This is a disguised application under a common media file extension meant to trick the user to download and execute a piece of malware.

While accessing the “.wma” which is a media file extension the following behavior is noticed :

A. A browser page opens to a certain webpage ( ie or

B. It tries to download and execute (when the user hits run on IE ) a malware from the mentioned site.

C. The prompted file to download is named “Codec.exe” which has the Windows Media Player  icon (the name could vary (“PLAY_MP3.exe” or another).

Find out more about symptoms, tehnical description and removal instructions here.

About the author


The meaning of Bitdefender’s mascot, the Dacian Draco, an ancient symbol that depicts a mythical animal with a wolf’s head and a dragon’s body, is “to watch” and to “guard with a sharp eye.” Like our mascot, we are committed to using Bitdefender Labs, our world-class research team, to vigilantly find and eradicate threats for our customers, and to use our platform for the larger good.


Click here to post a comment