home

soft32_vlc media player_1.0.exe

Covus Freemium GmbH

The application soft32_vlc media player_1.0.exe by Covus Freemium GmbH has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from vlc-media-player.de.soft32.com.
Publisher:
Covus Freemium GmbH  (signed and verified)

MD5:
f0c931ef4a47dc861b4a25c6b6f7cf93

SHA-1:
e7b4ab37736d97913fb5ae33c9b41792af223831

SHA-256:
443b8c08e0000a270f32a15795a16928e5d2fb072f96c1246e7442c73f380476

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 6:46:25 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Adware Generic_r.OC
2014.0.3986

Dr.Web
Adware.Downware.5119
9.0.1.05190

ESET NOD32
Win32/DownloadGuide.A potentially unwanted application
7.0.302.0

F-Secure
Adware:W32/Buzzrin
11.2014-08-07_3

IKARUS anti.virus
AdWare.DownloadGuide
t3scan.1.6.1.0

Reason Heuristics
PUP.Optional.CovusFreemiumGmbH.AA
14.7.8.7

Total Defense
Win32/Tnega.VBMKZGD
37.0.11046

VIPRE Antivirus
Threat.4890059
29708

File size:
459.5 KB (470,560 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\downloads\soft32_vlc media player_1.0.exe

Digital Signature
Signed by:
Covus Freemium GmbH

Authority:
GlobalSign nv-sa

Valid from:
1/28/2013 10:21:57 AM

Valid to:
1/29/2015 10:21:57 AM

Subject:
CN=Covus Freemium GmbH, O=Covus Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211DBCB8A07ED407612FC406EFD259BE29

File PE Metadata
Compilation timestamp:
7/4/2014 9:38:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:UYcPtTX5RYX+zZwEuVX1HL7iWtC7u81vj:RQZX5uOlwtVFnit7u8l

Entry address:
0x1C994

Entry point:
E8, A0, 48, 00, 00, E9, 89, FE, FF, FF, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 0C, DE, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF...
 
[+]

Code size:
170.5 KB (174,592 bytes)

The file soft32_vlc media player_1.0.exe has been seen being distributed by the following URL.

http://vlc-media-player.de.soft32.com/get/file/id/.../?lp=adwords&tg=de&kw=Vlc player download&mt=e&ad=40849819342&pl=&ds=s&gclid=CNSf4sSysL8CFRHHtAodO2gAng&uid=b5299846067c096943e22cb86cff58fd

Remove soft32_vlc media player_1.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.