vlc-0.8.6d-win32.exe

The executable vlc-0.8.6d-win32.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from filehippo.com and multiple other hosts.
MD5:
83dcf69dccc76841936dcd5bcf4d75b8

SHA-1:
146821590ab22806d0acbf4f6a988239b8867b6d

SHA-256:
27b178a5263d8c44056fbab2a94ce84a0ce7bbe810b9f62c83048befac86bca1

Scanner detections:
2 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/24/2024 12:07:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.11.28.22

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14105

File size:
9.3 MB (9,733,451 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vlc\vlc-0.8.6d-win32.exe

File PE Metadata
Compilation timestamp:
11/18/2007 7:47:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
196608:k+ZvWwAOrxWZGfecZbfQqxG6hhOZrmvk/QU8X0TvNZ:ZZvwerfHU2G6rwrmiFL

Entry address:
0x39AF

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, F0, 49, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 53, 43, 00, 00, 6A, 00, E8, 2C, 4A, 00, 00, A3, 80, 4C, 42, 00, 6A, 08, E8, 43, 27, 00, 00, A3, 30, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 6A, 00, 68, 60, 01, 00, 00, 50, 6A, 00, 68, 10, A3, 40, 00, E8, E1, 48, 00, 00, 83, EC, 0C, 68, 11, A3, 40, 00, 68, 60, 4D, 42, 00, E8, 63, 29, 00, 00, 83, C4, 18, E8, 17, 43, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, 4E, 29, 00, 00, 57, 6A, 00, E8, D2, 41, 00, 00, 83...
 
[+]

Entropy:
7.9930  (probably packed)

Code size:
29.5 KB (30,208 bytes)

The file vlc-0.8.6d-win32.exe has been seen being distributed by the following 5 URLs.

http://filehippo.com/download/file/.../

temp:vlc-0[1].8.6d-win32.exe

Remove vlc-0.8.6d-win32.exe - Powered by Reason Core Security