» vlcmediaplayer.exe
Overview
Analysis
File Details

vlcmediaplayer.exe

Air Software

Warning, this is not the legitimate setup program for VLC Media Player. The setup is bootstrapped by the Air Installer 'download manager' (a pay-per-install monetization download manager) that bundles unwanted software (adware, toolbars, extensions) during setup while deciving the user into thinking they are downloading the stadard installation setup from VLC Media Player. The application vlcmediaplayer.exe, “VLC Media Player Setup ” by Air Software has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

vlcmediaplayer.exe

Publisher:

VLC Media Player (signed by Air Software)

Product:

VLC Media Player

Description:

VLC Media Player Setup

Version:

1.0

MD5:

703687a1add4922ef38c9a42c6a0c437

SHA-1:

7d9a000cacbeb0336db882b04fe2725cac029d8f

Scanner detections:

2 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 1:04:08 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.56

9.0.1.0316

Reason Heuristics

PUP.Air Software.AirSoftware.Bundler (M)

15.11.12.14

File size:

429.2 KB (439,488 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager (using Inno Setup)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\vlcmediaplayer.exe

Digital Signature

Signed by:

Air Software

Authority:

COMODO CA Limited

Valid from:

6/26/2011 8:00:00 PM

Valid to:

6/26/2012 7:59:59 PM

Subject:

CN=Air Software, O=Air Software, STREET=185-911 Yates St., STREET="Suite #327", L=Victoria, S=BC, PostalCode=V8V4Y9, C=CA

Issuer:

CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C3BFAFF5374660A208126E655CBD3E13

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:5na9Y7+4R/Y23cMNcc5n0hkHU5vLv20hLS8BEMD:5naKS4tpFFqNS8SQ

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9203

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove vlcmediaplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.