home

vlc-media-player-2-1-5-32-bits.exe

Software Generic Internet

The application vlc-media-player-2-1-5-32-bits.exe, “Software Generic Internet Setup ” has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Product:
Software Generic Internet

Description:
Software Generic Internet Setup

MD5:
2573e24241596c25ba5a220c324717e1

SHA-1:
a5c921f0b1dcca68cda8d0c2c4e0790ae6354883

SHA-256:
f28ffac0b80b8c0726f41e806acee7980a3829bc1e9f0e6caaecf05048a7d7e4

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/7/2024 12:04:04 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.16111

Comodo Security
Application.Win32.InstallCore.KKQ
21128

ESET NOD32
Win32/InstallCore.UL potentially unwanted (variant)
10.11197

Reason Heuristics
PUP.InstallCore.Bundler (M)
16.1.11.14

Trend Micro House Call
Suspicious_GEN.F47V0120
7.2.11

File size:
671.7 KB (687,809 bytes)

Product version:
3.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc-media-player-2-1-5-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:qQApvpDO1oYSgwaTLH9cId/XxafB626AVS45t79mazyyKDtAZTRl:q9pvZSoYSgwYz9vxN2BS41Pzyyt/

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vlc-media-player-2-1-5-32-bits.exe has been seen being distributed by the following 3 URLs.

http://d.likelyaa.com/?ic_user_id=9289&data=C7c/LLN5MGX98ye5KggQR1SHvf35LvniCCjkFmLA8/wDvKkPi2ONkWHJnrG2XQV82vTKSsrLBVUnAmx8e3yKDmcyW4lCIysAc xwLC3WgfJaLHKgIkap0CojmbERpUeLZIEoPRz iDej32c2aW2WdwVSU5KrV120lFe oFJCSk1F3vaGmwYWILoAULwBXN4BMJ P5IubdTStuUBozshJzeQ6LRA4sKiinkCFj6OsupziQyeKKXKkY SR9By0rwZjisx8LbfcTraK2hkSIWsCQcCoSlKN39qaVTtqYWWBqU7zq7/ghrW5cPuUpAnBAJIJt7ZBh7LvETbmmb1ii5SxYmrkWt/DKE2gK4po7qCh2SXeF8hKbdTG3VAYaF7PqziW46Cwp0qaMWJirbMH lCBt0h GH6xg/yzgwuwBFjb971vJIvcU7jMmDv5y/L0p9ZCrERe3Np6Qvwj9UMYPWlX8fjdvMkcHvTrsLVzfvgko1VP9i0Ul/FXwqZeOLFlI0ca9Ms1ia6Oq6geWa9MsPSaZSO6u2kL1iPlyU2L3SK9JZ6pdh8voi4c0pevM CL7nSqirwsEq2RKz4FqXscpmkaG2GnDoGmXEyrLYWldcyvTrIIjb9wG2YiCAzbPzocaCao6ymNkwEyQJG002nFIs5G3QRhXULhMAwzNg9dXUB8GegCe5DkXJITNtiOh7MiDR2HnOdBf/ebszRJC83 NYsBi/VoAfyrpjOlLDcVfRGJZc/.../fYqpwbJGq9xi5b12OFu0Y8pZKSClunEO5XUhasKEKSrx1W7Y3JAOXx

http://d.likelyaa.com/?ic_user_id=9289&data=LhGYLIBSGRObJjP6Xx5U2ZEOmFDaqVWbDEPR7g1rjRJx/0sHKqjeS i4yzUbKbwJEE1wVH2nthsuKNvd4tBpuD/DGLiBI1xz4BXYyzTC Wi4jQF/1ajbvLAgWt17Y9hTIUxAnz3zJXkm5YwsFzsiJBcpvIbRDLdBGNcYj1LW 7nqPDsdhOPX17CWClZRysrYC1R/Bt xXOVk3aoOnf2muixN0EI8tl8hCb yhWDkANjArTX/FDIBJgIPzweRGDN7OoxaRbd3Ze0qaAlBZcHU0qrVZ0S59eN 2KJESEJ3DdkpW9VilpvDjoYUhUduGeZ8LUWLfIJeGTGwdfCP2XQKD2QPYekGzcdszko8CvU 81U18rBu4PZPvuuM 5 S8CAZCSBHAwxexK3Tm22tLYwp1RCXLI5K2XtrjlkiwrdinIdfpU1r6Eak2Iy2q0Qkn1jqD6yJtL1rN0mcJgcEUa2NOL07KN6rXFMP98PxnoIrlUc hXCi5P5Yp1DH12xESmLtspFPBB9xp22pSdLw/WncNVAe7PIg3TaVBF5jjah5zDkULN/A5/bgKI898bK28mYnkxlTsmjJTCFGFETvJZRQSarHeKnET/rXYY/bu82cxDlJFZ0awzfDHnS6EbusPW00soGpkjMoaU7jVgLJf9wnhD39sG4KGY7q5rOagDKiO/2YNUOZx K4tQaKAwkCJmeKGeNPvT09zdWDC6MQCs3b2hyRBFhR4FFPvOeUW0A 3R7edJJRmmzbW5nRD9oObK3WpvCxNQUL qENwr6O4Vq69fc/y8R59wMDm2NHRUcmD2eRr0iC&key=cPE/.../eoTCky9yXFYdyuAu6bKuE2t7ecCAi0NlMOrqOXoAMjfOuwbdgMs6aeSY5u57QLW

http://d.likelyaa.com/?ic_user_id=9289&data=phEBN4KjPDHZ6FaYREBLcal7UIWU89oBXNnGJdiU5Jp8csm3zYRqf4lrX1eAuk1KYugtrqT1LomZHf44hI qkJDJz5/VWlO8Gt4v SlBt6SRkfnq9eCMAk7Zl3XWZcEEk12EjVrKTi50dFkfoWWe01YscVCNmboxQQv1W1Iy8JRb Ftauhb03HQhjsCpckw3qdQyrJyeEDVeGPmi27s5jzt8XAaEmMwi60K 8CfoE3/wHh4LRVxZfeRTvQvs teNJOWoWx9bU5ezR/3fO5u7iaz1i6XKDku/fJtO0YmVcF6rGs8q/z2i WaHX9xSOYEmdbYC4miSAFqdIsZ/OEtZQczwX1sKOmt0e2uMw3bNml94hDUkeCIuBH86kcY/ALgMFshmFKs/8XTZf 50N7nm8qiVssBhwTx3Htq7ePHoMsu2I 8FziruAVrk/cCxPRFb2QcRFNoUsOpHjVnIfG6wYHyo5sSjU/7voQPHID8c kwP2iCUUfuIk/u6qT8HduGcwzsf0uboHC471ZKQqyAx9QmbPLovxMfx7dTiHhW4oMAKq2Utn7R7PnSKO V9PbvySbn2i1QIRw leHGFWita/hrJ4bfSLUZaxWH4FLs/0uWCPfjjzd9S5GaTlm fcxxO7iFOpuJjcZ80Aoou6CesnsdASnQGHHEGSMuRD0VsYXvIZXziOkzIsSxN1LSsurFqaHYFHS E3Il5tLGScmCm/wVOGy2I9X/4ggP/8Boe9CcacVWlm5 h6RvZa/2V0U8pRJdySeRReHYmmOYMmjm6Gftq5n4YGaDc5tHik3Ez/AO4b6Ej&key=FT9hAnfX5CTlvf6uC AVFkfAZ832ybqJctIhXH54mKER0gupwfO 88Y0AP l64ZX42ZJ6eq372XuDiHLd/MCLA/.../DYpppmZVhyLj tXL3M1rAhRFqZneBypnHIcMWhjpYys

Remove vlc-media-player-2-1-5-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.