home

winamp_5.53build_1924_lite.exe

Winamp

Nullsoft

This is a setup program which is used to install the application. The file has been seen being downloaded from rs208p4.rapidshare.com.
Publisher:
Nullsoft

Product:
Winamp

Version:
5,5,3,1924

MD5:
fa3224c76ef5a8e046a5a030f16931f7

SHA-1:
54a63f83e94080f451eb1e012bd75c142b0d61cb

SHA-256:
49a40c61e95d58e5da7beea4480c331eb580a28a82d561882ddd600eeb423435

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/27/2024 1:01:02 PM UTC  (today)

Scan engine
Detection
Engine version

Fortinet FortiGate
W32/Backdoor2.EQWF!tr
7/8/2016

F-Prot
W32/Backdoor2.EQWF
v6.4.6.5.141

K7 AntiVirus
Trojan
13.117.5398

McAfee
Artemis!FA3224C76EF5
5600.6345

File size:
4.4 MB (4,651,425 bytes)

Product version:
5.5.3.1924

Copyright:
Copyright © 1997-2008, Nullsoft

Trademarks:
Nullsoft and Winamp are trademarks of Nullsoft, Inc.

Original file name:
Winamp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\winamp_5.53build_1924_lite.exe

File PE Metadata
Compilation timestamp:
3/27/2008 3:36:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:aYhwXCRvbPMSrM2zGl9EM2RfPivaO0Qcwx76ML2y9jSz8GdrMyVbiXhhhRjgk3VX:5+GTPt42zsBC7qvjSz8Gd4qbix1jtBHH

Entry address:
0x1948

Entry point:
9C, 60, 68, 53, 74, 41, 6C, 68, 54, 68, 49, 6E, E8, 00, 00, 00, 00, 58, BB, 59, 19, 00, 00, 2B, C3, 50, 68, 00, 00, 40, 00, 68, 00, 26, 00, 00, 68, AC, 00, 00, 00, E8, 2C, FF, FF, FF, E9, 90, FF, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 83, C4, F4, FC, 53, 57, 56, 8B, 75, 08, 8B, 7D, 0C, C7, 45, FC, 08, 00, 00, 00, 33, DB, BA, 00, 00, 00, 80, 43, 33, C0, E8, 19, 01, 00, 00, 73, 0E, 8B, 4D, F8, E8, 27, 01, 00, 00, 02, 45, F7, AA, EB, E9, E8, 04, 01, 00, 00, 0F, 82, 96, 00, 00, 00, E8, F9, 00, 00, 00, 73, 5B...
 
[+]

Code size:
6 KB (6,144 bytes)

The file winamp_5.53build_1924_lite.exe has been seen being distributed by the following URL.

http://rs208p4.rapidshare.com/.../rsapi.cgi?sub=download&fileid=120531877&filename=Winamp_5.53Build_1924_Lite.exe&dlauth=E8C926B391E2D5767BADA8BEA2618DBF1B78723200C62156EC3938F550177807AD9760B65446B2ED1E431D72B2DDC0CA45FCADCFD06658B48B55D1125EEBEA9D3582EF92B2F56BFBFC06469C9F63710B4BA8FDD23FEA988929C3409767EC5A66ACDFDB2E78495A754B25E22634155665

Scan winamp_5.53build_1924_lite.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.