» Download Manager fuer Java.exe
Overview
Analysis
File Details
Downloads (1)

Download Manager fuer Java.exe

Covus Freemium GmbH

The application Download Manager fuer Java.exe by Covus Freemium GmbH has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from www.downloadplace.de.

File name:

Publisher:

Covus Freemium GmbH (signed and verified)

MD5:

4f4a1a00fcc7b338cd13a1ac7c2cf2e4

SHA-1:

fb224251bed3d263c3a0739bedaadbb4ad03f594

SHA-256:

670eb5b28704ee720550628e8a5ec0478c9b36e665d5f440be59c0be5b42ff8c

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 8:24:48 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic_s

2015.0.3414

ESET NOD32

Win32/DownloadGuide (variant)

8.9676

G Data

Win32.Application.DownloadGuide

14.4.24

Malwarebytes

PUP.Optional.Breitschopp

v2014.04.14.05

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.Optional.CovusFreemiumGmbH.AA

14.4.14.6

VIPRE Antivirus

DownloadGuide

28228

File size:

448.9 KB (459,672 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

English (United States)

Common path:

C:\users\{user}\downloads\download manager fuer java.exe

Digital Signature

Signed by:

Covus Freemium GmbH

Authority:

GlobalSign nv-sa

Valid from:

1/28/2013 4:21:57 AM

Valid to:

1/29/2015 4:21:57 AM

Subject:

CN=Covus Freemium GmbH, O=Covus Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11211DBCB8A07ED407612FC406EFD259BE29

File PE Metadata

Compilation timestamp:

4/9/2014 3:11:46 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:9mvJd2CV3q9gAdYz9VmsipjApXnkEPL2E1xpa+kCF6GH8VPflPrbZ38iWbVy+T4o:od+amjyXkEPLT7buVX1iNvEL4

Entry address:

0x1A4E7

Entry point:

E8, BD, 48, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, DC, 7D, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40... 
[+]

Entropy:

6.9719

Code size:

148 KB (151,552 bytes)

The file Download Manager fuer Java.exe has been seen being distributed by the following URL.

http://www.downloadplace.de/94e7e5ce5c391c63a8c6afbd66650854/.../3065

Remove Download Manager fuer Java.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.