vlmc-0.2.0-win32.exe

The executable vlmc-0.2.0-win32.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source.
MD5:
a43deaef08342992b5dbd1dd65070cd2

SHA-1:
9dc63ffd2aafaa17dc3c7c7851f66d2da4a03697

SHA-256:
63599eba59d3a5a97904c39286c22c2c3b9fdf343b149b79c2a840f51d4db5f0

Scanner detections:
1 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/25/2024 12:46:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.1.0

File size:
24.6 MB (25,813,374 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\vlmc-0.2.0-win32.exe

File PE Metadata
Compilation timestamp:
5/15/2010 8:38:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
393216:9etUQK5JUp8A0/b8MnU9OzMKhzTIxBDTBLlO+S7U3TWGN91IrQAYNvWsOZwx2:9et2ucnzqB1PyU3TWGN9KUVpOex2

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 50, 5B, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 00, 5C, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 30, 5C...
 
[+]

Code size:
33 KB (33,792 bytes)

The file vlmc-0.2.0-win32.exe has been seen being distributed by the following URL.

Remove vlmc-0.2.0-win32.exe - Powered by Reason Core Security