home

webplayer.exe

Kreapixel

The application webplayer.exe by Kreapixel has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Version:
3.3.8.1

MD5:
a015c741ac1e226d8decb5292d01cdcd

SHA-1:
5b069c06cba28de160f4ae144565c359d29b32dc

SHA-256:
9786024673ba0d2446bb0afc89fe6f95a7f4d6bb86f078d8a3518357a4509e3c

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/20/2024 3:34:12 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.9
9.0.1.0357

ESET NOD32
Win32/Toolbar.Babylon
7.8963

Fortinet FortiGate
Riskware/Toolbar
12/23/2013

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Toolbar
t3scan.2.0.127

Reason Heuristics
PUP.Kreapixel.J
14.2.16.5

Sophos
Kreapixel
4.94

Trend Micro House Call
TROJ_GEN.R0CBB01I413
7.2.357

VIPRE Antivirus
Trojan.Win32.Generic
22702

File size:
711.5 KB (728,592 bytes)

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\webplayer.exe

Digital Signature
Signed by:
Kreapixel

Authority:
Thawte, Inc.

Valid from:
4/28/2013 1:00:00 AM

Valid to:
4/29/2014 12:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:a6Wq4aaE6KwyF5L0Y2D1PqLU+LxbYdV5vMjCSxMPDl:4thEVaPqLU+L8HTV

Entry address:
0xDBEB0

Entry point:
60, BE, 00, A0, 49, 00, 8D, BE, 00, 70, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file webplayer.exe has been seen being distributed by the following 11 URLs.

http://.../aff_c?offer_id=25&aff_id=3932&source=watchfoot.football.fr &clickTAG=http://.../aff_c?offer_id=25&aff_id=3932&source=watchfoot.football.fr

http://clic.illyx.com/aff_c?offer_id=373&aff_id=3826

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1560&source=seriesbb

http://clic.illyx.com/aff_c?offer_id=25&aff_id=7754

http://.../aff_c?offer_id=25&aff_id=1383&source=french-dvdrip.com &clickTAG=http://.../aff_c?offer_id=25&aff_id=1383&source=french-dvdrip.com

http://ads.illyx.com/aff_c?offer_id=25&aff_id=7604

http://clic.illyx.com/aff_c?offer_id=373&aff_id=1189

http://.../aff_c?offer_id=25&aff_id=6434&source=www.dpstream-fr.net player&clickTAG=http://.../aff_c?offer_id=25&aff_id=6434&source=www.dpstream-fr.net player

http://wplpremium.com/.../dl.php?l=fr&telecharger=Webplayer

http://.../aff_c?offer_id=25&aff_id=7604&source=oldscript&clickTAG=http://.../aff_c?offer_id=25&aff_id=7604&source=oldscript

http://softs.illyx.com/.../dl.php?l=us&telecharger=Webplayer

Remove webplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.