Anyone know what this is: Media_Player_Setup.exe / Win32.iBryte

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

These URL's came in a spam today:

hxxp://3ouzz.exclusive-rewards.upgradechannel.eu

hxxp://trkm79.com/?E=fuckoff

I replaced some alpha-numeric junk with "fuckoff" in the second link.

One of those URL's spawned a bunch of stuff that resulted in a diversion
to here:

hxxp://0uozz.download.prizeslocket.eu/?sov=alpha_junk

Which is some sort of fake adobe download page.  The Install link
resulted in this:

hxxp://secure.pn-installer9.com/o/ytz_fpp/Media_Player_Setup.exe?subid=blabla
&filedescription=Media%20Player%20Setup&adprovider=blabla
&mode=hosted&cpixel=http%3A%2F%2Fsecurepostback.com%2Ftracking%2Fset_server_pixel%2F%3Fadv%blabla

I replaced some alpha-junk in the above URL with "blabla"  

Although this will work:

hxxp://secure.pn-installer9.com/o/ytz_fpp/Media_Player_Setup.exe?

Media_Player_Setup.exe

File version: 2.4.8.1
Description: Fusion Install
Copyright 2013 Fusion Install
226,168 bytes


VT scan:

https://www.virustotal.com/en/file/3aba147dd63643b605837a9a80efe617040f0a9db6f4a887777b3e879c635c3b/analysis/1402532297/

Detection ratio:  11 / 54

VT had apparently not seen this sample before.

AVG             Generic_s.BZ
Antiy-AVL       Riskware[:not-a-virus]/Win32.iBryte.jgi
CMC             Packed.Win32.TDSS.2!O
ESET-NOD32      a variant of Win32/AdWare.iBryte.AL
K7AntiVirus     Unwanted-Program ( 0040f84f1 )
K7GW            Unwanted-Program ( 0040f84f1 )
Kaspersky       not-a-virus:AdWare.Win32.iBryte.jgi
Kingsoft        Win32.Troj.iBryte.j.(kcloud)
Malwarebytes    PUP.Optional.OptimumInstaller.A
Panda           Trj/Genetic.gen
Sophos          iBryte Optimum Installer

http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/iBryte%20Optimum%20Installer/detailed-analysis.aspx

iBryte Optimum Installer is an installer which bundles legitimate
applications with offers for additional third party applications that
may be unwanted by the user. Such third party applications are typically
installed onto users’ computers by default, but may include an option to
‘opt-out’ during or after the installation process.

Site Timeline