home

playerupdate-chrome-v2.1.exe

KEYDOWNLOAD LTD

The application playerupdate-chrome-v2.1.exe by KEYDOWNLOAD has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from install.viddownloader.net.
Publisher:
KEYDOWNLOAD LTD  (signed and verified)

MD5:
f2d8fc4e121508d7e83ceab8e260846f

SHA-1:
4ae71f9cbda02e978a670695c734a0fe0083aa62

SHA-256:
5c36573d061ac3a056381061a1d1188aa0922aa42d30201821e32827ff5ad47a

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/18/2024 3:28:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.39559
1043

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.Downloader
2014.11.14

Avira AntiVirus
Adware/Agent.ols
7.11.140.10

avast!
Win32:Adware-gen [Adw]
2014.9-140329

AVG
Win32/DH
2015.0.3521

Bitdefender
Gen:Variant.Symmi.39559
1.0.20.440

Dr.Web
Trojan.DownLoader9.13803
9.0.1.088

Emsisoft Anti-Malware
Gen:Variant.Symmi.39559
8.14.03.29.12

F-Prot
W32/A-0d4180bc
v6.4.7.1.166

F-Secure
Gen:Variant.Symmi.39559
11.2014-29-03_7

G Data
Gen:Variant.Symmi.39559
14.3.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.2.2.29

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.4100

MicroWorld eScan
Gen:Variant.Symmi.39559
15.0.0.264

NANO AntiVirus
Riskware.Win32.Agent.csprkp
0.28.0.58720

nProtect
Trojan-Clicker/W32.Agent_Packed.81960
14.11.13.01

Panda Antivirus
Trj/Genetic.gen
14.11.30.01

Reason Heuristics
PUP.KEYDOWNLOAD.X
14.8.7.19

Vba32 AntiVirus
AdWare.Agent
3.12.24.3

VIPRE Antivirus
Threat.4150696
34232

Zillya! Antivirus
Adware.Agent.Win32.8914
2.0.0.1982

File size:
80 KB (81,960 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\playerupdate-chrome-v2.1.exe

Digital Signature
Signed by:
KEYDOWNLOAD LTD

Authority:
Thawte, Inc.

Valid from:
10/12/2013 8:00:00 PM

Valid to:
10/23/2014 7:59:59 PM

Subject:
CN=KEYDOWNLOAD LTD, O=KEYDOWNLOAD LTD, L=Tel Aviv- Jaffa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
301A0B08CC22C86BC31C6BBC010D3E91

File PE Metadata
Compilation timestamp:
1/9/2014 8:15:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:e3ZGdYREvQpnLpJ+nwWMPFR7cq9jCmqcSLUI3400eV+gacCSsQDSSP6c:G7e03t9+YwUIP0FgaYRuSF

Entry address:
0x353A0

Entry point:
60, BE, 00, 40, 42, 00, 8D, BE, 00, D0, FD, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.8521

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
72 KB (73,728 bytes)

The file playerupdate-chrome-v2.1.exe has been seen being distributed by the following URL.

http://install.viddownloader.net/downloadvd3.php?affid=1006&context=102560a42059412114b61292e243bd&browser=Chrome

Remove playerupdate-chrome-v2.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.