home

myradioplayersetupx30012.exe

myradioplayer

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application myradioplayersetupx30012.exe by myradioplayer has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
myradioplayer  (signed and verified)

Product:
myradioplayer

Version:
4.0.0.0

MD5:
160c07143d86f94fe131dc4f923355ba

SHA-1:
cb4880c5f2a408ab012092cfe59ef6dff53ad12a

SHA-256:
afab70a38911279f59dde1b9978d6d883c9fdbde5d2187e754de548f6c788150

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
5/12/2024 9:14:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Sendori
7.1.1

Comodo Security
ApplicUnwnt
20153

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
multiple threats
7.0.302.0

Fortinet FortiGate
Riskware/Sendori
11/21/2014

IKARUS anti.virus
PUA.Sendori
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.MyRadioPlayer.A
v2014.11.21.12

McAfee
Artemis!FEA7FEE6BDE3
5600.6939

NANO AntiVirus
Riskware.Win32.Plugin.dgqnuz
0.28.6.63474

Reason Heuristics
PUP.Installer.myradioplayer.Y
14.12.18.11

Rising Antivirus
PE:Trojan.Win32.Generic.176AF78A!392886154
23.00.65.141119

Trend Micro House Call
Suspici.34695612
7.2.325

VIPRE Antivirus
Threat.4150696
34948

File size:
3.2 MB (3,330,288 bytes)

Copyright:
© myradioplayer All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rheng\9f9b6c9c91ed488b9435f201928d2b5e\myradioplayersetupx30012.exe

Digital Signature
Signed by:
myradioplayer

Authority:
VeriSign, Inc.

Valid from:
8/14/2014 8:00:00 PM

Valid to:
8/14/2017 7:59:59 PM

Subject:
CN=myradioplayer, O=myradioplayer, L=San Leandro, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
42911589C907180DE25AE153A05008F6

File PE Metadata
Compilation timestamp:
12/5/2009 5:53:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:ZH9cpEJZFgicKCTP8FtW/PCyvxiXUXvHgmZUN0+jW3ULzdAoU/gjQ:ZH+pGSrt0FtjyvXgmKN0CWkw5

Entry address:
0x355E

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 10, 43, 00, E8, D6, 2E, 00, 00, A3, E4, 0F, 43, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, A7, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 07, 43, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, 70, 43, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9918

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

Remove myradioplayersetupx30012.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.