» Player.exe
Overview
Analysis
File Details
Behaviors (1)

Player.exe

Universal Message Updater

OPTiM Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Send execute log for d_optim001’.

File name:

Player.exe

Publisher:

OPTiM Corporation (signed and verified)

Product:

Universal Message Updater

Description:

UMU Station

Version:

1, 2, 2, 0

MD5:

ab415275bc241e93d5c23c6746d138d1

SHA-1:

071a741568bf8e8701c685c0229772493eabb0e6

SHA-256:

62bbdcc6bac1a3d96a536704ad357b397e12dcbc45304d12f255d38c5af85e20

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 12:26:59 PM UTC (today)

File size:

1.8 MB (1,874,784 bytes)

Product version:

1, 2, 2, 0

Original file name:

Player.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\umu\player.exe

Digital Signature

Signed by:

OPTiM Corporation

Authority:

VeriSign, Inc.

Valid from:

6/28/2012 9:00:00 AM

Valid to:

6/29/2013 8:59:59 AM

Subject:

CN=OPTiM Corporation, OU=Service Operation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OPTiM Corporation, L=Minato, S=Tokyo, C=JP

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2A3EF2FE1E659DC4A6216EF12CC0B1AA

File PE Metadata

Compilation timestamp:

11/27/2012 10:36:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:44Ck/8UX2Cst6asKjm1NAKCCSGfi1jPwLtYAE:rCk/9s7gAvq+PQYAE

Entry address:

0x555E30

Entry point:

60, BE, 00, 90, 79, 00, 8D, BE, 00, 80, C6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.9300

Packer / compiler:

UPX 2.90LZMA

Code size:

1.7 MB (1,822,720 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Send execute log for d_optim001

Command:

"C:\Program Files\umu\player.exe" \c l_optim001\startup

Scan Player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.