down_installer_vlc_media_player_2_1_5_32-bit_arabic.exe

7-Zip

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application down_installer_vlc_media_player_2_1_5_32-bit_arabic.exe by Free Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Igor Pavlov  (signed by Free Software LLC)

Product:
7-Zip

Description:
7z 安装自释放

Version:
9.20

MD5:
9f1c0bb8db94e7929faba33e11776b77

SHA-1:
e3bd52f9d6e868b11b965c3cbd5f162b2e62f480

SHA-256:
511c253b446f8f7d3982b43f4abaf5f8cf08c454df3509aec50fc9a414111c80

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 11:34:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.8.7.20

File size:
872.9 KB (893,880 bytes)

Product version:
9.20

Copyright:
版权所有 © 1999-2010 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\down_installer_vlc_media_player_2_1_5_32-bit_arabic.exe

Digital Signature
Authority:
Starfield Technologies, Inc.

Valid from:
8/1/2014 1:08:01 PM

Valid to:
7/22/2015 2:23:49 PM

Subject:
CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DD6AADCC34E6

File PE Metadata
Compilation timestamp:
11/18/2010 6:27:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:qddFMz0EfaF0JYsogmB7/aYZ+OWxI7brCXIB/svGfM2LLwMy:qdd6z0kods2B7yrtUO8/s+fLAf

Entry address:
0x1373C

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 69, 41, 00, 68, 36, 37, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, EC, 60, 41, 00, 59, 83, 0D, 24, C9, 41, 00, FF, 83, 0D, 28, C9, 41, 00, FF, FF, 15, F0, 60, 41, 00, 8B, 0D, 14, A9, 41, 00, 89, 08, FF, 15, F4, 60, 41, 00, 8B, 0D, 10, A9, 41, 00, 89, 08, A1, F8, 60, 41, 00, 8B, 00, A3, 20, C9, 41, 00, E8, E0, 5E, FF, FF, 39, 1D, 00, A7, 41, 00, 75, 0C, 68, C4, 38, 41, 00, FF, 15, FC, 60...
 
[+]

Entropy:
7.8064

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
81 KB (82,944 bytes)

The file down_installer_vlc_media_player_2_1_5_32-bit_arabic.exe has been seen being distributed by the following URL.