home

vlc_media_player_2.2.4_(64-bit).exe

Software

International Data Group Poland S.A.

The application vlc_media_player_2.2.4_(64-bit).exe, “Software Setup ” by International Data Group Poland S.A has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.quickfarmbundle.com. While running, it connects to the Internet address goldeneye.videolan.org on port 80 using the HTTP protocol.
Publisher:
International Data Group Poland S.A.  (signed and verified)

Product:
Software

Description:
Software Setup

Version:
2.2.2.8

MD5:
d5343a21c28d42c1ae4b736cca6f6ef6

SHA-1:
c002314d83aba58b28d2848ee2d68bf280a6f8ac

SHA-256:
941e35b2bcb3af61f03f5f1d985279073fafe4e2114c6714445667a3fc38d44e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/12/2025 8:26:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.15.3

File size:
1.7 MB (1,831,760 bytes)

Product version:
4.6

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc_media_player_2.2.4_(64-bit).exe

Digital Signature
Signed by:
International Data Group Poland S.A.

Authority:
GlobalSign nv-sa

Valid from:
8/30/2016 11:21:17 AM

Valid to:
8/31/2017 11:21:17 AM

Subject:
CN=International Data Group Poland S.A., O=International Data Group Poland S.A., L=Warszawa, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
64A80379DAA3514FAED45E16

File PE Metadata
Compilation timestamp:
12/28/2015 12:39:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 34, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 1E, D8, FF, FF, E8, 6D, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 33, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 54, 86...
 
[+]

Entropy:
7.9605

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file vlc_media_player_2.2.4_(64-bit).exe has been seen being distributed by the following URL.

http://www.quickfarmbundle.com/lKgDWHUkge zd QsehXuTf3cFudqStggLjYHLur46VAzI89eCrcT241E6rGzjcHCypuKsgvIHTDctR39IN6of9uJSN1SepsdWOt8uY7NSlHWtEvrea3YQbiPelE9gvs2UlCu441rSZTsS7Ys60GaNhpoarkgtd_hvpGPT HjfuYQVBmJpORTeEVkOCs6GULNCYlS lQk68Ze wPGW5ymDGuz8CKgoOqT6ZnEQ MC5cIDxKmFueYoOS QtTez9oeR7AjNNDOfC1JXpxvdHLZ9nPoV12AAh3ETrDNPYKmkQLl2oUNjqhlu i8bpnASBAVHb_hDYn0yBti932wGPdEB Dm9FxcS0BxScOBb6yixcNrwQivvC_3mJjvD D1nu xCEbA tQBT4xC1GiyGv5lGrcEImNupzCxboMHAt9pBkkPrZYMn7esCktsotnBRE9 wWmqtLuPUZtMe8EA47lyicJH3a8Iu52MsyUZF6HBt kZ7bqqQd8eNPb_Dsg9TWzxZEJsaq9S0na03geCYvotDVU3R33TMlQw2xA1ZSC hBNYiSbd4S9NX7NnfPSznMDceAFalFi2rGCTt6fJNeLy_0T1HDtKIrlwK5f9DAEw07zRgFxVTc39OlZoAKm2GrQtpzbKxun9czES2Q8bM23TJWLSKTsKaRulJ4aR2SOkmFpTBrBdPh8=-G0wAAES3eV5uIOL3W3gEIj1VjnH5oPwy4DYMBsMGnAQYBMN8Y4UMm4ped_sMystbkwqF8a12AwIp8ic=

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to goldeneye.videolan.org  (88.191.250.2:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.151:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com  (52.208.40.227:80)

TCP (HTTP):
Connects to ec2-176-34-130-130.eu-west-1.compute.amazonaws.com  (176.34.130.130:80)

TCP (HTTP):
Connects to 10gbps.io  (185.59.222.146:80)

Remove vlc_media_player_2.2.4_(64-bit).exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.