» video_player_upgrade.exe
Overview
Analysis
File Details
Downloads (1)

video_player_upgrade.exe

Nero StartSmart Essentials 2009

Nero StartSmart Essentials

The executable video_player_upgrade.exe has been detected as malware by 34 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from chaosium.com.

File name:

Publisher:

Nero StartSmart Essentials

Product:

Nero StartSmart Essentials 2009

Version:

9.0.0.1

MD5:

3dfd00525d710929cd058d0c9804479b

SHA-1:

2311f19864bb8be48a1ce4dbdc7985ee851c618a

SHA-256:

36e4a6daa5931abfe1e05ea7c9bacf2613c661d21f03bba959c996ddacf75b93

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

4/27/2024 2:00:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.38782

338

AhnLab V3 Security

Spyware/Win32.Zbot

2015.08.14

Avira AntiVirus

TR/Crypt.ZPACK.47578

8.3.1.6

Arcabit

Trojan.Symmi.D977E

1.0.0.425

avast!

Win32:Malware-gen

2014.9-160302

AVG

Win32/Cryptor

2017.0.2816

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.1632

Bitdefender

Gen:Variant.Symmi.38782

1.0.20.310

Bkav FE

W32.VariantYakesF.Trojan

1.3.0.7062

Comodo Security

TrojWare.Win32.Injector.AWMK

23002

Dr.Web

Trojan.PWS.Panda.5945

9.0.1.062

Emsisoft Anti-Malware

Gen:Variant.Symmi.38782

8.16.03.02.04

ESET NOD32

Win32/Injector.AXFP (variant)

10.12090

Fortinet FortiGate

W32/Injector.BAIN!tr

3/2/2016

F-Secure

Gen:Variant.Symmi.38782

11.2016-02-03_4

G Data

Gen:Variant.Symmi.38782

16.3.25

IKARUS anti.virus

Virus.Win32.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.208.16884

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.577

Malwarebytes

Spyware.ZeuS

v2016.03.02.04

McAfee

PWSZbot-FRH!3DFD00525D71

5600.6472

Microsoft Security Essentials

VirTool:Win32/Injector.EP

1.1.11903.0

MicroWorld eScan

Gen:Variant.Symmi.38782

17.0.0.186

NANO AntiVirus

Trojan.Win32.Yakes.ctsiqr

0.30.24.3079

Panda Antivirus

Trj/Crilock.C

16.03.02.04

Qihoo 360 Security

Win32/Trojan.c27

1.0.0.1015

Quick Heal

Worm.Gamarue.I5

3.16.14.00

Sophos

Troj/Wonton-P

4.98

Trend Micro House Call

TROJ_SPNR.06B414

7.2.62

Trend Micro

TROJ_SPNR.06B414

10.465.02

Vba32 AntiVirus

SScope.Worm.Ngrbot.2414

3.12.26.4

VIPRE Antivirus

Worm.Win32.Dorkbot.b

42858

ViRobot

Trojan.Win32.S.Agent.265728.AU[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Yakes.Win32.20108

2.0.0.2351

File size:

259.5 KB (265,728 bytes)

Product version:

9.0.0.1

Original file name:

nero.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\video_player_upgrade.exe

File PE Metadata

Compilation timestamp:

1/31/2014 4:57:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:j8lQf5c6xmF6IYfjzykBgL6turB8KRQySmKeS8JJwzDv21oQmSRZh+RRSOPsDhfT:j8WfF86IAAcoJaHv7k+OOkhfTf

Entry address:

0x3AF3

Entry point:

E8, E6, 7D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E0, B1, 41, 00, 89, 0D, DC, B1, 41, 00, 89, 15, D8, B1, 41, 00, 89, 1D, D4, B1, 41, 00, 89, 35, D0, B1, 41, 00, 89, 3D, CC, B1, 41, 00, 66, 8C, 15, F8, B1, 41, 00, 66, 8C, 0D, EC, B1, 41, 00, 66, 8C, 1D, C8, B1, 41, 00, 66, 8C, 05, C4, B1, 41, 00, 66, 8C, 25, C0, B1, 41, 00, 66, 8C, 2D, BC, B1, 41, 00, 9C, 8F, 05, F0, B1, 41, 00, 8B, 45, 00, A3, E4, B1, 41, 00, 8B, 45, 04, A3, E8, B1, 41, 00, 8D, 45, 08, A3, F4, B1, 41... 
[+]

Code size:

61 KB (62,464 bytes)

The file video_player_upgrade.exe has been seen being distributed by the following URL.

http://chaosium.com/?oyfhsm=d7f747

Remove video_player_upgrade.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.