SHA-256:
787f20cd8e9aaff8f8d7a9161c883b330b087b1bac5bc1a31806a20d7bc22704

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/18/2024 4:26:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.2.18

File size:
914 KB (935,912 bytes)

Product version:
11.0.5721.5262

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wmpshare.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\keys gou cherez torrent.exe

Digital Signature
Signed by:
Strong Media

Authority:
COMODO CA Limited

Valid from:
6/14/2016 3:00:00 AM

Valid to:
6/15/2017 2:59:59 AM

Subject:
CN=Strong Media, O=Strong Media, STREET="Sokolniki Square, 4 A", L=Moscow, S=Moscow, PostalCode=107113, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE80B6BBB2E40F5F7B3C2F4B76F141D9

File PE Metadata
Compilation timestamp:
7/14/2016 3:14:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9tbFgq60ijPuYGfMze8+o6xRpcOH4kLZwQRhkdP:9ti0qPufrtCODLZhRhkdP

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, 20, 04, 00, 00, 68, 4C, 20, 4D, 00, FF, 15, 0C, 70, 4B, 00, 8B, 45, EC, 69, C0, 56, A0, EC, 11, 89, 45, F8, 68, 54, 20, 4D, 00, FF, 15, 98, 70, 4B, 00, 8B, 55, F8, 8B, 4D, EC, D3, E2, 89, 55, F8, 8B, 45, A4, 2B, 45, AC, 89, 45, AC, 8B, 55, 90, 8B, 4D, AC, D3, E2, 89, 55, B4, 8B, 45, 9C, C1, E0, 75, 89, 45, 98, 8B, 55, 90, 8B, 4D, 88, D3, EA, 89, 55, 8C, 8B, 45, A8, 69, C0, FF, 92, 4C, 0A, 89, 45, A8, FF, 15, 28, 71, 4B, 00, C6, 85, D4, FE, FF, FF, EA, 8B, D2, 8B, 55, 08, 8B, D2, 89, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
725.5 KB (742,912 bytes)

The file keys gou cherez torrent.exe has been seen being distributed by the following URL.

http://upsrv.ru/tables?keyword=???? ??? ??????? ????? ???????&charset=utf-8

Remove keys gou cherez torrent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.