home

vlc_osetup.exe

Click run software

The application vlc_osetup.exe by Click run software has been detected as adware by 13 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from media.downloadster.org.
Publisher:
Click run software  (signed and verified)

MD5:
5003c14f2fe6688882956fcf6b49dc6b

SHA-1:
319c4d5a82a094c46e606fa0e517c9b460ae8dbc

SHA-256:
68660d2b11a015f563a923f198c5a0d7543b68d458f6059ab0e36e2c86a55f95

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/24/2024 3:44:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen6
7.11.122.50

Comodo Security
Application.Win32.ClickRun.A
17501

Dr.Web
Adware.InstallCore.45
9.0.1.0114

ESET NOD32
Win32/InstallCore (variant)
8.9190

K7 AntiVirus
Unwanted-Program
13.174.10623

McAfee
Artemis!5003C14F2FE6
5600.7150

Reason Heuristics
PUP.Installer.Clickrunsoftware.K
14.8.7.20

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14422

Sophos
Install Core Click run software
4.96

Trend Micro House Call
TROJ_SPNR.0BFD13
7.2.114

Trend Micro
TROJ_SPNR.0BFD13
10.465.24

Vba32 AntiVirus
BScope.Malware-Cryptor.MTA.01650
3.12.24.3

VIPRE Antivirus
Click run software
24766

File size:
1015.5 KB (1,039,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vlc_osetup.exe

Digital Signature
Signed by:
Click run software

Authority:
COMODO CA Limited

Valid from:
4/19/2012 1:00:00 AM

Valid to:
4/20/2013 12:59:59 AM

Subject:
CN=Click run software, O=Click run software, STREET=63 Rotshylid Shderot, L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A243E49C0DAF69F7C5ACF083EB184161

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:94nbHWd3OBUTzOpK1DRjGl8XpeqChrWKwG9PhTou:9K6d3OlK1DRjGl8X8JWKR7

Entry address:
0xC1CA4

Entry point:
55, 8B, EC, 83, C4, F0, B8, 7C, CD, 41, 00, E8, 79, F7, FF, FF, 53, E8, AD, FB, FF, FF, 85, C0, 75, 0A, C7, 05, C0, 65, 47, 00, 02, 00, 00, 00, 8B, 36, 81, FE, E4, 65, 47, 00, 75, C0, 5A, 5D, 5F, 5E, 5B, C3, 8D, 40, 00, 53, 56, 57, 55, 83, C4, F8, 8B, F2, 8B, F8, BD, F4, 65, 47, 00, 81, C7, FF, 3F, 00, 00, 81, E7, 00, C0, FF, FF, 8B, 5D, 00, EB, 33, 3B, 7B, 0C, 7F, 2C, 8B, CE, 8B, D7, 8B, 43, 08, E8, BA, FE, FF, FF, 83, 3E, 00, 74, 50, 8B, 46, 04, 01, 43, 08, 8B, 46, 04, 29, 43, 0C, 83, 7B, 0C, 00, 75, 3E...
 
[+]

Entropy:
6.8905

Developed / compiled with:
Microsoft Visual C++

Code size:
788 KB (806,912 bytes)

The file vlc_osetup.exe has been seen being distributed by the following URL.

http://media.downloadster.org/vlc_osetup.exe

Remove vlc_osetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.