» opensubtitlesplayer_v4.7.exe
Overview
Analysis
File Details
Downloads (3)

opensubtitlesplayer_v4.7.exe

OpenSubtitlesPlayer

GT CONSULTORIA EM INFORMATICA LTDA

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application opensubtitlesplayer_v4.7.exe, “www.OpenSubtitles.org ” by GT CONSULTORIA EM INFORMATICAA has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.afterdawn.com and multiple other hosts.

File name:

Publisher:

ALLPlayer (signed by GT CONSULTORIA EM INFORMATICA LTDA)

Product:

OpenSubtitlesPlayer

Description:

www.OpenSubtitles.org

Version:

4.7

MD5:

ae1fb0cfa3f1a7f0e7d442c0c6a5760d

SHA-1:

5616e812244f97ef7a4f93dc9df6f1c4b5457351

SHA-256:

6b22f4806faabb198cc87651a0e7ffdfac2d42d833a92eea15719a232d1ca6e5

Scanner detections:

3 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 5:13:07 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.Montiera (variant)

8.9578

NANO AntiVirus

Riskware.Win32.Facemoods.dagpjn

0.28.2.62286

Reason Heuristics

PUP.GTCONSULTORIAEMINFORMATICAA.X

15.1.4.13

File size:

20.5 MB (21,512,472 bytes)

Product version:

4.7

Artur Majtczak

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\open_subtitles_mkv_player_v4\opensubtitlesplayer_v4.7.exe

Digital Signature

Signed by:

GT CONSULTORIA EM INFORMATICA LTDA

Authority:

DigiCert Inc

Valid from:

5/18/2011 1:00:00 AM

Valid to:

5/22/2012 1:00:00 PM

Subject:

CN=GT CONSULTORIA EM INFORMATICA LTDA, O=GT CONSULTORIA EM INFORMATICA LTDA, L=Juiz de Fora, S=Minas Gerais, C=BR

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0846BC10E838931D7788C07033AC472C

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:M1TSAtCVkmk4CJp3TEu+/lh34D3bN8p591iWk79zH2rtxNjILf+dUo3mUCPrVaYA:moVkT4oua3bOXv29D2rfhI6eoRmrVxHg

Entry address:

0x9B60

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 66, 95, FF, FF, E8, 6D, A7, FF, FF, E8, 98, C9, FF, FF, E8, DF, C9, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 17, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, E0, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C8, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 17, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file opensubtitlesplayer_v4.7.exe has been seen being distributed by the following 3 URLs.

http://www.afterdawn.com/software/.../download.cfm?version_id=38036&software_id=2729&mirror_id=0&installer=0&perion=0&air_installer=0

http://files.downloadnow.com/s/software/12/13/83/.../OpenSubtitlesPlayer.exe

http://software-files-a.cnet.com/s/software/12/13/83/.../OpenSubtitlesPlayer.exe

Remove opensubtitlesplayer_v4.7.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.