home

vlcmediaplayer-setup.exe

Blueis

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application vlcmediaplayer-setup.exe by Blueis has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Blueis  (signed and verified)

MD5:
549b160834cdc384445a75effe9f074d

SHA-1:
573f3c082ea04396600d95b52b358b7371d81460

SHA-256:
3cb3cdca853718123eb7e5e4ac6b18e180a89420478ae2e69bd6839eeb70de48

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/14/2025 10:38:59 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.AirAdInstaller
2015.04.14

Avira AntiVirus
PUA/DownloadAdmin.P
3.6.1.96

avast!
Win32:DownloadAdmin-H [PUP]
2014.9-150613

AVG
Generic
2016.0.3080

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Downloadadmin
0.98/21511

Comodo Security
Application.Win32.DownloadAdmin.DAGL
21759

Dr.Web
Trojan.Vittalia.27
9.0.1.0164

ESET NOD32
Win32/DownloadAdmin.I potentially unwanted (variant)
9.11468

Fortinet FortiGate
Riskware/DownloadAdmin
6/13/2015

F-Prot
W32/S-e78893a9
v6.4.7.1.166

F-Secure
Adware:W32/WebInstallBundle
11.2015-13-06_7

G Data
Win32.Application.Agent.9M59CV
15.6.25

K7 AntiVirus
Adware
13.202.15582

McAfee
Artemis!549B160834CD
5600.6736

NANO AntiVirus
Trojan.Win32.XPACK.dprfbr
0.30.16.1110

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Tightrope.Bundler
15.6.13.5

Sophos
Generic PUA FH
4.98

Total Defense
Win32/Tnega.TNECKHC
37.0.11547

Trend Micro House Call
TROJ_GEN.F0C2C00DC15
7.2.164

Trend Micro
TROJ_GEN.F0C2C00DC15
10.465.13

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39328

Zillya! Antivirus
Downloader.Agent.Win32.239245
2.0.0.2138

File size:
651.3 KB (666,888 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\vlcmediaplayer-setup.exe

Digital Signature
Signed by:
Blueis

Authority:
VeriSign, Inc.

Valid from:
11/7/2014 1:00:00 AM

Valid to:
11/8/2015 12:59:59 AM

Subject:
CN=Blueis, O=Blueis, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
58AC2B1B2E1E80F003ECEE0F41F4124A

File PE Metadata
Compilation timestamp:
1/29/2015 7:35:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:XKCFG+pl1Hp7p4ZkuRt4Zh3UdOxouSdWE7uglrB/jmN7Trkfcn+zW:X3Xxp4Zkuf47kdtdZ7uC/jmlrDn+zW

Entry address:
0x234A

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 78, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, E8, F8, FD, FF, FF, FF, 15, 30, 77, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 2C, 77, 40, 00, 6A, 08, A3, 98, 3D, 42, 00, E8, DD, F9, FF, FF, 53, 68, 60, 01, 00, 00, A3, A0, 3C, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 0B, 74, 40, 00, FF, 15, 50, 71, 40, 00, 68, 00, 74, 40, 00, 68, A0, 34, 42, 00, E8, 5A, F3, FF, FF, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file vlcmediaplayer-setup.exe has been seen being distributed by the following URL.

http://www.dtdownloads.com/f5/.../vlcmediaplayer-setup.exe

Remove vlcmediaplayer-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.