home

richmediaplayer.exe

Rich Media Player

Radiocom

The executable richmediaplayer.exe, “Rich Media Player Offline Installer” has been detected as malware by 38 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Infected by a mass-mailing worm and virus that sends itself to email addresses gathered from the compromised computer and exploits remote vulnerabilities and attempts to infect files. The file has been seen being downloaded from d2ixaxv7kqwqbv.cloudfront.net.
Publisher:
Radiocom

Product:
Rich Media Player

Description:
Rich Media Player Offline Installer

Version:
2.4.2.1316

MD5:
4bb5c1c421ed673f0de4b7e6889c80d5

SHA-1:
c4080867b6a9cb7c28ad8d756e5e24309007ee46

SHA-256:
9bb3a5d943bec0476d989b096e3d90ca5d850a9314b91e8c927d3cfe28ffef66

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/28/2024 5:30:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Runouce.B@mm
905

Agnitum Outpost
I-Worm.Chir.B
7.1.1

Avira AntiVirus
W32/Chir.B
7.11.141.48

avast!
Win32:Oncer
2014.9-140814

AVG
Win32/Chir.B@mm
2015.0.3383

Baidu Antivirus
Virus.Win32.Runouce.$a
4.0.3.14814

Bitdefender
Win32.Runouce.B@mm
1.0.20.1130

Bkav FE
W32.ChirBPE
1.3.0.4959

Clam AntiVirus
WIN.Worm.Brontok
0.98/18355

Comodo Security
EmailWorm.Win32.Runonce.~v001
18044

Dr.Web
Win32.Runonce.6652
9.0.1.0226

Emsisoft Anti-Malware
Win32.Runouce.B@mm
8.14.08.14.07

ESET NOD32
Win32/Chir
8.9634

Fortinet FortiGate
W32/Chir.B@mm
8/14/2014

F-Prot
W32/Thecid.B@mm
v6.4.7.1.166

F-Secure
Win32.Runouce.B@mm
11.2014-14-08_5

G Data
Win32.Runouce.B@mm
14.8.24

K7 AntiVirus
EmailWorm
13.176.11652

Kaspersky
Email-Worm.Win32.Runouce
14.0.0.3409

Malwarebytes
Virus.Chir
v2014.08.14.07

McAfee
W32/Chir.b@MM
5600.7039

Microsoft Security Essentials
Virus:Win32/Chir.B@mm
1.10401

MicroWorld eScan
Win32.Runouce.B@mm
15.0.0.678

NANO AntiVirus
Virus.Win32.Runouce.bxafx
0.28.0.58873

Norman
Malware
11.20140814

nProtect
Win32.Runouce.B@mm
14.04.03.01

Panda Antivirus
W32/Chir.B
14.08.14.07

Qihoo 360 Security
Virus.Win32.CNHacker.C
1.0.0.1015

Quick Heal
W32.Runouce.B
8.14.12.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.14.7

Rising Antivirus
PE:Worm.ChineseHacker-2!23772
23.00.65.14812

Sophos
W32/Chir-A
4.98

Total Defense
Win32/Chir.B
37.0.10856

Trend Micro House Call
PE_Chir.B
7.2.226

Trend Micro
PE_Chir.B
10.465.14

Vba32 AntiVirus
Virus.Win32.Chur.A
3.12.26.0

VIPRE Antivirus
Win32.chir.b
28008

ViRobot
Win32.Chir.B
2011.4.7.4223

File size:
39.7 MB (41,578,865 bytes)

Product version:
2.4.2.1316

Copyright:
Copyright (C) Radiocom

Original file name:
richmediaplayer.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\richmediaplayer.exe

File PE Metadata
Compilation timestamp:
5/19/2013 4:52:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:r7Zxc21NRzNa0rG5top+w6oLDeN4UtYAVQfsKQ549G2G1NXDFP6M3MJO:X3pss+wIth9KQC9gNXZ6Mt

Entry address:
0x31B1

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00...
 
[+]

Entropy:
7.9993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file richmediaplayer.exe has been seen being distributed by the following URL.

http://d2ixaxv7kqwqbv.cloudfront.net/.../richmediaplayer.exe

Remove richmediaplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.