» vlc-2.0.1-win32.exe
Overview
Analysis
File Details
Downloads (1)

vlc-2.0.1-win32.exe

Visual Tools

The application vlc-2.0.1-win32.exe by Visual Tools has been detected as adware by 7 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl.cdn-services.com.

File name:

vlc-2.0.1-win32.exe

Publisher:

Visual Tools (signed and verified)

MD5:

98a26573d49f71134f2ae4a63313eb3b

SHA-1:

77ab5c93c9d6cb98b057e595ac44e15a0f7755ad

SHA-256:

a9a839490fe452b9430241361bdf6e5e9a03d8804feb8d9f995c88a72ca323b8

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/20/2024 2:02:37 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Babylon

2014.03.11

Dr.Web

Adware.Toolbar.175

9.0.1.099

ESET NOD32

Win32/Toolbar.Babylon (variant)

8.9525

McAfee

Artemis!98A26573D49F

5600.7165

NANO AntiVirus

Riskware.Win32.Babylon.craswq

0.28.0.58101

Reason Heuristics

PUP.VisualTools.N

14.8.7.22

VIPRE Antivirus

Babylon

27278

File size:

874 KB (894,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\vlc-2.0.1-win32.exe

Digital Signature

Signed by:

Visual Tools

Authority:

Thawte, Inc.

Valid from:

1/9/2013 7:00:00 PM

Valid to:

1/10/2015 6:59:59 PM

Subject:

CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

789958B0264F06055619270074AFA61F

File PE Metadata

Compilation timestamp:

3/13/2013 7:56:02 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:d7DjyQgk1UR9NLynHX/ibZTvd2LjedqVdoTYgxHBULrOnGBdBlBiDNyFWIxtHjil:d75asPiRFgedqaOOnlDNyESdjielpbPc

Entry address:

0x15A7

Entry point:

55, 8D, AC, 24, 40, F6, FF, FF, 81, EC, 3C, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C5, 89, 85, BC, 09, 00, 00, 53, 56, 33, DB, 57, 8D, 75, 88, 88, 5D, 87, C6, 45, 86, 01, E8, AD, 05, 00, 00, 53, 89, 9D, DC, 01, 00, 00, 89, 9D, E0, 01, 00, 00, 89, 9D, E4, 01, 00, 00, C7, 85, E8, 01, 00, 00, 03, 00, 00, 00, FF, 55, C4, 89, 85, D8, 01, 00, 00, 8B, C6, E8, FD, F9, FF, FF, 3B, C3, 0F, 85, 0A, 01, 00, 00, 8D, 85, EC, 01, 00, 00, 50, 8B, FE, E8, 35, FF, FF, FF, 8B, F8, 3B, FB, 0F, 85, C0, 00, 00, 00, 33, FF, 66, 39... 
[+]

Entropy:

7.9972 (probably packed)

Code size:

11.5 KB (11,776 bytes)

The file vlc-2.0.1-win32.exe has been seen being distributed by the following URL.

http://dl.cdn-services.com/files/prtnrp/.../vlc-2.0.1-win32.exe

Remove vlc-2.0.1-win32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.