vlc.exe

VLC media player

VideoLAN

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from www.google.hu and multiple other hosts.
Publisher:
VideoLAN

Product:
VLC media player

Description:
VLC media player 2.1.3

Version:
2.1.3

MD5:
550005223c0eebfa602c37dcb5497abd

SHA-1:
c13de3fa7a37a382c5fb291f09f88f21b58e1638

SHA-256:
42b4f834a1c7f0a9e3e198c1a780c4f91931bc1dd154acbcdc9609677e9c43a6

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 9:35:46 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4923

File size:
124 KB (126,995 bytes)

Product version:
2,1,3,0

Copyright:
Copyright © 1996-2014 VideoLAN and VLC Authors

Trademarks:
VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN

Original file name:
vlc.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\videolan\vlc\vlc.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
3072:IOpSXBkZjE7167O0R86xUPmV2k9Hc3/nl6LAHkzI1UfgEA6IIyRiR:BM6E7u/VxUPmYk96kADE

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, 54, E2, 40, 00, 01, 00, 00, 00, E8, EE, 19, 00, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 54, E2, 40, 00, 00, 00, 00, 00, E8, CE, 19, 00, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, A1, 6C, B0, 40, 00, 85, C0, 74, 43, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, C0, 40, 00, FF, 15, B8, F2, 40, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 16, C7, 44, 24, 04, 0E, C0, 40, 00, 89, 04, 24, FF, 15, C0, F2, 40, 00, 83, EC, 08, 89, C2, 85, D2...
 
[+]

Code size:
38 KB (38,912 bytes)

7 Autoplay Handlers
Display name:
VLCPlayCDAudioOnArrival

CLSID name:
YouTubeUploaderLib.YouTubeUploaderLib

Display name:
VLCPlayDVDAudioOnArrival

CLSID name:
YouTubeUploaderLib.YouTubeUploaderLib

Display name:
VLCPlayDVDMovieOnArrival

CLSID name:
YouTubeUploaderLib.YouTubeUploaderLib

Display name:
VLCPlayMusicFilesOnArrival

CLSID name:
YouTubeUploaderLib.YouTubeUploaderLib

Display name:
VLCPlaySVCDMovieOnArrival

CLSID name:
YouTubeUploaderLib.YouTubeUploaderLib

Display name:
VLCPlayVCDMovieOnArrival

CLSID name:
YouTubeUploaderLib.YouTubeUploaderLib


Scheduled Task
Task name:
{D6727819-22CB-4129-B6C3-8634A030533E}

Trigger:
Registration (Runs on registration)


13 Windows Firewall Allowed Programs
Name:
C:\Program Files\VideoLAN\VLC\vlc.exe

Name:
F:\Program Files\VideoLAN\VLC\vlc.exe

Name:
C:\Programme\VideoLAN\VLC\vlc.exe

Name:
C:\Program Files\VLC\vlc.exe

Name:
C:\Programmi\VideoLAN\VLC\vlc.exe

Name:
C:\Programas\VideoLAN\VLC\vlc.exe


The file vlc.exe has been discovered within the following programs.

Easy Media Player 1.1.12  by Easy Media Player
The software bundles third party adware and such: "The Download-Free Installation Managert is the technology we use to manage your software installation process.
www.download-free.com/learn-more
57% remove it
Free Media Player 2.0.7  by Somoto Ltd.
Free Media Player uses the Somoto BetterInstaller download and install manager which is designed to co-bundle additional offers which include toolbars, web browser extensions as well as various potentially unwanted applications.
81% remove it
 
Powered by Should I Remove It?

The file vlc.exe has been seen being distributed by the following 3 URLs.

https://www.google.hu/search?q=csillogó pillangós képek&newwindow=1&safe=active&espv=2&biw=1024&bih=667&tbm=isch&imgil=KV4nbNOdZUK57M:;a5x6pe2f6zkWnM;http%3A%2F%2Fwww.hotdog.hu%2Fcsilla7%2Ffotoalbum%2Flepkek-pillangok%2Fcsillogo-kek-pillango%2F507274b3e1e9db517b00edca&source=iu&pf=m&fir=KV4nbNOdZUK57M:,a5x6pe2f6zkWnM,_&usg=__xglNJorSu8pdDjBPDVGRIvH0nvk=&ved=0ahUKEwju9dynjPPMAhUIM5oKHcJGA-8QyjcIJQ&ei=hHxEV-6jCIjm6ATCjY34Dg#imgdii=KV4nbNOdZUK57M:;KV4nbNOdZUK57M:;tKeXmjz2XBdC3M:&imgrc=KV4nbNOdZUK57M:

temp:vlc.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to services.tvrage.com  (80.246.178.105:80)

TCP:
Connects to ns3369253.ovh.net  (37.187.90.121:3474)

TCP (HTTP):
Connects to ganesh2.videolan.org  (88.191.250.9:80)

TCP (HTTP):
Connects to unused-89-185-59-144.fr.clara.net  (89.185.59.144:80)

TCP:
Connects to stream3.zh1.as57581.net  (185.27.76.23:8000)

TCP:
Connects to net129.234.188-53.ertelecom.ru  (188.234.129.53:8082)

TCP (HTTP):
Connects to n80-237-212-108.cnet.hosteurope.de  (80.237.212.108:80)

TCP (HTTP):
Connects to musicbrainzvm2.osuosl.org  (140.211.15.122:80)

TCP (HTTP):
Connects to melchior.videolan.org  (195.154.216.17:80)

TCP:
Connects to loft8499.serverloft.eu  (217.118.19.175:15002)

TCP (HTTP SSL):
Connects to img.newjamendo.com  (176.31.124.14:443)

TCP (HTTP):
Connects to ham02s14-in-f7.1e100.net  (173.194.44.71:80)

TCP:
Connects to freeplayer.freebox.fr  (212.27.38.253:554)

TCP (HTTP SSL):
Connects to dmz-5-34.cgates.lt  (5.20.5.34:443)

TCP:
Connects to cast-01.xlshosting.net  (79.170.91.205:8000)

TCP (HTTP):

TCP (HTTP):
Connects to 2582e43c.rdns.100tb.com  (37.130.228.60:80)

Scan vlc.exe - Powered by Reason Core Security