» vlc-2.1.6a-win32setup.exe
Overview
Analysis
File Details

vlc-2.1.6a-win32setup.exe

Trusted Apps DDd

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application vlc-2.1.6a-win32setup.exe by Trusted Apps DDd has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Trusted Apps DDd (signed and verified)

MD5:

d4171ba71ef43ef315ee0bde23f332c9

SHA-1:

971df7f22c455e3588f0c059acb1367a3ba1bdcc

SHA-256:

6d87d756fc7e5145865d0bec425483d0dd4e45f61b22b4b73e6ba1fb5276bc6b

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

12/27/2024 10:48:46 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.OutBrowse.109

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Outbrowse.BA

11.5.0.6191

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

8.0.319.0

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

15.0.0.562

McAfee

Program.Adware-OutBrowse.e

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.2609.0

Reason Heuristics

PUP.Outbrowse.TrustedA.Bundler (M)

16.3.29.9

File size:

639.4 KB (654,744 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\vlc-2.1.6a-win32setup.exe

Digital Signature

Signed by:

Trusted Apps DDd

Authority:

thawte, Inc.

Valid from:

2/19/2015 12:00:00 AM

Valid to:

1/27/2016 11:59:59 PM

Subject:

CN=Trusted Apps DDd, O=Trusted Apps DDd, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

2A6EDA1BDEEDEEB7996DA37C61AE9E92

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:lg/IhZWDteipQ7JF+Rl9MrPD+pBMKB/bTJX2MvBUYp+CM:lg/ic0OQ7JF2HJH8MJFdM

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8952

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove vlc-2.1.6a-win32setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.