» vlcplus_setup.exe
Overview
Analysis
File Details
Downloads (1)

vlcplus_setup.exe

The application vlcplus_setup.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from www.coolestmovie.info.

File name:

vlcplus_setup.exe

MD5:

ac4fb02e6094f448480f5d4b4b4e1a5d

SHA-1:

6b5affc2f64df27d59dab8749a55bc22a7d59107

SHA-256:

cc813330ef07a1d6e1f67fc5b9cb4ebb0df1c6bd12ba746770ca0d7801295c4d

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/18/2024 6:15:33 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/Linkular.D

7.11.196.234

avast!

Adware-gen [Adw]

141214-1

Comodo Security

Application.Win32.Linkular.AY

20423

Dr.Web

Adware.PowerPack.2

9.0.1.05190

ESET NOD32

Win32/AdWare.Linkular.AJ application

7.0.302.0

F-Prot

W32/Linkun.A (exact, not disinfectable)

4.6.5.141

G Data

NSIS.Application.Linkular

14.12.24

K7 AntiVirus

Adware

13.188.14395

Kaspersky

not-a-virus:AdWare.Win32.Linkun

15.0.0.543

Malwarebytes

Adware.Linkular

v2014.12.20.05

McAfee

Program.Artemis!6181B853CF4C

16.8.708.2

NANO AntiVirus

Riskware.Win32.Linkular.dbpxeq

0.28.6.64267

nProtect

Trojan-Clicker/W32.Linkun.453592

14.12.19.01

Sophos

PUA 'Linkular'

5.09

SUPERAntiSpyware

Adware.BrowseFox/Variant

10167

Total Defense

Win32/Tnega.KfOLCY

37.0.11339

Trend Micro House Call

ADW_DOWNWARE

7.2.354

Trend Micro

ADW_DOWNWARE

10.465.20

Vba32 AntiVirus

AdWare.Linkun

3.12.26.3

VIPRE Antivirus

Threat.4150696

35418

File size:

443 KB (453,592 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\vlcplus_setup.exe

File PE Metadata

Compilation timestamp:

12/5/2009 11:52:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:Ljdh3sc3Xy9uTk4FF1g38Hx1iCJXOyC1aNJjrlIpGPy7:Ljdh3N3i9uTk4rH1fiaNhRIpGPy7

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file vlcplus_setup.exe has been seen being distributed by the following URL.

http://www.coolestmovie.info/ds/.../?pid=747&context=u54007ab05239fb1217cd0cb46f

Remove vlcplus_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.