home

vlc_2.1.5.exe

The application vlc_2.1.5.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from me.file.download.now.dld.oinst02.eu and multiple other hosts.
MD5:
a08c35ea36dea5a5b83ac43c338a45da

SHA-1:
342ce0eb67eab66b16e8573100148137e1ee6a49

SHA-256:
957cd2e96f07705f2bf16aac2fc8f7a393a0f1adf20f7393d32b1dc596925ad7

Scanner detections:
28 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/13/2025 9:22:57 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
PUP/Win32.InstallCore
2015.04.23

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.163.226

avast!
Win32:Adware-gen [Adw]
2014.9-150505

AVG
InstallCore
2016.0.3119

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1555

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Installcore-581
0.98/19765

Comodo Security
ApplicUnwnt
18967

Dr.Web
Trojan.Packed.24524
9.0.1.0125

ESET NOD32
Win32/InstallCore.BY potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
5/5/2015

F-Prot
W32/InstallCore.AD.gen
v6.4.7.1.166

G Data
Win32.Application.InstallCore
15.5.24

herdProtect (fuzzy)
variant of 20140608053625.865.exe (Adware)
2015.8.3.12

IKARUS anti.virus
Backdoor.Win32.Hupigon
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.181.12834

Malwarebytes
PUP.Optional.InstallCore
v2015.05.05.07

McAfee
Artemis!E1CC237A7F7C
5600.6775

NANO AntiVirus
Riskware.Win32.InstallCore.dfglmk
0.28.2.62440

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.170AD063!386584675
23.00.65.15503

Sophos
Install Core Click run software
4.98

Total Defense
Win32/InstallCore.A!generic
37.1.62.1

Trend Micro House Call
Suspicious_GEN.F47V0723
7.2.125

Trend Micro
TROJ_GEN.R047C0OKN14
10.465.05

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
Threat.4788237
31208

File size:
688.1 KB (704,578 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\vlc_2.1.5.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:WnvpS1w3sPVESMn/QLPNPjQ6XlsZwOcmxwaxIxVdWYRJJJkXu19TDbJ:WnvUq3sdW/qjQ6X5OlwaxInddLkunPb

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vlc_2.1.5.exe has been seen being distributed by the following 2 URLs.

http://me.file.download.now.dld.oinst02.eu/installer/Files/get.php?aa=ax/1/mp3//&p=k&u=n&x=L2hvbWUvZG93bmxvYWRlcnMvZG93bmxvYWQvaW5zdGFsbGVyL0ZpbGVzLzYzNi9iZTUvNThkMzQwM2QwNzQ2YTcwYmNiYTFjMDI0NTA0ZmEvVmxjXzIuMS41LmV4ZQ==&r=3747723&loop=2&MC=59&FL=29&IC=29&JG=79&CC=24&FE=8&DA=78&IH=41&JD=63&GH=43&s=556932107220551207453086806643008692903636791812667976557212522391682955525716973770325047200549608893456928615983025630350304375164510212074673975538574615142669120141449806194647505976581758760874919909519984744332090275042120622512474472846380589606211424486637985322616245393364085227676249038570731466006332740263020655669426500757357981266292605760237279839904640438655285445921045762756756210264029648183685890377653228940966379333252521101248003335220226953997212574795810610054676608204694326683053634696701169829750219642200615988448018135028093014078209261859793505419021831143641461497583453813465368551665929076226974320611958594349416009016739337879831036885310361972973647581269252366055

http://download.oneinstaller.com/.../?iid=636&nsoft=1

Remove vlc_2.1.5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.