home

download-avast-free-antivirus.exe

Covus Freemium GmbH

The application download-avast-free-antivirus.exe by Covus Freemium GmbH has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the free AVAST Antivirus but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Covus Freemium GmbH  (signed and verified)

MD5:
92042f92621e15009ff5b53c94e24777

SHA-1:
1440fd974c9736da59df6fe16f09d416b8524b0e

SHA-256:
a677beb31e921c4ef81a5a30ef863a884e216ef2b1942dbeff158db110b8046d

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 10:22:08 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:DownloadGuide-H [PUP]
2014.9-150327

AVG
Generic
2016.0.3158

Clam AntiVirus
Win.Trojan.Downloadguide-1
0.98/20247

Comodo Security
Application.Win32.DownloadGuide.AK
21554

Dr.Web
Adware.Downware.9168
9.0.1.086

ESET NOD32
Win32/DownloadGuide.D potentially unwanted application
9.7.0.302.0

G Data
Win32.Application.Downloadguide
15.3.24

herdProtect (fuzzy)
variant of recuva.exe (Adware)
2015.7.2.1

K7 AntiVirus
Unwanted-Program
13.202.15399

Kaspersky
not-a-virus:Downloader.Win32.DownloadHelper
15.0.0.543

Malwarebytes
PUP.Optional.Eguide
v2015.03.27.07

NANO AntiVirus
Trojan.Win32.MLW.divivp
0.28.6.63474

Reason Heuristics
PUP.Bundler.Covus
15.3.27.7

Vba32 AntiVirus
Downloader.DownloadHelper
3.12.26.3

VIPRE Antivirus
Threat.4150696
35010

Zillya! Antivirus
Downloader.DownloadHelper.Win32.66
2.0.0.2118

File size:
668.1 KB (684,144 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\downloads\download-avast-free-antivirus.exe

Digital Signature
Signed by:
Covus Freemium GmbH

Authority:
GlobalSign nv-sa

Valid from:
1/28/2013 12:21:57 PM

Valid to:
1/29/2015 11:21:57 AM

Subject:
CN=Covus Freemium GmbH, O=Covus Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211DBCB8A07ED407612FC406EFD259BE29

File PE Metadata
Compilation timestamp:
11/13/2014 10:40:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Rv9p7LRxf8HMmN6bSOOn6FMj3xzmmhrFOgsqZHGNJkC+RPTvzuVX1jTwI4wxrGn4:7p7LRxf8HMmN6br2hmmhrFOgsqZHGURa

Entry address:
0x2DF55

Entry point:
E8, 98, 65, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 7E, 1A, 00, 00, 6A, 16, 5E, 89, 30, E8, 22, 1A, 00, 00, 8B, C6, E9, 8F, 00, 00, 00, 57, 39, 5D, 08, 77, 13, E8, 62, 1A, 00, 00, 6A, 16, 5E, 89, 30, E8, 06, 1A, 00, 00, 8B, C6, EB, 75, 33, C9, 39, 5D, 10, 88, 1E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 3F, 1A, 00, 00, 6A, 22, EB, DB, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C9, 8B, CE, 39, 5D, 10, 74, 0B, 33, DB, 43, C6, 06, 2D, 8D, 4E, 01, F7, D8, 8B, F9...
 
[+]

Entropy:
6.9331

Code size:
397.5 KB (407,040 bytes)

Remove download-avast-free-antivirus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.