home

installer_vlc_media_player_english.exe

Onekit Internet S,L

The application installer_vlc_media_player_english.exe by Onekit Internet S,L has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the OneKit Downloader installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Onekit Internet S,L  (signed and verified)

MD5:
231cf8ee2503d7876d963d9f75bfb7ac

SHA-1:
8be5824383a9fe526eda15377b7ab9e5f388ac0b

SHA-256:
91fd0b81c6fb00a5831a6562c6e8832486e74b610fa426882353ca04d8e92333

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/4/2024 11:17:32 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCore.A.1279
7.11.168.100

AVG
Generic
2015.0.3377

Dr.Web
infected with Trojan.Packed.28459
9.0.1.05190

ESET NOD32
Win32/InstallCore.PP potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.AC.gen
v6.4.7.1.166

IKARUS anti.virus
PUA.OneKit
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13113

Malwarebytes
PUP.Optional.Onekit.A
v2014.08.20.11

McAfee
Adware-DomaIQ
5600.7033

NANO AntiVirus
Riskware.Win32.InstallCore.dddwtg
0.28.2.61721

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.OnekitInternetSL.c
14.8.18.14

Sophos
Generic PUA MI
4.98

Trend Micro House Call
Suspici.A9EB330C
7.2.232

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4786531
32210

File size:
858.8 KB (879,368 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OneKit Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\installer_vlc_media_player_english.exe

Digital Signature
Signed by:
Onekit Internet S,L

Authority:
GlobalSign nv-sa

Valid from:
4/15/2013 6:25:37 PM

Valid to:
5/18/2016 12:11:52 PM

Subject:
E=info@onekit.com, CN="Onekit Internet S,L", O="Onekit Internet S,L", L=Cerdanyola Del Valles, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216C6B688869B7980323D94C3965BBB528

File PE Metadata
Compilation timestamp:
12/5/2009 10:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:Cqz5csrHtB9vaPdocQjHgj4y/Qmtn0bcu1+/WNJTv:Fz5pBJ4pQu4y/710bZgkV

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9893

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer_vlc_media_player_english.exe has been seen being distributed by the following URL.

http://mediaplayer4.begin.pro/.../download?p=MATOMY&trckid=121791|20uPg54zdqzJaz840zpuVE1x6MjZ000.&affid=176681

Remove installer_vlc_media_player_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.