» mediaplayersetup.exe
Overview
Analysis
File Details
Downloads (1)

mediaplayersetup.exe

Media Player

Install Core

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mediaplayersetup.exe, “Media Player Installer” by Install Core has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from soft.foxtab.com.

File name:

Publisher:

Media Player Technologies (signed by Install Core)

Product:

Media Player

Description:

Media Player Installer

Version:

3.1.0.0

MD5:

6e62578d5d75fba0092d4a99080336fb

SHA-1:

101bfd0c736eca107254cac83fb9e0f9807602a7

SHA-256:

609eb9fae8ed4a6f0be23bb8d719017b067a0394eeafd5839b76b9b63a0096c6

Scanner detections:

32 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 3:49:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.27885

397

Agnitum Outpost

PUA.InstallCore

7.1.1

AhnLab V3 Security

PUP/Win32.InstallCore

2014.09.07

Avira AntiVirus

ADWARE/Adware.Gen

7.11.30.172

avast!

Win32:InstallCore-F [PUP]

2014.9-160104

Bitdefender

Adware.Generic.652124

1.0.20.20

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

W32.Adware.InstallCore-2

0.98/20420

Comodo Security

ApplicUnwnt.Win32.AdWare.InstallCore.0

19440

Dr.Web

Adware.InstallCore.13

9.0.1.04

Emsisoft Anti-Malware

Gen:Variant.Graftor.27885

8.16.01.04.06

ESET NOD32

Win32/InstallCore.E potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/InstallCore

1/4/2016

F-Prot

W32/Agent.MC.gen

v6.4.6.5.141

F-Secure

Gen:Variant.Adware.Graftor

11.2016-04-01_2

G Data

Adware.Generic.652124

16.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.183.13286

Malwarebytes

Adware.Agent

v2016.01.04.06

MicroWorld eScan

Adware.Generic.652124

17.0.0.12

NANO AntiVirus

Riskware.Win32.InstallCore.nyatd

0.28.2.61942

Norman

Gen:Variant.Graftor.27885

11.20160104

nProtect

Trojan/W32.InstallCore.560136.B

14.09.07.01

Qihoo 360 Security

Malware.QVM11.Gen

1.0.0.1015

Reason Heuristics

PUP.installCore.MediaPlayerTechnologies.Installer (M)

16.1.4.6

Sophos

PUA 'Install Core Installer'

5.14

SUPERAntiSpyware

Trojan.Agent/Gen-Falleg[Cont]

9406

Trend Micro House Call

TROJ_SPNR.29HH13

7.2.4

Trend Micro

TROJ_SPNR.29HH13

10.465.04

Vba32 AntiVirus

BScope.Malware-Cryptor.Sinba.A

3.12.26.3

VIPRE Antivirus

Threat.4150696

32210

Zillya! Antivirus

Trojan.Genome.Win32.228223

2.0.0.1913

File size:

547 KB (560,136 bytes)

Product version:

3.1.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\mediaplayersetup.exe

Digital Signature

Signed by:

Install Core

Authority:

The USERTRUST Network

Valid from:

2/1/2011 5:00:00 PM

Valid to:

2/2/2012 4:59:59 PM

Subject:

CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:QoHz1ww46//Ygbexu5nMiY+lH64XFhMM2+:Qaiw46hGJ+la4XfMM2+

Entry address:

0x10FFE0

Entry point:

60, BE, 00, 00, 49, 00, 8D, BE, 00, 10, F7, FF, C7, 87, 10, 27, 0C, 00, 04, F9, 0A, ED, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8848

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

516 KB (528,384 bytes)

The file mediaplayersetup.exe has been seen being distributed by the following URL.

http://soft.foxtab.com/media-player/gc/.../?dl=1

Remove mediaplayersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.