vlc.exe

VLC media player

VideoLAN

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from download.wetransfer.com.
Publisher:
VideoLAN

Product:
VLC media player

Description:
VLC media player 2.1.2

Version:
2.1.2

MD5:
73a6bf01391cd65dbe9bbcb7300a9863

SHA-1:
2fbadd13acdb5ce7bb60d79545a827c11f938de9

SHA-256:
cc585b09b02b97259eb9fde3f49ef6d728eb4f61e56e6bda014f28e34ec4cff7

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/25/2024 1:29:21 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4613

File size:
123.5 KB (126,464 bytes)

Product version:
2,1,2,0

Copyright:
Copyright © 1996-2013 VideoLAN and VLC Authors

Trademarks:
VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN

Original file name:
vlc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\videolan\vlc\vlc.exe

File PE Metadata
Compilation timestamp:
12/8/2013 4:18:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
3072:7mWn6u3XdX2k9Hc3/nl6LAHkzI1UfgEA6IIyR5:7mUxX8k96kAD

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, 5C, E2, 40, 00, 01, 00, 00, 00, E8, DE, 1C, 00, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 5C, E2, 40, 00, 00, 00, 00, 00, E8, BE, 1C, 00, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, A1, 64, B0, 40, 00, 85, C0, 74, 3C, C7, 04, 24, 20, C0, 40, 00, FF, 15, C0, F2, 40, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 16, C7, 44, 24, 04, 2E, C0, 40, 00, 89, 04, 24, FF, 15, C4, F2, 40, 00, 83, EC, 08, 89, C2, 85, D2...
 
[+]

Entropy:
6.9726

Code size:
39 KB (39,936 bytes)

7 Autoplay Handlers
Display name:
VLCPlayCDAudioOnArrival

CLSID name:
Empty

Display name:
VLCPlayDVDAudioOnArrival

CLSID name:
Empty

Display name:
VLCPlayDVDMovieOnArrival

CLSID name:
Empty

Display name:
VLCPlayMusicFilesOnArrival

CLSID name:
Empty

Display name:
VLCPlaySVCDMovieOnArrival

CLSID name:
Empty

Display name:
VLCPlayVCDMovieOnArrival

CLSID name:
Empty


Scheduled Task
Task name:
{0413394E-5A89-4A4B-8763-0E632CC76115}

Trigger:
Registration (Runs on registration)


Shell Open Command
Open type:
AVIFile

Command:
"C:\my documents\utilities\vlc\vlc.exe" "%1"


8 Windows Firewall Allowed Programs
Name:
C:\Program Files\VideoLAN\VLC\vlc.exe

Name:
D:\Program Files\VideoLAN\VLC\vlc.exe

Name:
C:\Programme\VideoLAN\VLC\vlc.exe

Name:
C:\Archivos de programa\VideoLAN\VLC\vlc.exe

Name:
C:\Programmi\VideoLAN\VLC\vlc.exe

Name:
C:\Grafik\VideoLAN\VLC\vlc.exe


The file vlc.exe has been discovered within the following programs.

BF3 Settings Editor  by Realmware
Publisher's description - “It allows you to easily customise and tweak all of your Battlefield 3 settings, including the ones that aren't displayed on the in-game menu.”
bf3.realmware.co.uk/settings-editor
About 3% of users remove it
Easy Media Player 1.1.12  by Easy Media Player
The software bundles third party adware and such: "The Download-Free Installation Managert is the technology we use to manage your software installation process.
www.download-free.com/learn-more
57% remove it
Free Media Player 2.0.7  by Somoto Ltd.
Free Media Player uses the Somoto BetterInstaller download and install manager which is designed to co-bundle additional offers which include toolbars, web browser extensions as well as various potentially unwanted applications.
81% remove it
 
Powered by Should I Remove It?

The file vlc.exe has been seen being distributed by the following URL.

https://download.wetransfer.com/wetransfer-eu1/.../vlc.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mirror.library.ucy.ac.cy  (194.42.22.9:80)

TCP (HTTP):
Connects to melchior.videolan.org  (88.190.34.17:80)

TCP (HTTP):
Connects to ganesh2.videolan.org  (88.191.250.9:80)

TCP (HTTP):
Connects to 81.147.46.84.static.lrtc.lt  (84.46.147.81:80)

TCP (HTTP):
Connects to warehouse.zol.co.zw  (197.211.212.147:80)

TCP:
Connects to sfstream1.somafm.com  (38.104.130.91:8850)

TCP (HTTP):
Connects to n178-77-94-57.cnet.hosteurope.de  (178.77.94.57:80)

TCP:
Connects to mail2.atraf.co.il  (194.90.203.111:8000)

TCP (HTTP):
Connects to host134.96-45-212.ilsole24ore.com  (212.45.96.134:80)

TCP (HTTP):
Connects to gridbal2.backupgrid.net  (96.127.168.242:80)

TCP (HTTP):

TCP (HTTP):
Connects to 61.255-200-80.adsl-static.isp.belgacom.be  (80.200.255.61:80)

Scan vlc.exe - Powered by Reason Core Security