vlc-2.0.5.exe

The application vlc-2.0.5.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from downloader.downloadster.org and multiple other hosts a known adware distribution point operated by Downloadster.
MD5:
00b165ead2f25d6e5fc6263f5458efba

SHA-1:
2ba57938f7c8113722080d01140c3cf05ca18972

SHA-256:
3c182c40374ebb0aeef7e561f645df4d7281b7c486d4fcad0103e4af7aca35e8

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
11/23/2024 12:31:33 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
7.11.106.232

Bkav FE
W32.Clod819.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17450

Dr.Web
Adware.InstallCore.122
9.0.1.0219

ESET NOD32
Win32/InstallCore.BL
8.8901

Fortinet FortiGate
W32/InstallCore.BL
8/7/2014

F-Prot
W32/InstallCore.R4.gen
v6.4.7.1.166

IKARUS anti.virus
Backdoor.Hupigon
t3scan.2.0.127

K7 AntiVirus
Unwanted-Program
13.174.10530

McAfee
Artemis!ABE3789D4272
5600.7045

Microsoft Security Essentials
1.163.1557.0

Norman
Troj_Generic.SQONQ
11.20140807

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Rising Antivirus
PE:Malware.InstallCore!6.4
23.00.65.14805

Sophos
Install Core
4.93

Trend Micro House Call
TROJ_GEN.F47V0720
7.2.219

Vba32 AntiVirus
3.12.26.0

VIPRE Antivirus
InstallCore
22256

File size:
1.2 MB (1,226,888 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\vlc-2.0.5.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:mJfsDqNYDaPaDFo7WwFINVvgFe37rzIOrhNyoMuaFXgadEu/enWVSIh:mJfsD+2vj7rsOrhNzoQadEuSW

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file vlc-2.0.5.exe has been seen being distributed by the following 18 URLs.

http://downloader.downloadster.org/.../vlc.php?kw=vlc player free download&subid=DSTVLFR&cust=vlc media player&type=vlc&gclid=CInzhvCU6bYCFeNcMgodbHMAaw&utm_campaign=DSTVLFR&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=VLC Media Player&subid=DSTVLFR&cust=vlc&type=vlc&gclid=CLDC3pqE-LcCFdQZtAodYRUAHw&utm_campaign=DSTVLFR&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=VLC Media Player&subid=DSTVLFR&cust=vlc&type=vlc&gclid=CJ3Iu7eD3LYCFXMctAodIVIADg&utm_campaign=DSTVLFR&fwd=1

http://downloader.downloadster.org/.../vlc.php?kw=VLC Media Player&subid=DSTVLFR&cust=vlc&type=vlc&gclid=COr5zbK62rcCFRDItAodslIAGQ&utm_campaign=DSTVLFR&fwd=1

Remove vlc-2.0.5.exe - Powered by Reason Core Security