vlc-2.1.6a-win32setup.exe

BoxI DJV

The application vlc-2.1.6a-win32setup.exe by BoxI DJV has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from get.0140a.info.
Publisher:
TSKVK  (signed by BoxI DJV)

Product:
TSKVK

Version:
2199.151023.909.2822

MD5:
7a6ecf5b734f757c48bbbbdc92bf45c9

SHA-1:
eed2667ef1047b265d348beb25895ac5a51f8a5f

SHA-256:
03cb52d91d1549c6c18b15827d0210a5493097f80a787a49ebac495fc031fbde

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 12:51:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse.Outborwse.Installer (M)
16.2.13.14

File size:
527.1 KB (539,800 bytes)

Product version:
2199.151023.909.2822

Copyright:
TSKVK

Trademarks:
TSKVK

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\vlc-2.1.6a-win32setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
6/30/2015 7:00:00 AM

Valid to:
12/18/2015 6:59:59 AM

Subject:
CN=BoxI DJV, O=BoxI DJV, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
772253FC5D00788EA5CC053B413EBDC8

File PE Metadata
Compilation timestamp:
12/6/2009 5:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:uLpv3ExVjmrCpVkxjJUffTPetwtdJj16hpZ+8bKuNIr:uLdExKpJKfTPlJx6VJZmr

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8370

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file vlc-2.1.6a-win32setup.exe has been seen being distributed by the following URL.

Remove vlc-2.1.6a-win32setup.exe - Powered by Reason Core Security