home

setup.exe

VLC media player

VideoLAN

This is a setup and installation application. The file has been seen being downloaded from google.com.tr and multiple other hosts.
Publisher:
VideoLAN

Product:
VLC media player

Description:
VLC media player 2.1.2

Version:
2.1.2

MD5:
6c185a0cc23a0f3ea29723b884347a24

SHA-1:
b468ca260a3f954911aaa46befeaacaa1ca021c2

SHA-256:
04d51fe6e17036675640274fef6aea0a88ffad17ffb224f6186d97e88060ff49

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 8:14:20 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Kryptik
4.0.3.14322

ESET NOD32
Win32/Kryptik.BXSR (variant)
8.9574

File size:
95.5 KB (97,792 bytes)

Product version:
2,1,2,0

Copyright:
Copyright © 1996-2013 VideoLAN and VLC Authors

Trademarks:
VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN

Original file name:
vlc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
6/20/2003 4:48:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:lanYxFakezPDcuTdcGucSY62ikRcrOAVwHAXltG+Mk8M3z92X4EkQrhurQc:kYDakezAKDmOAVwSltP8z4acrQ

Entry address:
0x1190

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 85, F6, 57, 8B, 7D, 10, 01, 1D, 00, E0, 40, 00, 31, C0, 50, E8, B8, 0B, 00, 00, 89, 05, 70, E0, 40, 00, 03, 3D, 00, E0, 40, 00, 29, D9, 2B, C1, 01, 25, 74, E0, 40, 00, 03, D3, 29, EA, 03, DA, 01, FE, 8B, CE, 89, E7, 2B, 35, 78, E0, 40, 00, 29, 1D, 04, E0, 40, 00, 8B, CF, 29, F7, 03, 1D, 00, E0, 40, 00, 29, D8, 8B, 3D, 00, E0, 40, 00, 29, FE, 2B, CE, 29, 3D, 04, E0, 40, 00, 2B, DA, 29, 35, 7C, E0, 40, 00, 68, 30, 16, 40, 00, 03, 15, 04, E0, 40, 00, 01, CA, 2B, 3D...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
40.5 KB (41,472 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://google.com.tr/setup.exe

http://www.google.com.tr/setup.exe

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.