home

firefox - chip-downloader.exe

OCSClient

CHIP Digital GmbH

The application firefox - chip-downloader.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
CHIP Digital GmbH  (signed and verified)

Product:
OCSClient

Description:
CHIP Secured Installer

Version:
7.00

MD5:
ee20821d6509b60b9fde60aeb3e8cdfc

SHA-1:
a650ad8429d6eb446c02f708aa3193f36f35e057

SHA-256:
6fe1fc84feeb700397aca2ecef0092efa2af36c46c002b3651788eab2a813349

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
May bundle various unwanted software without adequate user consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 12:52:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.212.188

AVG
Could be an adware MultiBundle.dropper
2016.0.2938

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.2124
9.0.1.0305

ESET NOD32
Win32/DownloadSponsor.C potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of adwcleaner - chip-downloader.exe
2015.11.1.17

NANO AntiVirus
Trojan.Win32.Downware.dkkmcy
0.30.0.296

Reason Heuristics
PUP.Covus.CHIPDigital.Bundler (M)
15.9.6.11

SUPERAntiSpyware
Adware.Downware/Variant
9534

Zillya! Antivirus
Trojan.Staser.Win32.2460
2.0.0.2083

File size:
600.4 KB (614,792 bytes)

Product version:
7.00

Copyright:
Copyright © 2014 Chip Digital GmbH

Original file name:
ocsclient.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\downloads\firefox - chip-downloader.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
COMODO CA Limited

Valid from:
1/8/2014 1:00:00 AM

Valid to:
1/9/2015 12:59:59 AM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, STREET=St.-Martin-Str. 66, L=Munich, S=Bavaria, PostalCode=81541, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F0BAAB0E388698D0A2DD8D584AF69876

File PE Metadata
Compilation timestamp:
1/15/2014 3:02:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:hKWlw1DxDRASIAfCEv2YUMNJlaJuNlK17Y4c83fhysVufBn597NX2:h7lw1Dxd5zfXeYU43fiysgfBnnl2

Entry address:
0x1620

Entry point:
68, 08, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 6C, 51, CB, CF, 4C, 39, 05, 47, 9B, A7, 1A, 8F, 7C, 78, 87, FE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 03, 76, 0F, D7, 04, EA, F7, DC, 4B, 85, 6D, 25, A8, 40, C8, C5, 30, F6, 07, 2C, 55, A5, 90, CA, 4A, A7, 78, 6F, 37, 88, E2, A6, 56, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
96 KB (98,304 bytes)

Remove firefox - chip-downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.