home

dmr_72.exe

CHIP Secured Installer

CHIP Digital GmbH

The application dmr_72.exe by CHIP Digital GmbH has been detected as a potentially unwanted program by 6 anti-malware scanners. While running, it connects to the Internet address www2.chdi-server.de on port 80 using the HTTP protocol.
Publisher:
CHIP Digital GmbH  (signed and verified)

Product:
CHIP Secured Installer

Description:
DMR

Version:
1.0.7.4

MD5:
1b81fa48134378f2b8d54a41fcfcf0ca

SHA-1:
ff6fd97bcc603890c9bdffebe992a8b95d4f2686

SHA-256:
5e2931d27098e63b67126ec2e036d8e2f4e46814d8c777c0307e3eec3b947707

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 9:55:23 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.DownloadSponsor
4.0.3.15723

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.Downware.10929
9.0.1.0204

ESET NOD32
Win32/DownloadSponsor.C potentially unwanted (variant)
9.11980

Fortinet FortiGate
Riskware/DownloadSponsor
7/23/2015

Reason Heuristics
PUP.Covus.CHIPDigitalGmbH.Installer (M)
15.7.23.11

File size:
373.3 KB (382,240 bytes)

Product version:
1.0.7.4

Copyright:
Copyright © 2015 Chip Digital GmbH

Trademarks:
CHIP Secured Installer

Original file name:
DMR.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dmr_72.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
DigiCert Inc

Valid from:
1/6/2015 7:00:00 PM

Valid to:
2/24/2016 7:00:00 AM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=München, S=Bavaria, C=DE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01A0C3E3BC069F71B464AAD34063E209

File PE Metadata
Compilation timestamp:
7/22/2015 9:49:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:+wHmhAXIsYzuOmEhBaomW48bhvCTnPeO5hZ1k9QiEkQf99:+wHmhYE6NQoCwsC9

Entry address:
0x5AADE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1975

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
355 KB (363,520 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www2.thinklabs-cluster.de  (148.251.198.119:80)

TCP (HTTP):
Connects to static.245.97.9.176.clients.your-server.de  (176.9.97.245:80)

TCP (HTTP):
Connects to www2.chdi-server.de  (5.9.198.83:80)

TCP (HTTP):
Connects to www1.thinklabs-cluster.de  (148.251.198.118:80)

TCP (HTTP):
Connects to www1.chdi-server.de  (176.9.97.244:80)

TCP (HTTP):
Connects to ocs3.chdi-server.de  (5.9.176.3:8080)

TCP (HTTP):
Connects to ocs2.chdi-server.de  (5.9.116.27:80)

TCP (HTTP):
Connects to ocs1.chdi-server.de  (5.9.175.19:80)

TCP (HTTP):
Connects to a104-121-150-232.deploy.static.akamaitechnologies.com  (104.121.150.232:80)

Remove dmr_72.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.