vlc_setup.exe

Mogasote

AgileMax (Alpha Criteria Ltd.)

The application vlc_setup.exe, “Mogasote Setup ” by AgileMax (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
AgileMax (Alpha Criteria Ltd.)  (signed and verified)

Product:
Mogasote

Description:
Mogasote Setup

Version:
2.8.2.3

MD5:
cf4f636cd355cbc2e9fb347536853b6c

SHA-1:
d0745f92baa86ad1a0fe001a83b126d165c34036

SHA-256:
edce134bd8e099d1027f71393e1b267e1eaad4ba8bcd0424e0615c170f2dff80

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 2:41:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.3.15.16

File size:
951.7 KB (974,560 bytes)

Product version:
5.6.4

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\vlc_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 5:50:27 PM

Valid to:
9/2/2016 4:16:46 PM

Subject:
CN=AgileMax (Alpha Criteria Ltd.), O=AgileMax (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FDBE79F75900E75EC6DA424D0A814FB0

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9337

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vlc_setup.exe has been seen being distributed by the following URL.

http://www.packageguardcontent.com/jewcJte4ukOCMHwxlZCBl_SXlJyM 1Yixw3_BV7RKkRLQHH7pItOCKYOVdOM1I7faD7D0uT4GRtusytahD1MZbC84q3MHcq03T9zpA2Xwpb5nbOntw TmzasJik9cJ1yvbg6Er24eBtUHyMTTlxB3chfbGRl_nbkuyXxpYTKyN N6mPoqyhm6v9LDJ6nvDI03GHU71hhuRBqu_meFIrOoS5YTbanAbWADP_0 6OiombOK2ckTarVCAuq6rYHqTIzKRkWX0kwV0Tz7lv65Orc4CMIZoN5GdLhYCQ4CZ5X5sLWEDpSvB_dI4WQE3mot0SS6kNIEBl_sS ryGvofsJzABHxbW3Cfn6FaoGfjhJqRRFfdtCR97g1xh92XuaJsaGPkNe2tqDeTdrMsrum_9bXmLENbrRirRSk4wLDVKM2muD3CSdNSHNtXmURfjmYOcttXLcE7KBkX 42d_n sMVIEf9hB86hViCc2WZHhXS A8tiyAMmldUNjDkCgmSdBFlWkITLNOIFoPs9vS5zAXUYgaec8zt0s7noZe5aSMUUTL0gGv75qjgdPpK7UYrCt2tviEGwIhcUfYVDqJyfa8PNuMCWMS xD3ClErSchf6XYyf7v_sOu5e85iaEolJPUPphIpz0Kh4SM hH2 HXm6HzAO9qVP7ixlHdkrYGX3D4xwVUNXeLfZU=-Ow==

Remove vlc_setup.exe - Powered by Reason Core Security