Reason Labs

vlc-2.2.1-win32.exe

The executable vlc-2.2.1-win32.exe has been detected as malware named Threat.Generic.Variant.Installer. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source.
MD5:
e260cc2ab8c0026c3b604e373811f366

SHA-1:
8baacbdf26566fcc86b6d0ec8b8fc332b2aa9966

SHA-256:
da8b41cfd4695ac1b93642b6bb7d8d5fe273bdeeaf7ba498a4d34d2e182c48cf

Detection:
Threat.Generic.Variant.Installer

Risk:
Medium

Explanation:
This is the installer or a potentially unwanted Program (PUP).

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
10/19/2018 4:44:59 AM UTC  (today)

File size:
1.2 MB (1,262,571 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\vlc-2.2.1-win32.exe

File PE Metadata
Compilation timestamp:
12/16/2014 1:34:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

Entry address:
0x4377

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 42, 00, 56, A3, 30, AD, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 81, 3C, 00, 00, A3, 00, AE, 42, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9387  (probably packed)

Characteristics:
0x783

Code size:
34.5 KB (35,328 bytes)

There are numerous known code variantions that share the same compilation structure.

PUP.BetterInstaller.Somoto
UnlockRoot_downloader_by_UnlockRoot.exe  2.1.0.0  (a154fe73378b4816e18fd14036e7a78653985421)

PUP.BetterInstaller.Somoto
DVDShrink_downloader_by_DVDShrink.exe  2.1.0.0  (7e875d649fbf32cb7a279fbb1603e8b9aebaa479)

PUP.BetterInstaller.Somoto
verdana_downloader_by_schriftartenfontsde.exe  2.1.0.0  (75e48b4957c54cce435ca49980d15967ff682c45)

PUP.BetterInstaller.Somoto
tmp5c95.tmp.exe  2.1.0.0  (8a3903dddc3657631b01b95531fcebbbe7b22ba0)

PUP.BetterInstaller.Somoto
ntimediamaker9crack_downloader_xfinder.exe  2.0.0.0  (b60e1a478666c613b5014c08d9236f3d687c4291)

PUP.BetterInstaller.Somoto
pccleanuputility_ss.exe  2.0.0.0  (71d88c0391f12273717e246f6744e004bf5db836)

PUP.BetterInstaller.Somoto
mhotspot_downloader.exe  1.2.0.0  (17ecad2a06d390504c3484f44ba4e64b7f1b79ab)

PUP.BetterInstaller.Somoto
CheatEngine63.exe  1.2.0.0  (6d6f591b036398fe29624861504017760e34a433)

PUP.BetterInstaller.Somoto
tmp4363.tmp.exe  1.2.0.0  (bbeb21ad9c0de41c1a676df2154c078c86700adf)

PUP.InnovativeApps
solidsavings_20130712.exe  1.1.1.1  (ce6d39ea531f3ca13475719f4ab222e8e72110bc)

PUP.AdPeak
getsavin.exe  (6e58f436c909e057384670976c98e672f58926f0)

Threat.Generic.Variant.Installer
prey-0.6.0-win.exe  (45158392c71111cdf9b9a5f957f8a698ce971082)

PUP.AdPeak
couponamazing.exe  (8e9a6f65d7960a7c90c627e2760fb5c416bd244c)

PUP.AdPeak
getsavin.exe  (2668db81ac948134030260a4fe22faa15619d592)

PUP.AdPeak
getsavin.exe  (88879948966fbf3d1fc2f55750de23163856aa66)

Download Reason Core Security - Powerful anti-malware software