home

vlc-2.2.1-win32.exe

The executable vlc-2.2.1-win32.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from mirror.yandex.ru.
MD5:
43d9d0ae9ee40328e9ad3fb0e361ed88

SHA-1:
eac2cd94ab253c435695c40ef7ecc055f08fd4ca

SHA-256:
b383ef3cd8428875e216fa6a33e3f4a8f62234e3ada1db08bcc8a3ebd1420e1f

Scanner detections:
2 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/19/2024 2:50:48 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Detection.Undefined
7.0.302.0

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.6.12

File size:
2.1 MB (2,176,779 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

File PE Metadata
Compilation timestamp:
12/16/2014 11:04:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
49152:eLLcbPyjkah7WwqzNfHUdLn16QbQWCsx/Rmu6/iOLZdY6:wNkasXMzbVRmrzLY6

Entry address:
0x4377

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 42, 00, 56, A3, 30, AD, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 81, 3C, 00, 00, A3, 00, AE, 42, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file vlc-2.2.1-win32.exe has been seen being distributed by the following URL.

http://mirror.yandex.ru/mirrors/ftp.videolan.org/vlc/2.2.1/.../vlc-2.2.1-win32.exe

Remove vlc-2.2.1-win32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.