home

vlcmediaplayer-setup.exe

Zoobam

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application vlcmediaplayer-setup.exe by Zoobam has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Zoobam  (signed and verified)

MD5:
bb706d9d7c22eb44f484eb3bffab726b

SHA-1:
4e46f86a45dce19c15fe607ce482ede69dababd4

SHA-256:
e6f252da438c3ae9a8e49ba5ae77f58b5e526880b84b2485ac6ee1186a269270

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/27/2024 3:52:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.KJ
453

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Downware
2015.07.11

Avira AntiVirus
PUA/DownloadAdmin.Gen
8.3.1.6

Arcabit
Application.Bundler.KJ
1.0.0.425

avast!
Win32:Adware-CIX [PUP]
2014.9-151109

AVG
Generic
2016.0.2931

Bitdefender
Application.Bundler.KJ
1.0.20.1565

Bkav FE
W32.HfsAdware
1.3.0.6979

Clam AntiVirus
Win.Adware.Downloadadmin
0.98/21511

Comodo Security
Application.Win32.DownloadAdmin.ANGL
22730

Dr.Web
Trojan.Vittalia.36
9.0.1.0313

ESET NOD32
Win32/DownloadAdmin.H potentially unwanted (variant)
9.11924

Fortinet FortiGate
Riskware/DownloadAdmin
11/9/2015

F-Prot
W32/S-92ce39bf
v6.4.7.1.166

F-Secure
Adware:W32/WebInstallBundle
11.2015-09-11_2

G Data
Application.Bundler.KJ
15.11.25

K7 AntiVirus
Unwanted-Program
13.205.16532

Malwarebytes
PUP.Optional.DownloadAdmin
v2015.11.09.07

McAfee
Artemis!BB706D9D7C22
5600.6587

MicroWorld eScan
Application.Bundler.KJ
16.0.0.939

NANO AntiVirus
Riskware.Win32.Downware.djahkt
0.30.24.2487

Quick Heal
PUA.Optdownloader.A6
11.15.14.00

Reason Heuristics
PUP.Tightrope.Zoobam.Bundler (M)
15.11.9.7

Total Defense
Win32/Tnega.IQCCUAC
37.1.62.1

Trend Micro
TROJ_GEN.F0C2C00B315
10.465.09

Vba32 AntiVirus
Downloader.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41908

Zillya! Antivirus
Downloader.Agent.Win32.232847
2.0.0.2282

File size:
825.3 KB (845,088 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlcmediaplayer-setup.exe

Digital Signature
Signed by:
Zoobam

Authority:
GoDaddy.com, Inc.

Valid from:
10/15/2014 10:27:59 PM

Valid to:
10/15/2017 10:27:59 PM

Subject:
CN=Zoobam, O=Zoobam, L=Kirkland, S=Washington, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EA9D31E75E043

File PE Metadata
Compilation timestamp:
7/15/2014 12:29:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:8xpJfslZtuaVd9lpmhwQbift489IVGD4xJFl6Xqb5Kbmkg8SV:wp9sVuaVdvgVbmgGDijyikg5V

Entry address:
0x3345

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00...
 
[+]

Entropy:
7.4925

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file vlcmediaplayer-setup.exe has been seen being distributed by the following URL.

http://piratebay.com/wp-content/themes/.../torrent_search.php?query=xxx proposal

Remove vlcmediaplayer-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.