home

mediapluginsetup.exe

Game Play Labs

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application mediapluginsetup.exe by Game Play Labs has been detected as adware by 33 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Game Play Labs  (signed and verified)

MD5:
2887a48d1acda18635137ea7383d0a82

SHA-1:
5597105c826bfff36df4704a556b096d12bca785

SHA-256:
6b86b021447593a88fe28c56ac1f8bef5999fceb72e9d98a4784a73423f61852

Scanner detections:
33 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
5/10/2024 8:03:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.8522190
6322129

Agnitum Outpost
Adware.GamePlayLabs
7.1.1

AhnLab V3 Security
Adware/Win32.GamePlayLabs
2014.12.30

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.30.172

avast!
Adware-gen [Adw]
141214-1

AVG
Adware BHO.C
2014.0.4235

Bitdefender
Gen:Adware.Heur.Au8@Ru9qzgai
1.0.20.1820

Clam AntiVirus
Win.Adware.Gameplaylabs-2
0.98/19857

Comodo Security
UnclassifiedMalware
20532

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Gen:Adware.Heur.Au8@Ru9qzgai
9.0.0.4668

ESET NOD32
Win32/Adware.GamePlayLabs potentially unwanted application
7.0.302.0

Fortinet FortiGate
BHO/GamePlayLabs
12/30/2014

F-Prot
W32/GamePlay.A (exact, not disinfectable)
4.6.5.141

F-Secure
Trojan.Generic.8522190
11.2014-30-12_3

G Data
Gen:Adware.Heur.Au8@Ru9qzgai
14.12.24

K7 AntiVirus
Unwanted-Program
13.188.14496

Kaspersky
not-a-virus:AdWare.Win32.GamePlayLabs
15.0.0.543

Malwarebytes
Spyware.GamePlayLabs
v2014.12.30.10

McAfee
GamePlayLabs
5600.6901

MicroWorld eScan
Gen:Adware.Heur.Au8@Ru9qzgai
15.0.0.1092

NANO AntiVirus
Riskware.Win32.GamePlayLabs.chddh
0.30.0.64448

Norman
Gen:Adware.Heur.Au8@Ru9qzgai
29.12.2014 07:19:03

nProtect
Trojan.Generic.8522190
14.12.30.01

Panda Antivirus
Adware/GamePlayLabs
14.12.30.10

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.GamePlayLabs.Q
14.12.30.10

Rising Antivirus
PE:Trojan.Win32.Generic.12E3D55E!316921182
23.00.65.141228

Sophos
PUA 'Game Play Labs' (of type Adware)
5.09

SUPERAntiSpyware
Adware.GamePlayLabs
10146

Trend Micro House Call
HV_GAMEPLAYLABS_CI202B00.RDXN
7.2.364

Vba32 AntiVirus
Adware.GamePlayLabs
3.12.26.3

VIPRE Antivirus
Threat.4736651
35418

File size:
862 KB (882,696 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mediapluginsetup.exe

Digital Signature
Signed by:
Game Play Labs

Authority:
VeriSign, Inc.

Valid from:
11/4/2010 2:00:00 AM

Valid to:
11/5/2011 1:59:59 AM

Subject:
CN=Game Play Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Game Play Labs, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6ACCE23BF8176B4E2BFCFFAB8FB3BB19

File PE Metadata
Compilation timestamp:
3/15/2010 8:27:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:futrzh9xOXk9UbgaFsgXRbW2xOeSuMLO1EguxrZEr5rmDaNkMFGF760F/AmpHBDG:futr5OUKEIbdMaEql6Sk9Os/NpH9bhQ5

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Code size:
66 KB (67,584 bytes)

The file mediapluginsetup.exe has been seen being distributed by the following URL.

http://www.gameplaylabs.com/.../?pid=5&v=c291cmNlX2lkPTRjYWE0MjVhOTNkYmRiMWY2ZDEwODIzMjImcGlkPTUmc3ViX2lkPWEtMC0yMzk4LTkzNDYtNzEwMy0wLTg2LTAmemRhdGE9OTM0NiUyNnN1YmlkJTNEJnV6aWQ9OTM0Ng==

Remove mediapluginsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.