home

mplayerc_20081210zip.exe

mplayerc_20081210.zip

AfterDawn

The application mplayerc_20081210zip.exe, “mplayerc_20081210.zip Setup” by AfterDawn has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.afterdawn.com.
Publisher:
Afterdawn.com  (signed by AfterDawn)

Product:
mplayerc_20081210.zip

Description:
mplayerc_20081210.zip Setup

Version:
1,18,0,2810

MD5:
eb6e4b3620b0e4188c35921e193adea9

SHA-1:
bc2bc175e31d7c7575647cedf502da2bf7e8a727

SHA-256:
75af93618f6e33c5d44c55c81af1a7dd6331ebe2cc0d2003980b592863dee55a

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Includes Open Install, an installer which bundles legitimate programs with offers for additional 3rd-party applications that may be unwanted by the user.

Analysis date:
4/18/2024 11:14:51 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.1348
9.0.1.044

ESET NOD32
Win32/OpenInstall (variant)
10.9728

K7 AntiVirus
Unwanted-Program
13.183.13611

Reason Heuristics
PUP.OpenInstall.AfterDawn.Installer (M)
16.2.13.4

Sophos
Open Install
4.98

Trend Micro House Call
HV_A0OCZOJ_BK083E49.TOMC
7.2.44

File size:
361.6 KB (370,288 bytes)

Product version:
1,18,0,2810

Copyright:
Copyright © 2012

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mplayerc_20081210zip.exe

Digital Signature
Signed by:
AfterDawn

Authority:
COMODO CA Limited

Valid from:
2/12/2013 7:00:00 AM

Valid to:
2/13/2015 6:59:59 AM

Subject:
CN=AfterDawn, O=AfterDawn, STREET=Temmeksentie 3, L=Oulu, S=Oulu, PostalCode=90400, C=FI

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6C8E492A1BE6BBF1BED872D138C21345

File PE Metadata
Compilation timestamp:
8/14/2012 8:05:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:oZl12U1csNzbGkVQoM4cMQwzwvKHHNcvhpFA6HNKMPpQpvGImVQxki:oZl12U1hPq2AwzwyHHWv3FA6HN7PcO1E

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 18, 04, 00, 00, 53, 56, 57, BE, A4, 30, 40, 00, 8D, BD, E8, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F6, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E8, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, F0, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, F2, FD, FF, FF, F3, AB, 66, AB, 8D, 85, F0, FD, FF, FF, 50, 8D, 85, E8, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, E8, 0F, 01, 00, 00, 84, C0, 59, 59, 74, 15, 8D, 75, F8, 8D, BD, F0, FD, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file mplayerc_20081210zip.exe has been seen being distributed by the following URL.

http://www.afterdawn.com/software/.../download.cfm?version_id=14689&software_id=518&mirror_id=0&installer=1

Remove mplayerc_20081210zip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.