home

mediapluginsetup.exe

Game Play Labs

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application mediapluginsetup.exe by Game Play Labs has been detected as adware by 29 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Game Play Labs  (signed and verified)

MD5:
b231c1b11aeabbf40ffd37c98135deb6

SHA-1:
44f2669a8ffc0e00b7955211d10f9a1aef7c91b0

SHA-256:
25c405bf66e613f7efebdd56baa8f2002a9b87c24173ca45b85940fa28191467

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/25/2024 8:36:34 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.GamePlayLabs
7.1.1

AhnLab V3 Security
Adware/Win32.GamePlayLabs
2013.08.14

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.96.176

avast!
Win32:Adware-gen [Adw]
2014.9-131224

AVG
BHO.C
2014.0.3615

Bitdefender
Adware.Generic.168685
1.0.20.1790

Comodo Security
UnclassifiedMalware
16759

Dr.Web
Adware.GamePlayLabs.2
9.0.1.0358

Emsisoft Anti-Malware
Adware.Generic.168685
8.13.12.24.07

ESET NOD32
Win32/Adware.GamePlayLabs
7.8684

Fortinet FortiGate
Adware/GamePlayLabs
12/24/2013

F-Prot
W32/GamePlay.A
v6.4.7.1.166

F-Secure
Adware:W32/GamePlayLabs
11.2013-24-12_3

G Data
Adware.Generic.168685
13.12.22

K7 AntiVirus
Adware
13.170.9269

Kaspersky
not-a-virus:AdWare.Win32.GamePlayLabs
14.0.0.4571

Malwarebytes
Spyware.GamePlayLabs
v2013.12.24.07

McAfee
GamePlayLabs
5600.7271

Microsoft Security Essentials
Adware:Win32/GamePlayLabs
1.163.1557.0

NANO AntiVirus
Riskware.Win32.GamePlayLabs.chddh
0.26.0.53954

Panda Antivirus
Adware/GamePlayLabs
13.12.24.07

Reason Heuristics
PUP.Installer.GamePlayLabs.Q
14.8.8.0

Rising Antivirus
Trojan.Win32.Generic.13FBBDEA
23.00.65.131222

SUPERAntiSpyware
Adware.GamePlayLabs
10887

Trend Micro House Call
TROJ_SPNR.15IH12
7.2.358

Trend Micro
TROJ_SPNR.15IH12
10.465.24

Vba32 AntiVirus
Adware.GamePlayLabs
3.12.22.3

VIPRE Antivirus
GamePlayLabs
20482

ViRobot
Trojan.Win32.Generic.572799
2011.4.7.4223

File size:
553.4 KB (566,720 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mediapluginsetup.exe

Digital Signature
Signed by:
Game Play Labs

Authority:
VeriSign, Inc.

Valid from:
11/4/2010 12:00:00 AM

Valid to:
11/4/2011 11:59:59 PM

Subject:
CN=Game Play Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Game Play Labs, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6ACCE23BF8176B4E2BFCFFAB8FB3BB19

File PE Metadata
Compilation timestamp:
3/15/2010 6:27:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:gutrzh9xOXk9UwDdEqfXqwSeKKkCy5J/t1iEuLhrM:gutr5OUKwDvX9svF1iEehrM

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Code size:
66 KB (67,584 bytes)

The file mediapluginsetup.exe has been seen being distributed by the following URL.

http://www.gameplaylabs.com/.../?pid=5&v=c291cmNlX2lkPTRjYWE0MjVhOTNkYmRiMWY2ZDEwODIzMjImcGlkPTUmc3ViX2lkPWEtMC0yMzk4LTkzNDYtNzEwMy0wLTItMCZ6ZGF0YT05MzQ2JTI2c3ViaWQlM0QmdXppZD05MzQ2

Remove mediapluginsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.