home

webplayer_us.exe

Kreapixel

The application webplayer_us.exe by Kreapixel has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Description:
Webplayer

Version:
2.5.0.0

MD5:
1718dcd16dc81f7fc6a83bf8fd9569a0

SHA-1:
5a636fa7c4a24ae46c0e2a0fb06b7bdfc1f7fa77

SHA-256:
6b85b16212c42d1a0e08f084d08f92364f74325ed9152ca8ce3a3f2c949fe14d

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/19/2024 6:03:17 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/Webplayer.A
7.11.125.184

avast!
Win32:PUP-gen [PUP]
2014.9-140119

Dr.Web
Trojan.Crossrider.9
9.0.1.0360

ESET NOD32
Win32/AdWare.Illyx
8.9308

Fortinet FortiGate
Riskware/Illyx
1/19/2014

IKARUS anti.virus
AdWare.Kreapixel
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.10881

McAfee
Artemis!1718DCD16DC8
5600.7269

Reason Heuristics
PUP.Kreapixel.M
14.2.20.21

Rising Antivirus
AU3SCRIPT:Malware.Banker!1.9DF6
23.00.65.14103

Sophos
Kreapixel
4.96

Trend Micro House Call
TROJ_GEN.F47V1214
7.2.360

File size:
474.9 KB (486,344 bytes)

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\webplayer_us.exe

Digital Signature
Signed by:
Kreapixel

Authority:
Thawte, Inc.

Valid from:
4/28/2013 1:00:00 AM

Valid to:
4/29/2014 12:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:+6Wq4aaE6KwyF5L0Y2D1PqL2KvzxzRLXwx0rT7v:EthEVaPqL3hRLAxuv

Entry address:
0xB9E70

Entry point:
60, BE, 00, 80, 47, 00, 8D, BE, 00, 90, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Code size:
268 KB (274,432 bytes)

The file webplayer_us.exe has been seen being distributed by the following 20 URLs.

http://clic.illyx.com/aff_c?offer_id=25&aff_id=6466&source=www.telecharger-gratuit.co pluginbar

http://clic.illyx.com/aff_c?offer_id=25&aff_id=5996&source=www.dlstream.me

http://clic.illyx.com/aff_c?offer_id=25&aff_id=3644&source=www.allostreaming-fr.com

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1560&source=filmsnet

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1005&source=udirect

http://clic.illyx.com/aff_c?offer_id=25&aff_id=5914&source=www.filmiz.ws vk-player

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1005&source=plugin

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1011&source=frcinema.net

http://clic.illyx.com/aff_c?offer_id=25&aff_id=3932&source=matchendirectss.blogspot.com

http://clic.illyx.com/aff_c?offer_id=25&aff_id=8096

http://clic.illyx.com/aff_c?offer_id=25&aff_id=7462&source=www.watchmovie.ws watchmovie

http://clic.illyx.com/aff_c?offer_id=25&aff_id=6446&source=moviesthere.blogspot.ch

http://clic.illyx.com/aff_c?offer_id=25&aff_id=4418&source=www.lebonfilm.net

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1602&source=www.streamov.com Webplayer1

http://clic.illyx.com/aff_c?offer_id=25&aff_id=7816&source=www.streamiz-filmze.fr

http://ressource.illyx.com/setup/dl.php?l=regie/webplayer/.../exe&telecharger=webplayer_us

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1075

http://clic.illyx.com/aff_c?offer_id=25&aff_id=3212&source=allovk.com lecteur_player

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1001&source=telecharger

http://clic.illyx.com/aff_c?offer_id=25&aff_id=1005&source=www.streaming-vlc.com streamingvlc

Remove webplayer_us.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.