home

swiffplayersetup172.exe

Swiff Player

GlobFX Technologies

The executable swiffplayersetup172.exe, “Swiff Player Setup ” has been detected as malware by 5 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.globfx.com.
Publisher:
GlobFX Technologies

Product:
Swiff Player

Description:
Swiff Player Setup

MD5:
4420cd9f091032790570718a110aaeaa

SHA-1:
fd15ee08eca1993cef072c2c627fc83b50ff3380

SHA-256:
d6a629e18fbbe977e099bd3dfa394ff534c8752adc753c06602c56a68bf5c218

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/25/2024 10:24:16 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160503-1

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

VIPRE Antivirus
Threat.4721115
49574

File size:
4.4 MB (4,572,178 bytes)

Product version:
1.7.2

Copyright:
Copyright © 2001-2010 GlobFX Technologies

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\swiffplayersetup172.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:C3vNIiyhXb7QOwzKgFeTQhoG7QNLAanjwaTHx8/uBd1Zg:OlYhXb0Owz/kTQRTocwR8/ujXg

Entry address:
0x9B60

Entry point:
60, F2, 46, 69, D1, 58, C3, DA, CA, B0, 21, 78, 02, 89, DF, F6, C4, 17, F3, 68, 55, 61, A3, 00, 69, C8, 42, F9, 2F, 39, E8, 35, 00, 00, 00, 81, FE, AA, 1D, 00, 00, 78, 0D, 0F, AF, F8, 15, F1, 14, 45, 31, 2D, 1F, 74, 22, F0, BE, BC, B4, C8, 58, 8A, CC, 81, FA, A2, 5E, 00, 00, 72, 03, 0F, AF, D8, 03, D3, 73, 0A, FE, C0, BB, DC, 8A, 54, B9, 0F, AF, F9, 87, FE, F7, C0, 61, EA, 00, 2C, 81, C5, D4, 69, 66, 46, 81, CA, 2B, 17, B0, E6, 0F, AF, D0, 0F, AF, D3, FE, CE, C7, C3, 34, 76, 5B, AB, F2, 21, FA, 0F, AF, DA...
 
[+]

Entropy:
7.9981  (probably packed)

Code size:
37 KB (37,888 bytes)

The file swiffplayersetup172.exe has been seen being distributed by the following URL.

http://www.globfx.com/.../swfplayer.php

Remove swiffplayersetup172.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.