home

vlcmediaplayer-setup.exe

Bullet Media Inc

The application vlcmediaplayer-setup.exe by Bullet Media Inc has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files7.downloadster.org.
Publisher:
Bullet Media Inc  (signed and verified)

MD5:
c6082b9e2a2bc0141654cfe7f1bb74cd

SHA-1:
b3bd74f4277b7a65cc99e0753f0cc35c3655e916

SHA-256:
4fd60fa5980f1b346eb5abaa7242fe7446e40daa777b32c5ca08b60a0ca485ba

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
11/27/2024 3:31:46 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.2220
9.0.1.0300

herdProtect (fuzzy)
variant of netdownloader.exe (Adware)
2015.10.27.5

K7 AntiVirus
Unwanted-Program
13.176.11496

Malwarebytes
PUP.DownloadAdmin
v2015.10.27.05

McAfee
Artemis!27C9F55AE7E3
5600.6600

NANO AntiVirus
Trojan.Win32.Downware.crgjbr
0.28.0.58491

Reason Heuristics
PUP.BulletMedia.Installer (M)
15.8.31.1

Sophos
Download Admin
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
9545

Trend Micro House Call
TROJ_GEN.F47V0223
7.2.300

VIPRE Antivirus
DownloadAdmin
27562

File size:
737.2 KB (754,864 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\vlcmediaplayer-setup.exe

Digital Signature
Signed by:
Bullet Media Inc

Authority:
GlobalSign nv-sa

Valid from:
11/16/2012 4:21:25 PM

Valid to:
11/27/2013 2:13:21 PM

Subject:
CN=Bullet Media Inc, OU=SecureInstaller, O=Bullet Media Inc, L=San Francisco, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D20ABA403DA9558AE697A1A8389E746F

File PE Metadata
Compilation timestamp:
6/22/2012 2:07:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:vxpJTRe2ox2XK8arRJjOvsWRBsu1ZZKPrqLELFQvCU/D:5pNR9ox2NErSNCPrXQaUb

Entry address:
0x333B

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2C, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1D, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0B, 24, 00, 00...
 
[+]

Entropy:
7.4048

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file vlcmediaplayer-setup.exe has been seen being distributed by the following URL.

http://files7.downloadster.org/download?s=Google&c=downloadster_vlc&variation=TRUS03_1&brand=downloadster.org&pid=Bullet_CPA&aid=D1_DSTO_VLC_vlc_d&bc=431617&country=US&cb=1207240708

Remove vlcmediaplayer-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.