home

player setup.exe

taskhost

The executable player setup.exe has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from clddown.com.
Product:
taskhost

Version:
5. 4. 5. 4

MD5:
fc61526337873416a3a78e477a07f2e8

SHA-1:
9688c280896c5904fab49c2f0716fabfc950dae6

SHA-256:
29adaae6bde6368d54631587a4f77d94df5d1364abf0f9a5435d79d21179f48f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/18/2024 1:15:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.7.16.3

File size:
581.8 KB (595,712 bytes)

Product version:
6. 5. 4. 6

Copyright:
Copyright (C) 2014

Original file name:
taskhost.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\downloads\player setup.exe

File PE Metadata
Compilation timestamp:
12/26/2014 12:41:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:zXznQ+bCxWrUhLZvzC/igEhrNA9SNwyrYAmyhIna3PiGpYh7jN:mgIh0/iLhrekeKYAl4RNN

Entry address:
0xFEB6

Entry point:
B8, 0C, B2, 4B, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 72, 77, 61, 68, 79, 75, 68, 64, 73, 34, 00, B2, 2E, 61, 31, F3, 47, 01, D3, 96, 96, 68, 81, 0A, E1, 1F, C5, 59, 80, F6, 07, 20, 84, 5D, 0D, 8B, 6B, 83, 1C, 68, 17, 09, 24, F0, 84, 12, A9, E6, 71, D1, 69, F3, 24, 8E, 3F, 77, 46, AE, F2, BA, 26, 2F, 05, B0, 68, 18, FD, 91, 84, 4D, A8, FB, 93, 07, 27, 83, C6, D5, D6, BD, 7B, B4, DE, 0B, 83, F7, 78, 8D, 6A, 2B, 18, 2D, BB, 65, C8, 1A, 46, 85, EA, 55, 06, A3, C7, E6...
 
[+]

Code size:
148.5 KB (152,064 bytes)

The file player setup.exe has been seen being distributed by the following URL.

http://clddown.com/?a=17045&c=66708&s1=Kds=ES

Remove player setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.