home

vlcsetup.exe

Pinball Corporation.

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application vlcsetup.exe by Pinball has been detected as adware by 29 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from origin-ics.hotbar.com.
Publisher:
Pinball Corporation.  (signed and verified)

Description:
Installer

Version:
2.0.316.0

MD5:
d9632ab503a68f71b775d923af69162b

SHA-1:
cd1d41fecc76e897aadc7d3c14c5767d8ebed196

SHA-256:
1fb6b692ad2d933668aba3cf44fec5b0a99e7a7a21ada3cfa5d31949ede58567

Scanner detections:
29 / 68

Status:
Adware

Analysis date:
12/27/2024 10:49:04 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Hotbar
2011.11.29

Avira AntiVirus
ADSPY/AdSpy.Gen2
7.11.18.123

avast!
Win32:HotBar-BE [PUP]
2014.9-141203

AVG
Zango
2015.0.3271

Bitdefender
Gen:Variant.Adware.Hotbar.1
1.0.20.1685

Clam AntiVirus
Suspect.W32.AdInstall.PBCXP
0.98/18155

Comodo Security
ApplicUnwnt.Win32.AdWare.Hotbar.F
10793

Dr.Web
Adware.Hotbar.700
9.0.1.0337

Emsisoft Anti-Malware
Riskware.WebToolbar.Win32!IK
8.14.12.03.11

ESET NOD32
Win32/Adware.HotBar (variant)
8.6668

Fortinet FortiGate
Misc/Zango
12/3/2014

F-Prot
W32/HotBar.L.gen
v6.4.6.5.141

F-Secure
Gen:Variant.Adware.Hotbar.1
11.2014-03-12_4

G Data
Gen:Variant.Adware.Hotbar
14.12.22

IKARUS anti.virus
not-a-virus:WebToolbar.Win32
t3scan.1.1.109.0

K7 AntiVirus
Adware
13.115563

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
14.0.0.2850

McAfee
Adware-HotBar.f
5600.6927

Microsoft Security Essentials
Adware:Win32/Hotbar
1.163.1557.0

Norman
Adware.LC
11.20141203

nProtect
Gen:Variant.Adware.Hotbar.1
11.11.29.01

Quick Heal
Adware.Rugo.A
12.14.12.00

Reason Heuristics
PUP.Installer.PinballCorporation.I
14.12.3.23

Sophos
ClickPotato Installer
4.71

SUPERAntiSpyware
Adware.Agent/Gen-Zango
10199

Trend Micro House Call
TROJ_CLICKER.SMC
7.2.337

Trend Micro
TROJ_CLICKER.SMC
10.465.03

Vba32 AntiVirus
Adware.Hotbar.1
3.12.16.4

VIPRE Antivirus
Pinball Corporation.
11177

File size:
205.6 KB (210,584 bytes)

Product version:
2.0.316.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vlcsetup.exe

Digital Signature
Signed by:
Pinball Corporation.

Authority:
VeriSign, Inc.

Valid from:
3/31/2011 8:00:00 PM

Valid to:
5/19/2013 7:59:59 PM

Subject:
CN=Pinball Corporation., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pinball Corporation., L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22E49C51DCD71B05713AAF786582D135

File PE Metadata
Compilation timestamp:
6/16/2011 12:36:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:4KqQGZ33GYS29XS3FsJeYFLJ5c2uc0RWwOXLW3:Xq1Z3S2WoJtuXWwOC3

Entry address:
0x72250

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8810

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
196 KB (200,704 bytes)

The file vlcsetup.exe has been seen being distributed by the following URL.

http://origin-ics.hotbar.com/IC/GPLHBLite50/18614/0/.../VLCSetup.exe

Remove vlcsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.