home

mediaplay.exe

MediaPlay

Media, LLC

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MediaPlay’.
Publisher:
MediaPlay LLC  (signed by Media, LLC)

Product:
MediaPlay

Version:
1, 0, 0, 0

MD5:
f829889fd8d90a78ba8551836d17a8ce

SHA-1:
e212176c57f9fe48417bb4154cf29f961abad914

SHA-256:
2eea23fbfe6c10fa1728c6605f1395971d9cfd2a43610f53d227e2c0848eca52

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 3:35:24 PM UTC  (today)

File size:
8.9 MB (9,314,296 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright © 2013 MediaPlay LLC

Original file name:
mediaplay

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\mediaplay\mediaplay.exe

Digital Signature
Signed by:
Media, LLC

Authority:
COMODO CA Limited

Valid from:
5/16/2013 3:00:00 AM

Valid to:
5/16/2016 2:59:59 AM

Subject:
CN="Media, LLC", O="Media, LLC", STREET="korp.2 Liter A, 4 Optikov ul.", L=St. Petersburg, S=Russian Federation, PostalCode=197374, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00888D89600E3B2E7392B928DD5903A546

File PE Metadata
Compilation timestamp:
11/20/2014 5:11:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:vG8daxliHAKN236FsGAWrLaprVxLpFcqayxkJr9BLz0/TVa7osICQLXiwB:vAxlaPCUUhch91U

Entry address:
0x383560

Entry point:
E8, 89, 06, 00, 00, E9, D7, FC, FF, FF, FF, 25, 0C, 25, 80, 00, FF, 25, 10, 25, 80, 00, FF, 25, 14, 25, 80, 00, FF, 25, 18, 25, 80, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, 8D, F5, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, 1D, 00, 00, 00, CC, FF, 25, 1C, 25, 80, 00, FF, 25, 20, 25, 80, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, 17, F4, FF, FF, 59, 5D, C3, 6A, 08, B8, EE, C6, 7E, 00, E8, F1, 06, 00, 00, FF, 75, 08, 83, 65, FC, 00, E8, 36, F4, FF, FF, 59, 89, 45, EC, 8B, 45, EC, E8, 7E, 07, 00, 00, C3, 83...
 
[+]

Code size:
4 MB (4,197,888 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MediaPlay

Command:
C:\users\{user}\appdata\local\mediaplay\mediaplay.exe --minimized


Scan mediaplay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.