home

richmediaplayer.exe

Rich Media Player

Radiocom CJSC

The application richmediaplayer.exe, “Rich Media Player Web Installer” by Radiocom CJSC has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.richmediaplayer.com.
Publisher:
Radiocom  (signed by Radiocom CJSC)

Product:
Rich Media Player

Description:
Rich Media Player Web Installer

Version:
2.1.0.990

MD5:
48a17dca1ed01c8541981701427182d9

SHA-1:
da542297c0248815bceca4f2928ecbe4b5c83f6f

SHA-256:
d89d59016c8cb14b12b288dbc63b34117c6b2c9574bc2eb964650096027ecae6

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/19/2024 12:20:20 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader
2015.0.3502

Reason Heuristics
PUP.Installer.RadiocomCJSC.P
14.7.17.9

File size:
187.1 KB (191,640 bytes)

Product version:
2.1.0.990

Copyright:
Copyright (C) Radiocom

Original file name:
rich-media-player.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\richmediaplayer.exe

Digital Signature
Signed by:
Radiocom CJSC

Authority:
VeriSign, Inc.

Valid from:
1/18/2013 3:00:00 AM

Valid to:
1/19/2014 2:59:59 AM

Subject:
CN=Radiocom CJSC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radiocom CJSC, L=Kiev, S=Kiev, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1B27C57434E6D1716BF37BCC371FF8B7

File PE Metadata
Compilation timestamp:
5/20/2013 2:52:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:lYKCiARAoWe1YzI/u8gelIUoAz2FEGFfPHP75bhVI:laCoWjCzAxfPVY

Entry address:
0x31B1

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00...
 
[+]

Entropy:
5.9368

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file richmediaplayer.exe has been seen being distributed by the following URL.

http://www.richmediaplayer.com/.../richmediaplayer.exe

Remove richmediaplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.