dkb-cashback_ie_ff_ch.exe

DKB-Cashback

Deutsche Kreditbank Aktiengesellschaft

The application dkb-cashback_ie_ff_ch.exe, “DKB-Cashback Installer” by Deutsche Kreditbank Aktiengesellschaft has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
dkbbrowserextension  (signed by Deutsche Kreditbank Aktiengesellschaft)

Product:
DKB-Cashback

Description:
DKB-Cashback Installer

Version:
1.24.151.151

MD5:
4523dab8e1c0cb16168a0024f262a11e

SHA-1:
a9f19157b6eaa6c1075b271c5a9544d0a8a6ea34

SHA-256:
82128a9b009f411d248432b9f2693e8a3a0e2665b359605617b429bf98cfbd5a

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
7/7/2020 10:34:00 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crossrider-C [PUP]
2014.9-140513

Dr.Web
Adware.Plugin.22
9.0.1.0133

ESET NOD32
Win32/Packed.ScrambleWrapper
8.8597

Reason Heuristics
PUP.Installer.DeutscheKreditbankAktiengesellschaft.V
14.7.17.10

Sophos
Generic PUA EL
4.91

File size:
2.7 MB (2,856,032 bytes)

Copyright:
Copyright dkbbrowserextension

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\dkb-cashback_ie_ff_ch.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/2/2012 1:00:00 AM

Valid to:
11/3/2014 12:59:59 AM

Subject:
CN=Deutsche Kreditbank Aktiengesellschaft, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Deutsche Kreditbank Aktiengesellschaft, L=Berlin, S=Berlin, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4264838238A7BFA682EE90E7AFFF1D32

File PE Metadata
Compilation timestamp:
1/5/2010 1:09:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:Rk7V4wolZVx/2rllT+/T5IfU2rAlt+8wMEcymoC+oqZtQVw2rPOnOnH:q7qJ9gllWzN+lsqZWGYPOnOH

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Code size:
33 KB (33,792 bytes)

Remove dkb-cashback_ie_ff_ch.exe - Powered by Reason Core Security