home

avast-4-home-5-0-507.exe

OCSClient

ThinkLABs Ltd. & Co. KG

The application avast-4-home-5-0-507.exe by ThinkLABs & Co. KG has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the OCSClient Download installer. The installer is marketed through download protals and search ads as the free AVAST Antivirus but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
www.download-sponsor.de  (signed by ThinkLABs Ltd. & Co. KG)

Product:
OCSClient

Version:
1.00

MD5:
4b034bf4a143bfb1ab5e875b707a338e

SHA-1:
c1bd031b503d1c6480fc848e0073f55eaff00ddf

SHA-256:
368d5c664613b7fade2c3117333617c252cbfb07dff1487c5fadfa1c12e88c6b

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
May bundle various unwanted software without adequate user consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/16/2024 1:03:45 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.180.154

AVG
Could be an adware MultiBundle.dropper
2014.0.4040

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/DownloadSponsor.A potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.184.13741

Reason Heuristics
PUP.ThinkLABsCoKG.U
14.10.22.17

Vba32 AntiVirus
Downware.VB.AndreClient
3.12.26.3

VIPRE Antivirus
Threat.4791934
33706

File size:
566.8 KB (580,448 bytes)

Product version:
1.00

Copyright:
Copyright @ www.download-sponsor.de

Original file name:
ocsclient.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OCSClient Download

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup\antivirus\avast-4-home-5-0-507.exe

Digital Signature
Signed by:
ThinkLABs Ltd. & Co. KG

Authority:
Thawte, Inc.

Valid from:
11/19/2012 2:00:00 AM

Valid to:
11/20/2013 1:59:59 AM

Subject:
CN=ThinkLABs Ltd. & Co. KG, O=ThinkLABs Ltd. & Co. KG, L=Pfarrkirchen, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
07887F9E890968F4282F5DDADFFE84E7

File PE Metadata
Compilation timestamp:
1/15/2013 5:37:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:KKbCiZunfCElJk12MetPHNaP+HI9ygY0bPmAHw4HFfEysVufBn597NX29:K9VfXlJkEMYNaGU/jQysgfBnnl29

Entry address:
0x1560

Entry point:
68, 40, 49, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, A7, EA, F7, 3B, A5, 54, 05, 46, 89, F4, 05, 68, 77, E3, 14, 97, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 00, CD, 1F, 04, DB, C2, 4F, A0, 4B, AD, 6A, C0, 2F, 3D, 90, A6, 9E, AA, A0, 54, 3C, 83, 6C, 94, 41, 9D, E8, F9, A6, 99, C6, 4C, 58, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
40 KB (40,960 bytes)

Remove avast-4-home-5-0-507.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.