home

tinyplayerinstaller.exe

Wecan Software

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application tinyplayerinstaller.exe by Wecan Software has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from inst.getfreesoft.net and multiple other hosts.
Publisher:
Wecan Software  (signed and verified)

Version:
1.0.0.25

MD5:
2ebf55198fe101d907a31ba542e9e2c5

SHA-1:
f0e814bd1445b0edd652d931fb1a6de9baf4b750

SHA-256:
1fb61d004bbcf2e60b32f59a00275e2c003e08df7d802ae0875595e935001239

Scanner detections:
11 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/30/2024 5:17:34 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Wecan
2015.0.3246

Baidu Antivirus
PUA.Win32.Verti
4.0.3.141228

ESET NOD32
Win32/Verti (variant)
8.10894

IKARUS anti.virus
PUA.Verti
t3scan.1.8.5.0

Malwarebytes
PUP.Optional.WeCan.A
v2014.12.28.06

McAfee
Artemis!2EBF55198FE1
5600.6902

Reason Heuristics
PUP.WecanSoftware.T
14.12.28.18

Sophos
NextUp
4.98

SUPERAntiSpyware
Adware.Rocketful/Variant
10149

Trend Micro House Call
Suspicious_GEN.F47V1204
7.2.362

VIPRE Antivirus
Rocketfuel Installer
35822

File size:
263.3 KB (269,648 bytes)

Product version:
1.0.0.25

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tinyplayerinstaller.exe

Digital Signature
Signed by:
Wecan Software

Authority:
VeriSign, Inc.

Valid from:
7/23/2014 2:00:00 AM

Valid to:
7/24/2015 1:59:59 AM

Subject:
CN=Wecan Software, O=Wecan Software, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1FD8A9E8CBFDDB2724A69194C505EF77

File PE Metadata
Compilation timestamp:
12/3/2014 9:39:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:HP0cyd4eJ6IJGGIUmmB7xnqn1iJIg+apKceXXgr45oSF/U2UA:md4e6IwGIm6H9apKceXXDoSF/U2UA

Entry address:
0x16D5E0

Entry point:
60, BE, 00, 40, 53, 00, 8D, BE, 00, D0, EC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 55, B9, 16, 00, 57, 83, C3, 04, 53, 68, DE, 95, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
236 KB (241,664 bytes)

The file tinyplayerinstaller.exe has been seen being distributed by the following 3 URLs.

http://inst.getfreesoft.net/dl/45/12919/81/.../

http://i.getfreesoft.net/stub/WECAN/.../TinyPlayerInstaller.exe

http://inst.getfreesoft.net/dl/45/22506/45/.../

Remove tinyplayerinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.