home

browser-fix_2012_installer.exe

Startpage24 Startpage

Link64 GmbH

The application browser-fix_2012_installer.exe by Link64 GmbH has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program Toolwiz Time Freeze 2015 by ToolWiz. The file has been seen being downloaded from r2.computerbild.de and multiple other hosts. While running, it connects to the Internet address www.link64.com on port 80 using the HTTP protocol.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Startpage24 Startpage

Description:
Updater [*.exe]

Version:
2.0.0.862

MD5:
7917169f0bcb2f18960d7d64df16e0ff

SHA-1:
380ff37f3a0d152e679aae9415eec54b2d7c0aaf

SHA-256:
dee04cdbcbbdd905c2d52133a8cfc7493f1fc527e5a75e442231e7bb71046b83

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 8:07:22 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Laneul
1.3.0.4246

Reason Heuristics
PUP.Link64GmbH.AA
14.8.29.15

File size:
185.1 KB (189,592 bytes)

Product version:
2.0.0.862

Copyright:
(c) 2008-10 Link64 GmbH. All rights reserved.

Original file name:
Install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\browser-fix_2012_installer.exe

Digital Signature
Signed by:
Link64 GmbH

Authority:
Thawte, Inc.

Valid from:
2/14/2011 1:00:00 AM

Valid to:
2/13/2013 12:59:59 AM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=BW, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15F5E6DF4214F9A5312FC2CB4F217D16

File PE Metadata
Compilation timestamp:
10/16/2012 12:29:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:JEXLyPC/ZbAKUSfnyiEtmVa96h/a7jGjScWTBfvNoiz+yk:JE7ykZbAKZa/GjTWTBn/

Entry address:
0x4B1F

Entry point:
E8, 62, 36, 00, 00, E9, 17, FE, FF, FF, 6A, 0C, 68, 08, 03, 42, 00, E8, 5F, 34, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 50, 92, 42, 00, 77, 22, 6A, 04, E8, 45, 38, 00, 00, 59, 83, 65, FC, 00, 56, E8, 87, 40, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 6B, 34, 00, 00, C3, 6A, 04, E8, 42, 37, 00, 00, 59, C3, 55, 8B, 6C, 24, 08, 83, FD, E0, 0F, 87, 9F, 00, 00, 00, 53, 8B, 1D, F8, A0, 41, 00, 56, 57, 33, F6, 39, 35, B4, 6D, 42, 00, 8B, FD, 75, 18, E8, F4, 29, 00...
 
[+]

Code size:
100 KB (102,400 bytes)

The file browser-fix_2012_installer.exe has been discovered within the following program.

Toolwiz Time Freeze 2015  by ToolWiz
www.Toolwiz.com
About 5% of users remove it
 
Powered by Should I Remove It?

The file browser-fix_2012_installer.exe has been seen being distributed by the following 2 URLs.

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../Browser-Fix_2012_Installer.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/3115564/Browser-Fix_2012_Installer.exe?__cbodl__=1376540834_ca4751fd41b1443dcaae9f61178f312d&_chksum_=7917169f0bcb2f18960d7d64df16e0ff;ct=1;thc=1;b=3115564;c=5511691;tit=COMPUTER BILD-Browser-Fix 2013 2.0.0.886;url=http://www.computerbild.de/.../COMPUTER-BILD-Browser-Fix-2013-5511691.html;sep=|;tce=|;tid=499;tn=Browser-Tools & Multimedia-Plugins;tp=95|365;tc=95|365|499;tpn=Software Kategorie|Browser;cs=1

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to www.link64.com  (82.98.209.173:80)

Remove browser-fix_2012_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.