» windows media player.exe
Overview
Analysis
File Details
Downloads (1)

windows media player.exe

Prelasan Developments s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application windows media player.exe by Prelasan Developments s.l has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from pt.win-install.info.

File name:

Publisher:

Prelasan Developments s.l. (signed and verified)

MD5:

2e64ee5138e0cf9db0d762200a1e4b42

SHA-1:

f366649d1f88eb560ebcbe537db1cd07549011ac

SHA-256:

efa4098090385fda04d6d9d68939365d65280f639be3232e7099eaa539d17775

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 1:47:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.964431

664

Agnitum Outpost

PUA.Solimba

7.1.1

AhnLab V3 Security

PUP/Win32.Solimba

2014.12.14

Avira AntiVirus

APPL/Solimba.Gen4

7.11.193.198

avast!

Win32:PUP-gen [PUP]

2014.9-150412

AVG

Adware BundleApp_r.AJ

2014.0.4235

Baidu Antivirus

Adware.Win32.Solimba

4.0.3.15412

Bitdefender

Application.Generic.964431

1.0.20.510

Clam AntiVirus

Win.Trojan.964431

0.98/19938

Comodo Security

Application.Win32.Firseria.GH

20512

Dr.Web

Trojan.DownLoader11.64099

9.0.1.0102

Emsisoft Anti-Malware

Application.Generic.964431

8.15.04.12.03

ESET NOD32

MSIL/Solimba.AK.gen potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Morstars

4/12/2015

F-Prot

W32/S-01b67f1b

v6.4.7.1.166

F-Secure

Riskware.Application.Generic.964431

11.2015-12-04_1

G Data

Win32.Application.Morstar

14.12.24

IKARUS anti.virus

not-a-virus:Downloader.Morstar

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.186.14280

Malwarebytes

PUP.Optional.Solimba

v2014.12.09.01

MicroWorld eScan

Application.Generic.964431

16.0.0.306

NANO AntiVirus

Trojan.Win32.Morstar.dkaoql

0.28.6.63850

Norman

Application.Generic.964431

11.20150412

Panda Antivirus

Trj/Genetic.gen

14.12.09.01

Quick Heal

Adware.Firseria.A5

4.15.14.00

Reason Heuristics

Threat.PrelasanDevelopments

15.4.11.23

Rising Antivirus

PE:Malware.Morstar!6.1B3E

23.00.65.15410

Sophos

PUA 'Solimba Installer'

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4758821

35418

File size:

562.1 KB (575,568 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\windows media player.exe

Digital Signature

Signed by:

Prelasan Developments s.l.

Authority:

GlobalSign nv-sa

Valid from:

9/24/2014 1:07:57 PM

Valid to:

9/24/2016 1:07:57 PM

Subject:

CN=Prelasan Developments s.l., O=Prelasan Developments s.l., L=Barcelona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FE86E799E134BB6B2BBD0E554BFB2C1D

File PE Metadata

Compilation timestamp:

12/9/2014 7:16:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:3b/YqJsiTkpSODk4OPgWkf+g+vQB45FK7/Mb3evjH3SIGW4W6CIn24hbt:3b/Y3iTyzk5PgWwh4rinb31z6CIbt

Entry address:

0xD44C

Entry point:

E8, AF, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, 60, 42, 00, E8, FE, 15, 00, 00, E8, 80, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 42, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0B, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

111 KB (113,664 bytes)

The file windows media player.exe has been seen being distributed by the following URL.

http://pt.win-install.info/windows-media-player/download/.../15

Remove windows media player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.