» umplayersetup-0.98.exe
Overview
Analysis
File Details

umplayersetup-0.98.exe

Ori Rejwan

The executable umplayersetup-0.98.exe has been detected as malware by 15 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer.

File name:

Publisher:

Ori Rejwan (signed and verified)

MD5:

049e7712c4aefc4c8ed56d5a0f69d14c

SHA-1:

25689f3c420882347e23346f1c93092a332acd38

SHA-256:

e9ddebdc218d1f98faa183b9ef751479b0e04ef1cca49765c5143b22267f7809

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/19/2024 5:02:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Worm.Mabezat.Gen

5813571

avast!

Mabezat [Wrm]

151222-1

AVG

Win32/Mabezat

2015.0.4489

Clam AntiVirus

W32.Mabezat

0.98/21222

Dr.Web

Win32.HLLW.Tazebama

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

10.0.0.5366

ESET NOD32

Win32/Mabezat.A virus

7.0.302.0

F-Prot

W32/Mabezat.A-2

4.6.5.141

F-Secure

Win32.Worm.Mabezat.Gen

5.15.21

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

McAfee

Virus.W32/Mabezat.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.1637.0

Norman

Win32.Worm.Mabezat.Gen

22.12.2015 20:50:33

Sophos

Virus 'W32/Mabezat-B'

5.22

VIPRE Antivirus

Threat.303962

46110

File size:

305.7 KB (313,015 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Common path:

C:\documents and settings\administrateur\mes documents\downloads\umplayersetup-0.98.exe

Digital Signature

Signed by:

Ori Rejwan

Authority:

The USERTRUST Network

Valid from:

12/8/2010 1:00:00 AM

Valid to:

12/9/2011 12:59:59 AM

Subject:

CN=Ori Rejwan, O=Ori Rejwan, STREET=42 Balfure Street, STREET=Apartment 11, L=Tel Aviv, S=TLV, PostalCode=65212, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00EC0B02C1D3C98296496142B9A5A146FD

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:mQctQswDNozqK0+q1gExxL1MUaeNLlBAaH/stRmz1jDD3Q0j0SNUn:CPw6zqKkvxxpMZeNpBj/NBlNK

Entry address:

0x30CB

Entry point:

BB, 66, 64, 29, 56, 93, E9, 20, 01, 00, 00, 17, BD, 20, 1C, C8, 4C, 20, 1C, E8, EB, A2, A0, A0, 20, A0, A0, 1C, A0, A0, A0, FF, D1, D6, D1, D0, D1, D9, D7, D6, A0, A0, A0, 14, 01, 1A, 05, 02, 01, 0D, 01, CE, 04, 0C, 0C, A0, A0, A0, A0, FC, A0, A0, A0, E6, 12, 05, 05, EC, 09, 02, 12, 01, 12, 19, A0, E3, 12, 05, 01, 14, 05, E4, 09, 12, 05, 03, 14, 0F, 12, 19, E1, A0, A0, A0, A0, E7, 05, 14, F7, 09, 0E, 04, 0F, 17, 13, E4, 09, 12, 05, 03, 14, 0F, 12, 19, E1, A0, A0, A0, A0, E7, 05, 14, ED, 0F, 04, 15, 0C, 05... 
[+]

Code size:

22.5 KB (23,040 bytes)

Remove umplayersetup-0.98.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.