home

vlc-setup.exe

The application vlc-setup.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from downloader.downloadster.org and multiple other hosts a known adware distribution point operated by Downloadster.
MD5:
0e9fde06be846e024077eb2cc908482e

SHA-1:
e57d4562b7c7db406beb49087f86dc6afc39e767

SHA-256:
70856ebe936f3b2d95a76e60bc4e381814dc28e9edd3de5eb5da8e92678b9bf6

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
4/24/2024 1:40:16 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.135.228

Bkav FE
HW32.Laneul
1.3.0.4959

Comodo Security
ApplicUnwnt
17908

Dr.Web
Adware.InstallCore.122
9.0.1.069

ESET NOD32
Win32/InstallCore.BL
8.9520

F-Prot
W32/InstallCore.R3.gen
v6.4.7.1.166

IKARUS anti.virus
Backdoor.Hupigon
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11378

McAfee
Artemis!0E9FDE06BE84
5600.7195

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.10302

Norman
Troj_Generic.SQONQ
11.20140310

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.158B92F3!361468659
23.00.65.14308

Sophos
Install Core
4.98

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

VIPRE Antivirus
InstallCore
27252

File size:
1.2 MB (1,226,888 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\vlc-setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:mJfsDqNYDaPaDFo7WwFINVvgFe37rzIOrhNyoMuaFXgadEu/enWVSIh:mJfsD+2vj7rsOrhNzoQadEuSW

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
6.8439

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file vlc-setup.exe has been seen being distributed by the following 9 URLs.

http://downloader.downloadster.org/.../vlc.php?kw=vlc media player download&subid=DSTVLBR&cust=vlc media player download&type=vlc&gclid=CNzCnc38-rgCFenm7AodTBgAog&utm_campaign=DSTVLBR&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=VLC Media Player&subid=DSTVLFR&cust=vlc&type=vlc&gclid=CJ26nLTrwLgCFSTKtAodSjUAiw&utm_campaign=DSTVLFR&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=vlc media player&subid=DSTVLIT&cust=vlc media player&type=vlc&gclid=CPXm0aLm8LgCFUZZ3godfnEAAg&utm_campaign=DSTVLIT&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=VLC Media Player&subid=DSTVLFR&cust=vlc&type=vlc&gclid=CPHavdrVs7gCFcfJtAodZXwAag&utm_campaign=DSTVLFR&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=vlc player&subid=DSTVLIN&cust=vlc player&type=vlc&gclid=CMDxv8eiwbgCFYgB4godrH8AhA&utm_campaign=DSTVLIN&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=vlc&subid=DSTVLUK&cust=vlc&type=vlc&gclid=CKXc0-yu-7gCFaKWtAodIS4ArQ&utm_campaign=DSTVLUK&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=vlc free download&subid=DSTVLIN&cust=vlc free download&type=vlc&gclid=CNWA157i4bgCFQkF4gody1cA-Q&utm_campaign=DSTVLIN&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=download player vlc&subid=DSTVLNL&cust=download player vlc&type=vlc&gclid=COP2z_aAh7kCFQeW3godgxMAxQ&utm_campaign=DSTVLNL&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=windows 7 dvd player&subid=DSTVLUK&cust= windows 7 dvd player&type=vlc&lptype=3&met=b&gclid=CIjtzOTIjLkCFdHMtAod514Aow&utm_campaign=DSTVLUK&fwd=1

Remove vlc-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.