home

VlcMediaPlayer_SoftangoDownloader.exe

R2D2 Tech Software LLC

This is the Performersoft setup installer. The application VlcMediaPlayer_SoftangoDownloader.exe by R2D2 Tech Software has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
R2D2 Tech Software LLC  (signed and verified)

Version:
14.4.10.23

MD5:
414f12eac4ae44535b595e169e0b0e01

SHA-1:
814025e10ffb25ef34b940deb4e9e1a25ab6f38e

SHA-256:
1d43f8256dd0b2f18fc07ee7e15447535f872b429d9ae48bff603e4686eb30f7

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 11:08:19 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaik.1231
1020

Agnitum Outpost
PUA.InstallBrain
7.1.1

AVG
MalSign.InstallC
2015.0.3508

Bitdefender
Gen:Variant.Jaik.1231
1.0.20.550

Comodo Security
Application.Win32.InstallBrain.BF
18047

Dr.Web
Adware.Downware.2543
9.0.1.0101

Emsisoft Anti-Malware
Gen:Variant.Jaik.1231
8.14.04.20.12

ESET NOD32
Win32/InstallBrain.BW (variant)
8.9663

G Data
Gen:Variant.Jaik.1231
14.4.24

Malwarebytes
PUP.Optional.InstallBrain
v2014.04.11.03

MicroWorld eScan
Gen:Variant.Jaik.1231
15.0.0.330

Reason Heuristics
PUP.R2D2TechSoftware.b
14.8.8.0

Sophos
InstallBrain
4.98

VIPRE Antivirus
InstallBrain
28194

File size:
1.2 MB (1,236,976 bytes)

Product version:
14.4.10.23

Copyright:
Copyright 2014

Original file name:
VlcMediaPlayer_SoftangoDownloader.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vlcmediaplayer_softangodownloader.exe

Digital Signature
Signed by:
R2D2 Tech Software LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/18/2013 4:13:12 PM

Valid to:
12/18/2016 4:13:12 PM

Subject:
CN=R2D2 Tech Software LLC, O=R2D2 Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
7287089BC80B

File PE Metadata
Compilation timestamp:
4/10/2014 4:02:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:uAhOqqEQTo5IrfvBOqV/gBi5iyfuYmkMXY5YREaBtYDz+aB3Bflq0OAxj:UtEQTo5InwggBixuYwI5CTI7hNzOAF

Entry address:
0xF809

Entry point:
E8, 55, 4E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, FC, 42, 00, 00, 75, 18, E8, A0, 46, 00, 00, 6A, 1E, E8, EA, 44, 00, 00, 68, FF, 00, 00, 00, E8, E3, 16, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 94, FC, 42, 00, FF, 15, 8C, 30, 42, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 98, FC, 42, 00, 74, 0D, 53, E8, 79, 1B, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 71, 1D, 00, 00, 89, 30, E8, 6A, 1D, 00, 00, 89...
 
[+]

Entropy:
7.8064  (probably packed)

Code size:
134 KB (137,216 bytes)

The file VlcMediaPlayer_SoftangoDownloader.exe has been seen being distributed by the following URL.

http://www.softologic.com/.../gk99q?exename=VlcMediaPlayer_SoftangoDownloader&cid=3966&soft_id=63213

Remove VlcMediaPlayer_SoftangoDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.