home

webplayer.exe

Kreapixel

The application webplayer.exe by Kreapixel has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Version:
3.3.8.1

MD5:
ee54804a110d134df1a199e1001bac51

SHA-1:
16343c5754652c93aa21a80dd2e72bdb6ac89c0f

SHA-256:
d18ab32d9e206ebf5695b481425976e140111b8b30e50c3e714873a00efc34a7

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 7:28:15 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1119
9.0.1.064

ESET NOD32
Win32/Toolbar.Babylon
8.8731

Fortinet FortiGate
Riskware/Toolbar
3/5/2014

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Toolbar
t3scan.2.0.127

McAfee
RDN/Generic PUP.x!bcb
5600.7201

Reason Heuristics
PUP.Kreapixel.J
14.3.5.9

Trend Micro House Call
TROJ_GEN.R0CBB01H813
7.2.64

VIPRE Antivirus
Trojan.Win32.Generic
20920

File size:
710.5 KB (727,528 bytes)

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\webplayer.exe

Digital Signature
Signed by:
Kreapixel

Authority:
Thawte, Inc.

Valid from:
10/22/2012 1:00:00 AM

Valid to:
4/23/2013 12:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
452FBFB1AEBD907CC222ACC2D160BC37

File PE Metadata
Compilation timestamp:
1/29/2012 9:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:X6Wq4aaE6KwyF5L0Y2D1PqLU+LxbYdV5vMjCSxMPDT:1thEVaPqLU+L8HTD

Entry address:
0xDBEB0

Entry point:
60, BE, 00, A0, 49, 00, 8D, BE, 00, 70, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file webplayer.exe has been seen being distributed by the following 11 URLs.

http://clic.illyx.com/aff_c?offer_id=25&aff_id=5914&source=link_fakeVK

http://clic.illyx.com/aff_c?offer_id=373&aff_id=1189

http://.../aff_c?offer_id=25&aff_id=7604&source=oldscript&clickTAG=http://.../aff_c?offer_id=25&aff_id=7604&source=oldscript

http://.../aff_c?offer_id=25&aff_id=7160&source=www.megaclic.fr &clickTAG=http://.../aff_c?offer_id=25&aff_id=7160&source=www.megaclic.fr

http://.../aff_c?offer_id=25&aff_id=5028&source=www.vk-streaming.com &clickTAG=http://.../aff_c?offer_id=25&aff_id=5028&source=www.vk-streaming.com

http://.../aff_c?offer_id=25&aff_id=1602&source=www.streamov.com Webplayer1&clickTAG=http://.../aff_c?offer_id=25&aff_id=1602&source=www.streamov.com Webplayer1

http://clic.illyx.com/aff_c?offer_id=25&aff_id=5868&source=nb-image-art

http://.../aff_c?offer_id=25&aff_id=5914&source=www.filmiz.ws pending&clickTAG=http://.../aff_c?offer_id=25&aff_id=5914&source=www.filmiz.ws pending

http://.../aff_c?offer_id=25&aff_id=6434&source=www.filmze.biz player&clickTAG=http://.../aff_c?offer_id=25&aff_id=6434&source=www.filmze.biz player

http://softs.illyx.com/.../dl.php?l=us&telecharger=Webplayer

http://.../aff_c?offer_id=25&aff_id=3932&source=footmatchs.football.fr &clickTAG=http://.../aff_c?offer_id=25&aff_id=3932&source=footmatchs.football.fr

Remove webplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.