home

vlc_media_player_setup.exe

SetupManager.exe

Optimum Installer

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application vlc_media_player_setup.exe, “VLC Media Player Setup ” by Optimum Installer has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
SetupManager  (signed by Optimum Installer)

Product:
SetupManager.exe

Description:
VLC Media Player Setup

Version:
3.3.0

MD5:
2f661f5c6cc5485192972541d1a428d5

SHA-1:
cee7fd5b1b713c946a9f22fe6f1c8f37522b2254

SHA-256:
84521c4f0a6e6ec92b2bbd73cfca26a4fbc581fa043ef87a87d98d094113e95f

Scanner detections:
12 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 12:34:58 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Installer-J [PUP]
2014.9-150629

F-Prot
W32/Ibryte.C.gen
v6.4.6.5.141

herdProtect (fuzzy)
variant of setup.exe (Adware)
2015.6.29.15

K7 AntiVirus
Adware
13.176.11482

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1812

Malwarebytes
PUP.Optional.Ibryte
v2015.06.29.03

McAfee
Adware-FOO!808D236FC62D
5600.6719

NANO AntiVirus
Riskware.Win32.Agent.csnrpm
0.28.0.58491

Norman
Agent.ASWDM
11.20150629

nProtect
Trojan-Clicker/W32.Agent.909608
14.03.18.01

Reason Heuristics
PUP.Bundler.Adknowledge
15.3.24.16

Total Defense
Win32/Zbot.HIE
37.0.10826

File size:
758.3 KB (776,488 bytes)

Product version:
3.3.0

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vlc_media_player_setup.exe

Digital Signature
Signed by:
Optimum Installer

Authority:
VeriSign, Inc.

Valid from:
10/11/2012 2:00:00 AM

Valid to:
11/8/2013 12:59:59 AM

Subject:
CN=Optimum Installer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Optimum Installer, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7C5F27B776ADBBB7943F700066A490BF

File PE Metadata
Compilation timestamp:
3/20/2013 3:02:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ACRgofbugs1G99g6xMGVgIEWF1FCmRy/RGC/GpfHlUAjz:Aagsbds1z6xMGGIF1FCmKVQFZX

Entry address:
0x51FD6

Entry point:
E8, 72, E1, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, EB, E1, 00, 00, 83, C4, 14, 5D, C3, CC, FF, 35, 24, 8E, 4A, 00, E8, 14, 4D, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 3F, A3, 00, 00, 6A, 01, 6A, 00, E8, E9, E4, 00, 00, 83, C4, 0C, E9, CA, E3, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C...
 
[+]

Code size:
453.5 KB (464,384 bytes)

The file vlc_media_player_setup.exe has been seen being distributed by the following URL.

http://install.downloadster.org/o/.../VLC_Media_Player_Setup.exe

Remove vlc_media_player_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.