home

vlc-2.2.4-win32.exe

Frank Bohling

The application vlc-2.2.4-win32.exe by Frank Bohling has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.vlc-updater.de.
Publisher:
Frank Bohling  (signed and verified)

MD5:
a344ab66eca5413a33f98ecb0efa4683

SHA-1:
2a89fbde6e63491123f1a64d0706f7136e5478fe

SHA-256:
aa7e3b0945ed8e24d4faefb503016c4094d1ded69a0eecd05c4afef01650a2ff

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/4/2024 10:17:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.19.3

File size:
30 MB (31,457,120 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\vlc-2.2.4-win32.exe

Digital Signature
Signed by:
Frank Bohling

Authority:
StartCom Ltd.

Valid from:
4/21/2016 2:15:33 AM

Valid to:
4/21/2018 2:15:33 AM

Subject:
CN=Frank Bohling, O=Frank Bohling, L=Verden, S=Niedersachsen, C=DE

Issuer:
CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL

Serial number:
4713945366E8C4F8C2DFCED861E76B97

File PE Metadata
Compilation timestamp:
2/24/2012 8:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file vlc-2.2.4-win32.exe has been seen being distributed by the following URL.

http://www.vlc-updater.de/.../vlc-2.2.4-win32.exe

Remove vlc-2.2.4-win32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.