home

mediaplayer__5647_il92.exe

Domains and hosting LLC

The application mediaplayer__5647_il92.exe by Domains and hosting has been detected as adware by 22 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory.
Publisher:
Domains and hosting LLC  (signed and verified)

Version:
1.1.5.55

MD5:
24a9bcc4ef24f77ba453b4bc8dd32d32

SHA-1:
ab3a8b674de36d1451bd06d6846d0e80b6bf224d

SHA-256:
f74eb6b3eb948e51d085219d5741a66229ded863e153dd09fe9e0ca4d1121b83

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/26/2024 10:20:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8206
6319147

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.03.29

Avira AntiVirus
ADWARE/Adware.Gen2
3.6.1.96

avast!
Win32:Evo-gen [Susp]
150319-0

AVG
Generic
2016.0.3156

Bitdefender
Gen:Variant.Adware.Mikey.8206
1.0.20.435

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.Amonetize.CAQ
21573

Dr.Web
Trojan.Amonetize.1755
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8206
9.0.0.4799

ESET NOD32
Win32/Amonetize.DR potentially unwanted (variant)
9.11391

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Gen:Variant.Adware.Mikey.8206
15.3.25

K7 AntiVirus
Trojan
13.202.15414

Malwarebytes
PUP.Optional.Amonetize
v2015.03.28.05

MicroWorld eScan
Gen:Variant.Adware.Mikey.8206
16.0.0.261

NANO AntiVirus
Riskware.Win32.Amonetize.dnwjgc
0.30.8.659

Panda Antivirus
Trj/Genetic.gen
15.03.28.05

Reason Heuristics
PUP.Installer.Domainsandhosting
15.3.28.17

SUPERAntiSpyware
Adware.Amonetize/Variant
9970

Trend Micro House Call
TROJ_GEN.R00GH09BE15
7.2.87

VIPRE Antivirus
Threat.4785227
38552

File size:
675.5 KB (691,744 bytes)

Product version:
1.1.5.55

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\mediaplayer__5647_il92.exe

Digital Signature
Signed by:
Domains and hosting LLC

Authority:
COMODO CA Limited

Valid from:
2/9/2015 2:00:00 AM

Valid to:
2/10/2016 1:59:59 AM

Subject:
CN=Domains and hosting LLC, O=Domains and hosting LLC, STREET=Street Khmelnytsky Highway 114, L=Vinnycya, S=Vinnycka, PostalCode=21029, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
32B570B832950A992CE17C1FFA5C7670

File PE Metadata
Compilation timestamp:
2/13/2015 2:03:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:5UAMzFaoc48n9CY7wv4yDcwitC5sC7V7+m4BMn:5UAMd29CY0v4HwitCaaIZBo

Entry address:
0x4D274

Entry point:
E8, DA, AD, 00, 00, E9, 89, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 6C, D9, 47, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 6C, D9, 47, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F...
 
[+]

Entropy:
6.7077

Code size:
409 KB (418,816 bytes)

Remove mediaplayer__5647_il92.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.