vlc-media-player_setup_download.exe

DownloadGuide

Covus Pro GmbH

The application vlc-media-player_setup_download.exe by Covus Pro GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Covus Pro GmbH  (signed and verified)

Product:
DownloadGuide

Version:
1.4.0.2

MD5:
cb9bbb52e845ce7a94f97595c2b4ebb6

SHA-1:
5746238dbd9a5b20f7e679f9222a0de77fe22aa0

SHA-256:
cedbda50eefbcb599e8a01951b8b231973c53c037570d698c6fb7a309aae5531

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 4:58:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus (M)
16.12.26.11

File size:
668.7 KB (684,776 bytes)

Product version:
1.4.0.2

Copyright:
Copyright © 2014

Original file name:
in.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc-media-player_setup_download.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/5/2013 1:00:00 AM

Valid to:
2/6/2014 12:59:59 AM

Subject:
CN=Covus Pro GmbH, O=Covus Pro GmbH, STREET=Schwedter Str. 263, L=Berlin, S=Berlin, PostalCode=10119, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B3EC5582300459EBAEAA1DCABDECF1A8

File PE Metadata
Compilation timestamp:
1/31/2014 5:02:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x7EDCE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, B8, 00, 00, 00, 00, 00, 00, 00, 00, 49, 39, 40, 08, 74, 0C, 48, B8, 00, 00, 00, 00, 00, 00, 00, 00, FF, E0, 48, B8, 00, 00, 00, 00, 00, 00, 00, 00, FF, E0, 55, 8B, EC, 8B, 45, 10, 81, 78, 04, 7D, 1D, EA, 0C, 74, 07, B8, B6, B1, 4A, 06, EB, 05, B8, B6, 92, 40, 0C, 5D, FF, E0, 7B, 05, 4A, 0C, F4, 9C, DD, 9A...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
499.5 KB (511,488 bytes)

Remove vlc-media-player_setup_download.exe - Powered by Reason Core Security