home

webplayer_us.exe

Kreapixel

The application webplayer_us.exe by Kreapixel has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Description:
Webplayer

Version:
2.5.0.0

MD5:
32897a7f3acdf0f25648499bf2fc5776

SHA-1:
3b9177b4ad879f09ef08d6d549a3965238ea5f79

SHA-256:
0cbd7a1f75646d495c5a130751f45eb962c88cb69d02d39d3fc2d6fcbf9b6f1e

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 9:58:12 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod863.Trojan
1.3.0.4613

Dr.Web
Trojan.Crossrider.9
9.0.1.0359

F-Prot
W32/Undefined.Threat
v6.4.7.1.166

McAfee
Artemis!32897A7F3ACD
5600.7271

Reason Heuristics
PUP.Kreapixel.M
14.2.21.0

Rising Antivirus
AU3SCRIPT:Malware.Banker!1.9DF6
23.00.65.131223

Sophos
Kreapixel
4.96

Trend Micro House Call
TROJ_GEN.F47V1113
7.2.359

File size:
470.7 KB (481,960 bytes)

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\webplayer_us.exe

Digital Signature
Signed by:
Kreapixel

Authority:
Thawte, Inc.

Valid from:
4/28/2013 2:00:00 AM

Valid to:
4/29/2014 1:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:/6Wq4aaE6KwyF5L0Y2D1PqLIKvzxzRLXwx0ZNR:9thEVaPqLhhRLAxcNR

Entry address:
0xB9E70

Entry point:
60, BE, 00, 80, 47, 00, 8D, BE, 00, 90, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file webplayer_us.exe has been seen being distributed by the following 12 URLs.

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1011&source=www.cinemavk.com

http://clic.illyx.com/aff_c?offer_id=25&aff_id=7462&source=www.watchmovie.ws watchmovie

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1005&source=udirectplayerb

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1017&source=streamovie.tv

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1043&source=www.streamnolimit.com lecteur

http://clic.illyx.com/aff_c?offer_id=25&aff_id=8186&source=www.streaming-saison.com

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1560&source=seriesnet

http://clic.illyx.com/aff_c?offer_id=25&aff_id=3142&source=www.vkstreamiz.com

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1005&source=tvdirectplayberb

http://clic.illyx.com/aff_c?offer_id=25&aff_id=3716&source=www.filmze-streamiz.com

http://ressource.illyx.com/setup/dl.php?l=regie/webplayer/.../exe&telecharger=webplayer_us

http://clic.illyx.com/aff_c?offer_id=25&aff_id=8814&source=streamay.com

Remove webplayer_us.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.