The VideoLAN Forums

Discussion and support for VLC media player and friends
http://forum.videolan.org/

vlc-3.0.3-win64.exe has Trojan.Inject!ZKnhxDAIRCs according to VirusTotal

http://forum.videolan.org/viewtopic.php?f=14&t=146081

Page 1 of 1

vlc-3.0.3-win64.exe has Trojan.Inject!ZKnhxDAIRCs according to VirusTotal

Posted: 23 Aug 2018 17:51
by jfkelley
Yandex (via VirusTotal.com) found the Trojan.Inject!ZKnhxDAIRCs trojan in the executable. I did verify the SHA256 hash (using PowerShell "Get-FileHash").

VirusTotal report: https://www.virustotal.com/#/file/59940 ... /detection

I'm afraid to install it, despite Windows Defender scan not finding anything wrong.

BTW: RE: getting the SHA256 on Windows... It took me a while to figure out, but I ended up writing this handy batch file:
PowerShell.exe -Command "Get-FileHash -LiteralPath %1 -Algorithm SHA1"
PowerShell.exe -Command "Get-FileHash -LiteralPath %1 -Algorithm SHA256"
PowerShell.exe -Command "Get-FileHash -LiteralPath %1 -Algorithm MD5"

Re: vlc-3.0.3-win64.exe has Trojan.Inject!ZKnhxDAIRCs according to VirusTotal

Posted: 23 Aug 2018 19:23
by InTheWings
https://forum.videolan.org/search.php?keywords=virus

Re: vlc-3.0.3-win64.exe has Trojan.Inject!ZKnhxDAIRCs according to VirusTotal

Posted: 23 Aug 2018 22:09
by jfkelley
Thank you InTheWings for the link to the forum search. A lot of information to digest. It did point me to Hybrid:
https://www.hybrid-analysis.com/sample/ ... 9968828035

Which, in spite of 14 "Suspicious" indicators, did label the file as "whitelisted", whatever that means.

I may just chance it if no one has any idea what this "Inject" trojan is about (it may be a false hit?)
All times are UTC+01:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/