home

mu otbs 28 jan.exe

SelfPlayer

The executable mu otbs 28 jan.exe, “SCREEN2EXE/SWF Player” has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from manipal.edu.
Product:
SelfPlayer

Description:
SCREEN2EXE/SWF Player

Version:
3, 1, 0, 1

MD5:
60c3a1e3ea31289997b31f8816ec25aa

SHA-1:
fe1c4534e7c3bf55629efe28ee546c9c8d0a5635

SHA-256:
e197e782d91747b98077d490e3dc03b11dd966cd3fb2523a1257e95ac33c595c

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
8/15/2025 7:33:26 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160216-0

AVG
Win32/Tanatos.T
2015.0.4542

Dr.Web
Win32.Sector.12
9.0.1.05190

ESET NOD32
Win32/Sality.NAU virus
8.0.319.0

F-Prot
W32/Sality.AK
4.6.5.141

F-Secure
Win32.Sality.OG
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.2609.0

VIPRE Antivirus
Threat.416209
29708

File size:
4.1 MB (4,331,560 bytes)

Product version:
3, 1, 0, 1

Copyright:
Copyright (C) 2008-2010,Stepok Image Lab.

Original file name:
Player.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\mu otbs 28 jan.exe

File PE Metadata
Compilation timestamp:
10/30/2013 4:50:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:PJx5maBI73W/ZVzK1YLAuZjf2QcBR+YY/mx3uf6wVKRBN8cy:PJx5mgI73gZV3Awjp77Ow6wURIF

Entry address:
0x2C928

Entry point:
60, 56, 0F, A5, F7, 0F, CD, EB, 01, 11, C6, C0, EF, 69, F1, DD, 2C, 3F, 06, 5D, 69, C8, BC, 8F, 16, 81, 0F, BD, C3, 11, EE, 4D, F7, D3, 68, F0, E4, 8E, 1E, 68, 3C, 60, 32, 1B, 6A, 00, 58, 50, FF, 15, 8C, 82, 44, 00, 59, 5B, E8, 10, 00, 00, 00, 64, C4, 47, 1A, BD, 6F, E9, A3, 76, 88, C2, C4, 98, 3A, 78, 24, 68, 0C, 70, 00, 00, 8D, 05, F7, DE, 29, 48, 5A, C7, C3, F9, D8, 3B, 12, 84, F1, 33, E9, 8D, 15, 99, F8, DB, 32, C0, DC, 2B, C6, C2, 39, 6A, F0, 6A, 9C, 33, C9, 51, FF, 15, B4, 81, 44, 00, 58, 58, 83, E6...
 
[+]

Entropy:
7.8940  (probably packed)

Code size:
283 KB (289,792 bytes)

The file mu otbs 28 jan.exe has been seen being distributed by the following URL.

http://manipal.edu/content/dam/manipal/mu/.../MU OTBS 28 Jan.exe

Remove mu otbs 28 jan.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.