REALPLAY.exe
RealPlayer (32-bit) by RealNetworks (Signed)
Warning 5 antivirus scanners has detected malware in various versions of REALPLAY.exe.
Overview
realplay.exe has 37 known versions, the most recent one is 17.0.1.181. realplay.exe is run as a standard windows process with the logged in user's account privileges. During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. The average file size is about 341.63 KB. It is an authenticode code-signed executable issued to RealNetworks by the certification authority Thawte. The programs RealPlayer, RealOnePlayer_1059 and WinRAR 4.01 (32-bit) have been observed as installing specific variations of realplay.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 82.1 MB. Addionally, typically read and write I/O disk operations is about 540.12 KB per minute for reads and 12.67 KB per minute for writes.
What is realplay.exe?
RealPlayer, by RealNetworks, is a cross-platform software product primarily used for the playing of recorded media. The media player is compatible with numerous formats within the multimedia realm, including MP3, MPEG-4, QuickTime, Windows Media, and multiple versions (proprietary) of RealAudio and RealVideo formats. The software is powered by an underlying open source media engine called Helix.
About realplay.exe (from RealNetworks)
“Real brings you RealPlayer, the only solution you’ll need for managing all your music and videos. It’s the best free media player around for enjoying all types of entertainment! You can also transfer ”
 Details
|
| File name: | realplay.exe |
| Publisher: | RealNetworks, Inc. |
| Product name: | RealPlayer (32-bit) |
| Description: | RealPlayer |
| Typical file path: | C:\Program Files\real\realplayer\\realplay.exe |
| Certificate |
| Issued to: | RealNetworks |
| Authority (CA): | Thawte |
| Expiration date: | Tuesday, August 16, 2011 |
Programs installed in
(Note, the programs listed below are for all versions of RealPlayer (32-bit) .)
|
Applian Technologies Inc. |
|
Freecorder 5 bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install t...
Real Alternative is a software bundle that allows users to play RealMedia files without installing RealPlayer. Real Alternative is a software bundle that allows users to play RealMedia files without i...
RealPlayer is a cross-platform software product primarily used for the playing of recorded media. The media player is compatible with numerous formats within the multimedia realm, including MP3, MPEG-...
“RealPlayer Cloud enables you to move, watch and share your videos. When you share videos with friends and family they’ll be able to play them on any device or operating system, without downloading the...”
“The following filetypes are enabled and SUPPORTED by the installation of the Vista Codec Package.
amr | mpc | ofr | divx | mka | ape | flac | evo | flv | m4b | mkv | ogg | ogv | ogm | rmvb | xvid
Al...”
“To ensure a consistent Skype experience no matter what device you use we have updated the behavior for video messaging access points when a contact is offline and the share (plus button) menu. When a ...”
Version 4 speeds up decompression by up to 30%. Windows 98, Windows Me, and Windows NT are no longer supported; the minimum Windows version required is Windows 2000. WinRAR is a shareware file archive...
Behaviors
(Note, the behaviors below are for all versions of realplay.exe, select a unique version for details.)
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
- Handler name 'RPPlayMediaOnArrival'
- Handler name 'RPPlayDVDMovieOnArrival'
- Handler name 'RPPlayCDAudioOnArrival'
- Handler name 'RPDVDBurningOnArrival'
- Handler name 'RPCDBurningOnArrival'
Scheduled tasks
- The job 'RealCreateProcessScheduledTask1247296S-1-5-21-3669111873-1580353433-1935662099-1000' runs on registration in the path '\RealCreateProcessScheduledTask1247296S-1-5-21-3669111873-1580353433-1935662099-1000'
- The task '{E26C2663-BEC4-4819-8D2D-15D312F1158A}' runs on registration in the path '\{E26C2663-BEC4-4819-8D2D-15D312F1158A}'
- The job '{CD1D82FD-6C85-4BFE-9A55-66B729011AF4}' runs on registration in the path '\{CD1D82FD-6C85-4BFE-9A55-66B729011AF4}'
- The task '{2D57B953-5798-4027-AD32-FB96E7FE4673}' runs on registration in the path '\{2D57B953-5798-4027-AD32-FB96E7FE4673}'
- The task '{CAF98FFB-8246-4180-8543-CE4146F5E2AE}' runs on registration in the path '\{CAF98FFB-8246-4180-8543-CE4146F5E2AE}'
- The task '{B815BF93-A61B-4EED-9AF4-402B5BA00560}' runs on registration in the path '\{B815BF93-A61B-4EED-9AF4-402B5BA00560}'
- The job '{B00723DD-88CF-42AB-9272-85A4ACE0FC8B}' runs on registration in the path '\{B00723DD-88CF-42AB-9272-85A4ACE0FC8B}'
- The job '{A5338D06-1807-4121-B5B0-69E6C2003821}' runs on registration in the path '\{A5338D06-1807-4121-B5B0-69E6C2003821}'
- The task '{0895B815-A511-4D0A-B56A-6CF1E9D08C22}' runs on registration in the path '\{0895B815-A511-4D0A-B56A-6CF1E9D08C22}'
- The job 'RealCreateProcessScheduledTask11318824S-1-5-21-1478862715-1088129902-3265764659-1000' runs on registration in the path '\RealCreateProcessScheduledTask11318824S-1-5-21-1478862715-1088129902-3265764659-1000'
- The task '{AA7C5070-83A8-43BC-AF3F-225C1AC0CA71}' runs on registration in the path '\{AA7C5070-83A8-43BC-AF3F-225C1AC0CA71}'
- The job '{A894CEF0-8569-4479-8ED4-3BFB4E6FB838}' runs on registration in the path '\{A894CEF0-8569-4479-8ED4-3BFB4E6FB838}'
- The task '{471C618E-7BF8-43F7-B4A1-C55025E0F927}' runs on registration in the path '\{471C618E-7BF8-43F7-B4A1-C55025E0F927}'
- The task '{D9F1E4D5-8621-48ED-B124-22C258F32FF6}' runs on registration in the path '\{D9F1E4D5-8621-48ED-B124-22C258F32FF6}'
- The job '{4D69A9E0-ABF9-4C34-BF05-F5F743F30350}' runs on registration in the path '\{4D69A9E0-ABF9-4C34-BF05-F5F743F30350}'
- The task '{07044237-9D30-413D-B8FB-35F47E7B82FA}' runs on registration in the path '\{07044237-9D30-413D-B8FB-35F47E7B82FA}'
- The job '{ED98A541-D106-4B62-A208-5156B2F9CF19}' runs on registration in the path '\{ED98A541-D106-4B62-A208-5156B2F9CF19}'
- The task '{DA53DD74-4B9B-49E2-9B64-F6FC940B430A}' runs on registration in the path '\{DA53DD74-4B9B-49E2-9B64-F6FC940B430A}'
- The job '{788FD8F4-7015-4AF1-85D0-A2BFB1568852}' runs on registration in the path '\{788FD8F4-7015-4AF1-85D0-A2BFB1568852}'
- The job '{6A797CBD-F1A4-464C-A6C7-F6A33CAEFB18}' runs on registration in the path '\{6A797CBD-F1A4-464C-A6C7-F6A33CAEFB18}'
- The job '{502CA4E6-C85D-4FC7-A5BC-AE15D4F9FDEC}' runs on registration in the path '\{502CA4E6-C85D-4FC7-A5BC-AE15D4F9FDEC}'
- The task '{3864C674-88EC-438C-805E-B5940EC59B79}' runs on registration in the path '\{3864C674-88EC-438C-805E-B5940EC59B79}'
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\Real\RealPlayer\realplay.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'RealTray' → C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent2 |
16.0.0.282 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent2 |
16.0.1.18 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent2 |
16.0.2.32 |
| NANO AntiVirus |
0.28.0.57630 |
Trojan.Win32.Boran.bodorx |
6.0.12.1483 |
| NANO AntiVirus |
0.26.0.55203 |
Trojan.Win32.Boran.bodorx |
6.0.12.1235 |
All file variations of realplay.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
49.50% |
|
| Windows 7 Ultimate |
20.00% |
|
| Microsoft Windows XP |
7.75% |
|
| Windows 8.1 |
6.50% |
|
| Windows 8 Enterprise N |
2.50% |
|
| Windows 8 Enterprise |
2.50% |
|
| Windows 7 Home Basic |
2.50% |
|
| Windows 8 |
2.50% |
|
| Windows 8 Pro |
2.50% |
|
| Windows 8 Enterprise Evaluation |
1.25% |
|
| Windows 7 Professional |
1.25% |
|
| Windows Vista Home Premium |
1.25% |
|
Distribution by country
United States installs about 43.50% of RealPlayer (32-bit) .
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
24.52% |
|
| Toshiba |
17.51% |
|
| Hewlett-Packard |
16.29% |
|
| Lenovo |
12.61% |
|
| Acer |
7.01% |
|
| Sony |
7.01% |
|
| GIGABYTE |
3.68% |
|
| Intel |
3.50% |
|
| Compaq |
3.50% |
|
| ASUS |
3.50% |
|
| American Megatrends |
0.88% |
|
