vlc-media-player.exe

Installation Wizard

Advertiso GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application vlc-media-player.exe by Advertiso GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
SecuredDownload  (signed by Advertiso GmbH)

Product:
Installation Wizard

Version:
1.0.2.60854

MD5:
383af618381e553fd5d397b240082f03

SHA-1:
4f6b385029548b4247a8f483c57f3bbfc7b42ae4

SHA-256:
8853252fcaa14f14b99d4e5a9a635dc290c170ce360ccbad941e99cb0d8885be

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/23/2024 6:10:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.16.9

File size:
1.2 MB (1,217,040 bytes)

Product version:
1.0.2.60854

Copyright:
SecuredDownload

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\vlc-media-player.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
11/16/2015 4:00:00 PM

Valid to:
1/15/2017 3:59:59 PM

Subject:
CN=Advertiso GmbH, OU=IT, O=Advertiso GmbH, L=Hamburg, S=GERMANY, C=DE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0F837C8E75B288B7DC9955680D7F11D7

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9842

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vlc-media-player.exe has been seen being distributed by the following URL.

http://www.bitstagcontent.com/cY7Ln63iEFDdOWge6sW3yH N4wgnqjE6DVmbCO3iRmMVtI7WX9jdL KQ DTHXheADoccItqaUCz2SzmJksd1LQxh1ZlMff5x20w0pg0rCm5wOXSBoqy5kwCVHA6Zm_di0mYyGmzRUfHiMTInJb8uhTNDCf61FSaNJ1WKU3bFlB0mBlr7G_ok8qaME3Q3i_1hzbz599yBWe6qeqJoEKaO_mH_Ne1t3_9V9pISZKTptuug_2uDBxBjh2AUNHq9kleNr624VzaQ_43uYhs4 U1ngCpEj8nYoCKAEkSdXw93CSMQdcurqAasCz_Lxg1TNMrL4vdoawhjPG5hZzJxCsB8LicKLgNMWRhP5pV92KbJDEamCGenszkmM1yuTbIFZRVVgabB7CHvR9PENcgcA4ou_28tnwPeY1jQZpjPkvkp46R7NmUvAsCF2fJt3XoIk3j2R_DR1F44Uv6rEsugp1_Lj27TJ0qEi9wu0RXrSBxl3 BSTi4w115Joi1JF04EukzUfQynPKeffYeClwjtPbfXwBvBDSoMJ5RzRxd3T0V4b5ogIChJ98XHRy2iHRSzIMWbSljZ7Vkt mjvfmpDtskP5Djn7GXXB0oqctSb_Kog0w8JSVB7S97QfvQUqYsK32HMR6UPX syLxjQBzwvyvvQDDlTb_nit4b7d4dsVd xJfwqjw REhn6qqc1IEJSMxknPadqNBWbqky9aLf7kFuieCqUjAw5S 6hLGdzDz34gynvZ7Qz9AAtMBlyBAGB0 k3sN4mRxhXk3HpIovGs5HvJBL_35KPPw==-GzYAAMTcRjHd7YOx1mVBEIvwdCGGTCKRvrANxI0VBauR EdCU 4acCoLb 5w9m8=

Remove vlc-media-player.exe - Powered by Reason Core Security