» playerinstaller_1.0.0.exe
Overview
Analysis
File Details
Downloads (1)

playerinstaller_1.0.0.exe

ExpressPlayer Installer

http://express-player.com

The executable playerinstaller_1.0.0.exe, “Expess Player Installer” has been detected as malware by 11 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from express-player.com.

File name:

Publisher:

http://express-player.com

Product:

ExpressPlayer Installer

Description:

Expess Player Installer

Version:

1, 0, 471, 1

MD5:

bec6e87231e887e5c978fae5522911f6

SHA-1:

0f2aaf20c27fbeffa6aa5673a8f50ad4774e3989

SHA-256:

7d5df910e168430871aab7b6065e751b21eb6c2efd97816096b6bb3d6bf25714

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/19/2024 10:54:16 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4568

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.E.gen

4.6.5.141

F-Secure

Win32.Sality.3

5.15.96

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Trojan.Artemis!49E67B6F5487

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.1159.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

3 MB (3,190,784 bytes)

Product version:

1.0.0.1

Original file name:

ExpressPlayer.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\downloads\playerinstaller_1.0.0.exe

File PE Metadata

Compilation timestamp:

12/29/2014 9:51:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:mxES3n/bMDzR3jDFwDthBdyI8UN4/OLYDLAMvMqAMZdyhEYjHHhY8P+:54/QDrktl8UN4VAMCf9rh5+

Entry address:

0x4F6000

Entry point:

60, 89, D8, 69, D0, CE, 25, 10, 9C, 8B, D8, 0F, AF, FD, FF, C2, 20, F6, 0F, AF, FB, F2, BD, 00, 00, 00, 00, 87, FF, 8D, 1D, A3, A5, 3F, 39, 33, EA, 81, FE, 52, 50, 00, 00, 78, 04, 8A, EF, 8A, DF, F6, C2, E0, 03, F9, 8D, 45, 00, F3, 81, D6, 26, 67, 62, A9, 81, FB, 6A, F2, 00, 00, 73, 01, F2, 8B, CA, 2B, C3, FF, C6, 8D, 35, 60, 2E, B2, 44, 18, C8, B6, D8, E8, 4B, 00, 00, 00, 2B, DB, FE, C6, 81, FD, 1B, 78, 00, 00, 73, 0A, FE, C6, B0, 61, 8D, 3D, 65, A6, 1E, F7, F6, C6, F0, 81, C3, 8D, A1, 08, 00, 23, D5, B6... 
[+]

Entropy:

7.9085 (probably packed)

Code size:

790.5 KB (809,472 bytes)

The file playerinstaller_1.0.0.exe has been seen being distributed by the following URL.

http://express-player.com/PlayerInstaller_1.0.0.exe

Remove playerinstaller_1.0.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.