home

webplayer_ar.exe

Webplayer setup

Kreapixel

The application webplayer_ar.exe, “Webplayer setup Setup ” by Kreapixel has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
2,7 Mo   (signed by Kreapixel)

Product:
Webplayer setup

Description:
Webplayer setup Setup

MD5:
f3435060c8ffbf11a5dda0d9509f7cbc

SHA-1:
65f5900867bbc77ae0ed7c58863054cd91875154

SHA-256:
e73fad2057dd0082e579b312010d9d5ff604526656e4ab597cb953af1a47ce49

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 4:46:51 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Undefined.Threat
v6.4.7.1.166

Reason Heuristics
PUP.Installer.Kreapixel.M
14.2.27.7

File size:
3.2 MB (3,355,752 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\webplayer_ar.exe

Digital Signature
Signed by:
Kreapixel

Authority:
Thawte, Inc.

Valid from:
10/22/2012 1:00:00 AM

Valid to:
4/23/2013 12:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
452FBFB1AEBD907CC222ACC2D160BC37

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:c9Sq2tjCakqk2z4sPFSG80ddCfu/hAtVK29NLleisMYxU1kxOQ2sGDVC9ktguw4:WSqMk20eFldsMA3K29XtsBOQoC9km0

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file webplayer_ar.exe has been seen being distributed by the following 4 URLs.

http://clic.illyx.com/aff_c?offer_id=373&aff_id=1634

http://.../aff_c?offer_id=25&aff_id=3892&source=&clickTAG=http://.../aff_c?offer_id=25&aff_id=3892&source=

http://clic.illyx.com/aff_c?offer_id=373&aff_id=1189

http://securelinkdownload.com/.../dl.php?l=ar&telecharger=Webplayer_AR

Remove webplayer_ar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.