» vidplaya_sn_video_v2.exe
Overview
Analysis
File Details

vidplaya_sn_video_v2.exe

VidPlaya

Playswell, Inc.

The application vidplaya_sn_video_v2.exe, “VidPlaya Setup ” by Playswell has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

Publisher:

Playswell, Inc. (signed by Playswell, Inc.)

Product:

VidPlaya

Description:

VidPlaya Setup

MD5:

b899fbe93662e2d2409e8f7dbee4f4ce

SHA-1:

7e1d3dc40673173ed64fed95f19d27fe4e8b46db

SHA-256:

1c2e3470c02dcb4f125bb6392b943017c00e5c87fd10719b666b591bae25fd1a

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 7:38:09 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.OpenCandy.4

9.0.1.0200

ESET NOD32

Win32/OpenCandy.C potentially unsafe (variant)

9.11929

F-Prot

W32/OpenCandy.A2.gen

v6.4.7.1.166

G Data

Win32.Adware.OpenCandy

15.7.25

NANO AntiVirus

Riskware.Win32.OpenCandy.dqxwfk

0.30.24.2487

Reason Heuristics

PUP.OpenCandy.Installer (L)

15.7.19.9

VIPRE Antivirus

Trojan.Win32.Generic

41948

File size:

26.4 MB (27,720,184 bytes)

Product version:

1.0.1

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\zapshares\downloads-securevault\vidplaya_sn_video_v2.exe

Digital Signature

Signed by:

Playswell, Inc.

Authority:

DigiCert Inc

Valid from:

2/19/2014 7:00:00 PM

Valid to:

2/25/2015 7:00:00 AM

Subject:

CN="Playswell, Inc.", O="Playswell, Inc.", L=Del Mar, S=California, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0A8D71BE09A439773950E7DA2D2C894B

File PE Metadata

Compilation timestamp:

10/13/2013 4:19:32 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

786432:wYDpcNFzfBMmnNC+9JC1B2/sm4enYoi9mE0k4f:wrvzZQkMm4eno9mE0F

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9991

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

Remove vidplaya_sn_video_v2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.