» dkb-cashback_ie_ff_ch.exe
Overview
Analysis
File Details

dkb-cashback_ie_ff_ch.exe

DKB-Cashback

Deutsche Kreditbank Aktiengesellschaft

The application dkb-cashback_ie_ff_ch.exe, “DKB-Cashback Installer” by Deutsche Kreditbank Aktiengesellschaft has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

dkbbrowserextension (signed by Deutsche Kreditbank Aktiengesellschaft)

Product:

DKB-Cashback

Description:

DKB-Cashback Installer

Version:

1.24.151.151

MD5:

4523dab8e1c0cb16168a0024f262a11e

SHA-1:

a9f19157b6eaa6c1075b271c5a9544d0a8a6ea34

SHA-256:

82128a9b009f411d248432b9f2693e8a3a0e2665b359605617b429bf98cfbd5a

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/25/2024 11:12:12 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Crossrider-C [PUP]

2014.9-140513

Dr.Web

Adware.Plugin.22

9.0.1.0133

ESET NOD32

Win32/Packed.ScrambleWrapper

8.8597

Reason Heuristics

PUP.Installer.DeutscheKreditbankAktiengesellschaft.V

14.7.17.10

Sophos

Generic PUA EL

4.91

File size:

2.7 MB (2,856,032 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\downloads\dkb-cashback_ie_ff_ch.exe

Digital Signature

Signed by:

Deutsche Kreditbank Aktiengesellschaft

Authority:

VeriSign, Inc.

Valid from:

11/2/2012 1:00:00 AM

Valid to:

11/3/2014 12:59:59 AM

Subject:

CN=Deutsche Kreditbank Aktiengesellschaft, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Deutsche Kreditbank Aktiengesellschaft, L=Berlin, S=Berlin, C=DE

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4264838238A7BFA682EE90E7AFFF1D32

File PE Metadata

Compilation timestamp:

1/5/2010 1:09:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

49152:Rk7V4wolZVx/2rllT+/T5IfU2rAlt+8wMEcymoC+oqZtQVw2rPOnOnH:q7qJ9gllWzN+lsqZWGYPOnOH

Entry address:

0x4044

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D... 
[+]

Code size:

33 KB (33,792 bytes)

Remove dkb-cashback_ie_ff_ch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.