× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c0c69a714c077f1f2463a2e4cc4c84500205d6d4cb87ff0bbb4fd55c7f2aa67
File name: vlc-2.2.6-win32.exe
Detection ratio: 11 / 64
Analysis date: 2017-07-23 08:11:00 UTC ( 1 year, 8 months ago )
Antivirus Result Update
AhnLab-V3 PUP/Win32.InstallCore.R204872 20170722
AVware InstallCore (fs) 20170721
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170710
DrWeb Trojan.InstallCore.3137 20170723
Emsisoft Application.AdInstall (A) 20170723
ESET-NOD32 a variant of Win32/InstallCore.AVE potentially unwanted 20170723
K7AntiVirus Adware ( 005126081 ) 20170723
K7GW Adware ( 005126081 ) 20170723
Malwarebytes PUP.Optional.InstallCore 20170723
VIPRE InstallCore (fs) 20170723
Webroot Pua.Adware.Installcore 20170723
Ad-Aware 20170723
AegisLab 20170723
Alibaba 20170721
ALYac 20170723
Antiy-AVL 20170723
Arcabit 20170723
Avast 20170723
AVG 20170723
Avira (no cloud) 20170722
Baidu 20170721
BitDefender 20170723
Bkav 20170722
CAT-QuickHeal 20170722
ClamAV 20170723
CMC 20170721
Comodo 20170723
Cylance 20170723
Cyren 20170723
Endgame 20170721
F-Prot 20170723
F-Secure 20170723
Fortinet 20170723
GData 20170723
Ikarus 20170722
Sophos ML 20170607
Jiangmin 20170723
Kaspersky 20170723
Kingsoft 20170723
MAX 20170723
McAfee 20170723
McAfee-GW-Edition 20170723
Microsoft 20170723
eScan 20170723
NANO-Antivirus 20170723
nProtect 20170723
Palo Alto Networks (Known Signatures) 20170723
Panda 20170722
Qihoo-360 20170723
Rising 20170723
SentinelOne (Static ML) 20170718
Sophos AV 20170723
SUPERAntiSpyware 20170723
Symantec 20170722
Symantec Mobile Insight 20170720
Tencent 20170723
TheHacker 20170723
TotalDefense 20170723
TrendMicro 20170723
TrendMicro-HouseCall 20170723
Trustlook 20170723
VBA32 20170721
ViRobot 20170722
WhiteArmor 20170721
Yandex 20170721
Zillya 20170721
ZoneAlarm by Check Point 20170723
Zoner 20170723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Internet Installer
File version
Description Internet Installer Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signers
[+] Source Delivery (Alpha Criteria Ltd.)
Status Valid
Issuer GlobalSign CodeSigning CA - SHA256 - G3
Valid from 10:07 AM 11/11/2016
Valid to 10:07 AM 11/12/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B9826AA52B035DC31996551FC53C1140E53F78F0
Serial number 30 0E 07 B7 5C C6 DA 49 C8 D2 BF 4E
[+] GlobalSign CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 1:00 AM 6/15/2016
Valid to 1:00 AM 6/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 090D03435EB2A8364F79B78CB173D35E8EB63558
Serial number 48 1B 6A 07 26 D2 E8 3F 26 02 D4 82 5A CD
[+] GlobalSign
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-28 12:39:51
Entry Point 0x000113BC
Number of sections 8
PE sections
Overlays
MD5 1f591a6e71a51d524a17d7af7a59fcd5
File type data
Offset 119296
Size 1927792
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
53248

ImageVersion
6.0

ProductName
Internet Installer

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2015:12:28 13:39:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.1

FileDescription
Internet Installer Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
65024

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x113bc

ObjectFileType
Executable application

File identification
MD5 244e283052f1bb20c2cac17cadd896c2
SHA1 8c20494c6718a016bf7dfc4235fd444a4d0c9fb9
SHA256 0c0c69a714c077f1f2463a2e4cc4c84500205d6d4cb87ff0bbb4fd55c7f2aa67
ssdeep
49152:NP30NNDIM5BYfhj1xS15TpVZNiyNI0J74XlY6pD8II:B0NNf5BYfhjgZNiyNIMMzpk

authentihash 54a9fcdad1e8a32d42169ff612b56539e9ad08dca14610318c53c170da2ddea5
imphash 48aa5c8931746a9655524f67b25a47ef
File size 2.0 MB ( 2047088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (57.2%)
Win32 Executable (generic) (18.2%)
Win16/32 Executable Delphi generic (8.3%)
Generic Win/DOS Executable (8.0%)
DOS Executable Generic (8.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-07-23 08:11:00 UTC ( 1 year, 8 months ago )
Last submission 2017-07-23 08:11:00 UTC ( 1 year, 8 months ago )
File names vlc-2.2.6-win32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Runtime DLLs
UDP communications