» rmvbplayersetup.exe
Overview
Analysis
File Details
Downloads (1)

rmvbplayersetup.exe

RMVB Player

The application rmvbplayersetup.exe, “RMVB Player Setup ” has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

rmvbplayersetup.exe

Product:

RMVB Player

Description:

RMVB Player Setup

Version:

1.0.3

MD5:

ac6a3b348ca8ba29f42bcbb5dc598484

SHA-1:

3c9072bd9df4e44b31b5ef1d999df1222c327c5b

SHA-256:

a3b605e663366f11fed80870dcbb426ce854ca1cb0e6834bfe2c2696ec9c2867

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

5/7/2024 2:58:59 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.179.140

avast!

Win32:Relevant-S [PUP]

2014.9-141021

AVG

RelevantKnowledge

2015.0.3315

Fortinet FortiGate

Riskware/RK

10/21/2014

K7 AntiVirus

Riskware

13.184.13727

Kaspersky

not-a-virus:WebToolbar.Win32.RK

14.0.0.3068

Qihoo 360 Security

Win32/Virus.WebToolbar.9c5

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R0CBH07GC14

7.2.294

File size:

6.4 MB (6,720,971 bytes)

Product version:

1.0.3

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\rmvbplayersetup.exe

File PE Metadata

Compilation timestamp:

1/30/2013 3:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:EB2WnJ0RMNUhRnElqY+9nA4Nf3cnx9VIcXYgtCt4jpTM/XOjwVDagCQMYr05cBL:EBPJamwRnRjjknVYgtqYpTM/XO8dwYh

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file rmvbplayersetup.exe has been seen being distributed by the following URL.

http://www.vsevensoft.com/.../RMVBPlayerSetup.exe

Remove rmvbplayersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.