Reason Labs

vlc-2.2.1-win32.exe

The executable vlc-2.2.1-win32.exe has been detected as malware named Threat.Generic.Variant.Installer. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source.
MD5:
ce77a8b06e64fa5105c105939d02cbd5

SHA-1:
7df99ed302bf3ec409884fd4ba7eff8183309b1b

SHA-256:
f2c6fe439c445d3cb866b784a66f995795a72317a41b3ef3e74fcaec200bbcaa

Detection:
Threat.Generic.Variant.Installer

Risk:
Medium

Explanation:
This is the installer or a potentially unwanted Program (PUP).

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/15/2018 10:03:39 PM UTC  (today)

File size:
2 MB (2,117,766 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\vlc-2.2.1-win32.exe

File PE Metadata
Compilation timestamp:
12/16/2014 1:34:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

Entry address:
0x4377

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 42, 00, 56, A3, 30, AD, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 81, 3C, 00, 00, A3, 00, AE, 42, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9729  (probably packed)

Characteristics:
0x783

Code size:
34.5 KB (35,328 bytes)

There are numerous known code variantions that share the same compilation structure.

PUP.BetterInstaller.Somoto
UnlockRoot_downloader_by_UnlockRoot.exe  2.1.0.0  (a154fe73378b4816e18fd14036e7a78653985421)

PUP.BetterInstaller.Somoto
DVDShrink_downloader_by_DVDShrink.exe  2.1.0.0  (7e875d649fbf32cb7a279fbb1603e8b9aebaa479)

PUP.BetterInstaller.Somoto
BallantinesSerial_downloader_by_Fonts101.exe  2.1.0.0  (3e46f3495bc1931c07d2f2684afacffa71d1ecae)

PUP.BetterInstaller.Somoto
advancedsystemcarepro710387multilingual-7tcst79.exe  2.1.0.0  (4bfda41b206101c86c51a2ebe82186e58d0f4125)

PUP.BetterInstaller.Somoto
flvplayersetup-9llqalm.exe  2.1.0.0  (5a6878aa95c99047e100793aa8138a02db8fffa2)

PUP.BetterInstaller.Somoto
illdapme1.exe  2.0.0.0  (2e4f9113c34161086ce6bd477d9a529a9b2df20f)

PUP.BetterInstaller.Somoto
mhotspot_downloader.exe  1.2.0.0  (17ecad2a06d390504c3484f44ba4e64b7f1b79ab)

PUP.BetterInstaller.Somoto
CheatEngine63.exe  1.2.0.0  (6d6f591b036398fe29624861504017760e34a433)

PUP.BetterInstaller.Somoto
swf_flv_player.exe  1.2.0.0  (05e039ad736c3cb728a75d68591534af6cb495a4)

PUP.AdPeak
getsavin.exe  (6e58f436c909e057384670976c98e672f58926f0)

PUP.AdPeak
getsavin.exe  (88879948966fbf3d1fc2f55750de23163856aa66)

Clean
fbreadersetup-0.12.10.exe  (bd65f61df63765bdc142608514867c0503ce7eaf)

Threat.Generic.Variant.Installer.ownCloud
owncloud-1.4.1-setup.exe  (4fea151076cb6fc2631837643c86bd40fd77b914)

Threat.Generic.Variant.Installer.ownCloud
owncloud-1.4.0-setup.exe  (07753b309d0ce88ce68b4526d003fae42380c382)

Clean
bino-1.4.4-w32.exe  (c34a2736b1460eb3e041a5a5fad86cf757449af7)

Download Reason Core Security - Powerful anti-malware software