home

vlcplayer.exe

Installer

my mobile ltd

The executable vlcplayer.exe, “InstallScript Setup Launcher Unicode” has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from 95.211.82.145. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Setup  (signed by my mobile ltd)

Product:
Installer

Description:
InstallScript Setup Launcher Unicode

Version:
1.00.0000

MD5:
3063592eddf95527ed6b77992d1ef182

SHA-1:
91e5b8bb4cc0a0fa98b26f20d5d10d0f03c687b9

SHA-256:
77c8ca42e717319a45589eab022a575aeda06617a7539d47a08028bf5df55da4

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/8/2025 11:55:21 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.23.20

File size:
3.6 MB (3,771,920 bytes)

Product version:
1.00.0000

Copyright:
Copyright (c) 2014 Flexera Software LLC. All Rights Reserved.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vlcplayer.exe

Digital Signature
Signed by:
my mobile ltd

Authority:
COMODO CA Limited

Valid from:
5/13/2014 9:00:00 PM

Valid to:
5/14/2015 8:59:59 PM

Subject:
CN=my mobile ltd, O=my mobile ltd, STREET=kremnitski 6, L=Tel Aviv, S=Israel, PostalCode=6789906, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD454874EF6832F612B8D7B8E9204DEF

File PE Metadata
Compilation timestamp:
5/13/2014 11:13:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:FAooL07FKPnuhC4E2ThuraJ37cGUVeIqqckXvpg+ILZ8AooL07FKP1sf:FAoA0I6C4DTMaZDUgIX7Cx8AoA0I6f

Entry address:
0x4133E

Entry point:
E8, 9A, 68, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 33, D2, 8B, C2, 39, 45, 0C, 76, 11, 8B, 4D, 08, 66, 39, 11, 74, 09, 40, 83, C1, 02, 3B, 45, 0C, 72, F2, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61...
 
[+]

Code size:
416.5 KB (426,496 bytes)

The file vlcplayer.exe has been seen being distributed by the following URL.

http://95.211.82.145/file/-_-MzM3N18xNThfNDE5NF80MjM1X0JSXzIwMC45Ny4xOTUuMTg2XzQxOF81NzEwX0FEUw-_-ADSYS-604cd89d-6678-11e4-86b3-dd4268920bad/149/FLVSoftware/6573//c861c3ba1415362804//

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove vlcplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.