home

vlc-2.1.6-win32setup.exe

Mari MARA

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application vlc-2.1.6-win32setup.exe by Mari MARA has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Mari MARA  (signed and verified)

MD5:
825c9f1f8a84df7b5463b7b2ca6fdbb7

SHA-1:
d5cb4e6b799aac335bd5daa18c5146edffaf0658

SHA-256:
d81217c0031e3cfd2b3f7b3ecfd37d8f69fb8eb8b28a7913cf11155fa85bee42

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 5:54:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
5664491

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.23

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

avast!
OutBrowse-FS [PUP]
150414-0

AVG
Win.Threat.Medium
2014.0.4311

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.565

Comodo Security
Application.Win32.AltBrowse.HY
21856

Dr.Web
Trojan.OutBrowse.76
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11518

Fortinet FortiGate
Riskware/OutBrowse
4/23/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-23-04_5

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.4.25

K7 AntiVirus
Unwanted-Program
13.203.15680

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.04.23.03

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.339

NANO AntiVirus
Trojan.Win32.OutBrowse.dmzljb
0.30.20.1219

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.4.22.22

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4823950
39354

File size:
572.3 KB (586,040 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\vlc-2.1.6-win32setup.exe

Digital Signature
Signed by:
Mari MARA

Authority:
thawte, Inc.

Valid from:
1/21/2015 7:00:00 AM

Valid to:
12/18/2015 6:59:59 AM

Subject:
CN=Mari MARA, O=Mari MARA, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
74C061A145C985D389CAB15131FE91BA

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:gs+K03A9Dt11TCVMz+jFUeC3Cwi+67iQ1hEkDV:gEMU5CVTkDi77i6Dx

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9705

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove vlc-2.1.6-win32setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.