vlc-2.0.5-win32.exe

The executable vlc-2.0.5-win32.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address ns55.hostinglotus.net on port 80 using the HTTP protocol.
MD5:
a68563974bc14c44253c434c9020b293

SHA-1:
8a238e2d3154c6e03d29c47e5cf237117bc1c7bf

SHA-256:
8d6e47e4957574b535404fdae88aeba65bb631a79fc5685b3005603b703b2150

Scanner detections:
1 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/24/2024 11:28:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
17.2.5.12

File size:
21.9 MB (22,990,558 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

File PE Metadata
Compilation timestamp:
1/6/2012 2:21:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

Entry address:
0x4327

Entry point:
87, F2, B2, 21, C7, C6, E0, 50, B7, E8, F3, 87, CB, 87, F2, 81, FB, 1B, 46, 00, 00, 72, 03, 80, C5, 4E, 89, FB, 84, EC, 8A, C4, 8D, 2D, DA, 4D, 00, 00, 8D, 15, EB, 89, 39, 2A, 81, F5, EA, 02, 00, 00, FF, CA, 00, D6, 8B, ED, 77, 02, FF, CB, 3B, DD, 71, 0E, 69, CF, C8, F0, 2F, A3, B8, 79, BB, 22, 58, F6, C7, B1, 50, 53, FE, CF, 0F, B6, C2, E8, 2E, 00, 00, 00, 89, C3, 86, C6, 0F, AF, CA, 0F, AF, D3, B7, D0, F6, C4, 60, 8D, 15, 53, 11, BE, 6E, 81, EE, FE, 57, F7, FF, 81, FB, AD, 67, 5A, 11, 81, CD, 53, 0D, BD...
 
[+]

Entropy:
7.9996  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Windows Firewall Allowed Program
Name:
vlc-2.0.5-win32


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.internetdsl.pl  (217.97.216.17:80)

TCP (HTTP):
Connects to ns55.hostinglotus.net  (119.59.104.33:80)

TCP (HTTP):
Connects to cluster010.ovh.net  (213.186.33.19:80)

Remove vlc-2.0.5-win32.exe - Powered by Reason Core Security