» libaccess_output_http_plugin.dll
Overview
Analysis
File Details

libaccess_output_http_plugin.dll

Giner Tech Inc

This is a module (plug-in) to the VLC (LibVLC application) media player framework that is a HTTP Network access module, however, the file is signed and redistributed by a third party that could be part of a potentially unwanted program. CmdShell.exe is a plugin used with VLC media framework and is recompiled by Giner Tech Inc. The module libaccess_output_http_plugin.dll by Giner Tech Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is typically installed with the VLC Media Player from VideoLAN. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.

File name:

Publisher:

SearchProtect (signed by Giner Tech Inc)

Product:

SearchProtect

Description:

CmdShell.exe

Version:

4,0,1,2253

MD5:

642738750daf7d963b28897ff9e77455

SHA-1:

12db280554c6e598e49b22a1c2548ae920b24055

SHA-256:

99977210a45c06784190f028c68b9d2a00b59a16abf468c96858933d0a914c30

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is a plugin used with VLC media framework. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:

11/27/2024 4:41:22 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Thinknice (M)

16.11.20.16

File size:

37 KB (37,888 bytes)

Product version:

4,0,1,2253

Original file name:

CmdShell.exe

File type:

Dynamic link library (Win32 DLL)

Language:

Chinese

Common path:

C:\Program Files\videolan\vlc\plugins\access_output\libaccess_output_http_plugin.dll

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

4/19/2015 11:43:22 PM

Valid to:

12/2/2015 2:23:38 AM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112186B135D0152CD8EA8D04B67D2A0CCF34

File PE Metadata

Compilation timestamp:

4/20/2015 6:41:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

768:qz+eOeRUqbEfI+vaedhFduIt2mZV7ZFm/s:q6eOebb4I+ZTduE7ZFJ

Entry address:

0x267E

Entry point:

E8, 8E, 03, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 50, 30, 40, 00, 6A, 01, A3, 9C, 44, 40, 00, E8, 81, 04, 00, 00, FF, 75, 08, E8, 7F, 04, 00, 00, 83, 3D, 9C, 44, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 67, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, 68, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 73, 04, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 42, 40, 00, 89, 0D, 7C, 42, 40, 00, 89, 15, 78, 42, 40, 00, 89, 1D, 74, 42, 40, 00, 89, 35, 70, 42, 40, 00, 89, 3D, 6C... 
[+]

Code size:

8 KB (8,192 bytes)

Remove libaccess_output_http_plugin.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.