home

Veohwebplayer.exe

Veoh Web Player Beta

Qlipso Inc.

The executable Veohwebplayer.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler. This file is typically installed with the program Veoh Web Player by Veoh Networks, Inc.. While running, it connects to the Internet address logger.veoh.com on port 80 using the HTTP protocol.
Publisher:
Veoh Networks  (signed by Qlipso Inc.)

Product:
Veoh Web Player Beta

Version:
1, 3, 8, 1112

MD5:
f98619dc3289b720db974a8a2b3a3ec4

SHA-1:
d483fb662b4d51dab1b2555bff30c774454e4571

SHA-256:
49c3e06a7c4cb9ea675d7605bd2052a676e555953c1572c1bc56edd3ad261903

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/10/2024 7:50:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.Qlipso.Task.Meta
15.9.11.2

File size:
2.7 MB (2,816,328 bytes)

Product version:
1, 3, 8, 1112

Copyright:
Copyright (C) Veoh Networks 2010

Original file name:
Veohwebplayer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\veoh networks\veohwebplayer\veohwebplayer.exe

Digital Signature
Signed by:
Qlipso Inc.

Authority:
VeriSign, Inc.

Valid from:
5/24/2011 8:00:00 PM

Valid to:
5/24/2012 7:59:59 PM

Subject:
CN=Qlipso Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Qlipso Inc., L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
087E17D7B2CA0D412673C947F2D84BDD

File PE Metadata
Compilation timestamp:
8/25/2011 5:43:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:9sdCabZ+Y6B8oil0SSIRkfHs1+R0voOkAso11TCkMWdRCTX1xoX6:9sBZ+YA8DDvWAw

Entry address:
0x1D95C7

Entry point:
E8, 6C, 05, 00, 00, E9, 36, FD, FF, FF, 3B, 0D, 30, 05, 68, 00, 75, 02, F3, C3, E9, EE, 05, 00, 00, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, D1, 95, 5D, 00, 68, 30, 05, 68, 00, E8, D4, 06, 00, 00, 83, C4, 18, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, FF, 25, 34, 24, 60, 00, FF, 25, 30, 24, 60, 00, CC, CC, CC, CC, 53, 8B, 44, 24, 14, 0B, C0...
 
[+]

Entropy:
6.5213

Code size:
2 MB (2,098,176 bytes)

Scheduled Task
Task name:
RunAsStdUser Task for VeohWebPlayer

Trigger:
Registration (Runs on registration)


The file Veohwebplayer.exe has been discovered within the following program.

Veoh Web Player  by Veoh Networks, Inc.
Veoh Web Player bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.veoh.com
48% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to logger.veoh.com  (69.167.127.68:80)

Remove Veohwebplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.