home

rmplayer.exe

Rich Media Player

Radiocom

The application rmplayer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Radiocom

Product:
Rich Media Player

Version:
2.4.4.1385

MD5:
7e1f8aa98ca49756b5ba65e094eb105d

SHA-1:
3996762f57b3aa68c74ca29c2f7336cb5d1893da

SHA-256:
fcac8a0b2edfbe0bfc071373b9832377978a6a67f89f12dc1c4b0b9f2e2693fd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 4:57:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Radiocom.Meta (M)
15.6.24.21

File size:
2 MB (2,065,408 bytes)

Product version:
2.4.2.0

Copyright:
Copyright (C) Radiocom

Original file name:
rmplayer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\rich media player\data\rmplayer.exe

File PE Metadata
Compilation timestamp:
6/8/2015 11:35:49 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:qbLW+SFFlCGw091vRf6XOgaaxNVv4KSX3KAZj:qKGpyR14vNNJnEj

Entry address:
0x1000

Entry point:
B8, A4, 4B, A5, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 77, DB, 1E, 65, A1, FA, 12, FB, 93, 81, 54, D4, FD, 27, 84, 28, 36, 40, A8, 13, 34, F5, 97, BC, 85, 3A, A0, 11, E1, 5F, 0C, 6B, B6, A2, C2, F3, 48, CC, 4A, EB, CA, 8C, 68, 47, 0C, 01, AA, 3C, 64, 95, 37, D1, 6C, B4, 36, 9E, 62, 09, CD, 27, F2, 94, 05, 43, DE, 35, 34, 3C, 3B, B9, 3F, 09, F7, E1, 79, B2, 2A, AE, 18, FC, 3E, 3F, 58, 49, F2, 46, 08, 25, C6, F2, 55, B9, 2B...
 
[+]

Packer / compiler:
PECompact v2

Code size:
2.4 MB (2,527,744 bytes)

Autoplay Handler
Display name:
RMPPlayCDAudioOnArrival


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-1-32-25.compute-1.amazonaws.com  (52.1.32.25:80)

TCP (HTTP):
Connects to ec2-54-85-149-135.compute-1.amazonaws.com  (54.85.149.135:80)

TCP (HTTP):
Connects to ec2-54-85-127-70.compute-1.amazonaws.com  (54.85.127.70:80)

TCP (HTTP):
Connects to ec2-52-204-129-22.compute-1.amazonaws.com  (52.204.129.22:80)

TCP (HTTP):
Connects to ec2-54-88-133-92.compute-1.amazonaws.com  (54.88.133.92:80)

TCP (HTTP):
Connects to ec2-34-206-157-64.compute-1.amazonaws.com  (34.206.157.64:80)

TCP (HTTP):
Connects to ec2-54-88-107-140.compute-1.amazonaws.com  (54.88.107.140:80)

TCP (HTTP):
Connects to ec2-54-236-195-15.compute-1.amazonaws.com  (54.236.195.15:80)

TCP (HTTP):
Connects to ec2-52-20-154-3.compute-1.amazonaws.com  (52.20.154.3:80)

TCP (HTTP):
Connects to ec2-23-21-223-72.compute-1.amazonaws.com  (23.21.223.72:80)

TCP (HTTP):
Connects to ec2-34-196-72-62.compute-1.amazonaws.com  (34.196.72.62:80)

TCP (HTTP):
Connects to ec2-54-165-22-2.compute-1.amazonaws.com  (54.165.22.2:80)

TCP (HTTP):
Connects to ec2-52-55-207-183.compute-1.amazonaws.com  (52.55.207.183:80)

TCP (HTTP):
Connects to ec2-52-54-132-83.compute-1.amazonaws.com  (52.54.132.83:80)

TCP (HTTP):
Connects to ec2-34-199-151-163.compute-1.amazonaws.com  (34.199.151.163:80)

Remove rmplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.