home

setup_vlc_media_player.exe

VLC Media Player

Install Helper

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup_vlc_media_player.exe by Install Helper has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Install Helper  (signed and verified)

Product:
VLC Media Player

Version:
3.0.0.76

MD5:
1d7436728fe07fb9275e07ec551a2a97

SHA-1:
27b09d60da9faceb777e882e289b77202b8bff58

SHA-256:
62fa8185f34ec31df9da40abfc2f048d26c754b174dc38064a791370ca920b10

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/13/2025 12:51:33 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
150203-1

AVG
Generic
2016.0.3182

Comodo Security
Packed.Win32.MUPX.Gen
21100

Dr.Web
Trojan.Vittalia.13
9.0.1.05190

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.DownloadAssistant
t3scan.1.8.6.0

NANO AntiVirus
Trojan.Win32.DownLoader12.dncixg
0.30.0.65070

Reason Heuristics
PUP.Bundler.Vittalia
15.3.2.17

Sophos
PUA 'AirInstaller'
5.11

File size:
465.6 KB (476,800 bytes)

Product version:
3.0.0.76

Copyright:
(c) Install Helper

Original file name:
setup_vlc_media_player.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup_vlc_media_player.exe

Digital Signature
Signed by:
Install Helper

Authority:
Symantec Corporation

Valid from:
1/28/2015 7:00:00 PM

Valid to:
1/29/2016 6:59:59 PM

Subject:
CN=Install Helper, O=Install Helper, L=Vancouver, S=British Columbia, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
7CC3624C218D0B5B8DB87F5E4E3521B0

File PE Metadata
Compilation timestamp:
2/12/2015 11:34:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Hg89R3qKtzPQkSNkG1XEZ3+7yqZcnepd1hjS80:Hg89T0LP9cn21hW80

Entry address:
0xE0C80

Entry point:
60, BE, 00, 80, 49, 00, 8D, BE, 00, 90, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9210

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

The file setup_vlc_media_player.exe has been seen being distributed by the following 2 URLs.

http://dl.1download.io/v2/click/n6bvia8n/?d=http://files.1download.io/appsv1/apps_storage/vlc-2.2.0-rc2-win32.exe&key=176633205ab296a14d04d9a80b6f9c476c0289f3bbc3c2f9454a4b306124b299&sid=vlc&uid=805938282.1424095459&affiliate_image=http://files.1download.io/appsv1/v1.0/airlogo_a_vlc_media_player.png&product_image=http://files.1download.io/appsv1/v1.0/airlogo_b_vlc_media_player.png&n=VLC Media Player&filename=setup_vlc_media_player&done_url=http://www.1download.io/.../thankyou.html&cancel_url=http://www.1download.io/.../thankyou.html

http://files.1download.io/.../download_vlc_media_player.php?cid=805938282.1424095459&flag=us

Remove setup_vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.