home

firefox - chip-installer.exe

CHIP Digital GmbH

The application firefox - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
CHIP Digital GmbH  (signed and verified)

Description:
CHIP Secured Installer

Version:
1.0.7.2

MD5:
9b83d92434c5b8f5b52035e6190dfc21

SHA-1:
cc2d1aa85b1721d41e9dc8655aa27b847f4263c0

SHA-256:
849feb241e3ea574d3509a7be7364b7d17bd4f800d86b59358eb0820ad8812ac

Scanner detections:
7 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 3:25:37 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

ESET NOD32
Win32/DownloadSponsor.C potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of idevice manager iphone explorer - chip-installer.exe
2015.6.12.17

Malwarebytes
PUP.Optional.Downloader
v2015.06.12.05

McAfee
Artemis!A00DC5A8831C
5600.6835

Reason Heuristics
PUP.Optional.Bundler.Covus
15.3.6.3

Rising Antivirus
PE:Backdoor.Win32.DarkKomet.b!1075356506
23.00.65.15304

File size:
1.1 MB (1,203,488 bytes)

Product version:
1.0.7.2

Copyright:
Copyright © 2015 Chip Digital GmbH

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\firefox - chip-installer.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
DigiCert Inc

Valid from:
1/7/2015 1:00:00 AM

Valid to:
2/24/2016 1:00:00 PM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=München, S=Bavaria, C=DE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01A0C3E3BC069F71B464AAD34063E209

File PE Metadata
Compilation timestamp:
2/11/2015 4:35:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:zq5TfcdHj4fmbo2q+0MmV0VMXfGqcnUsG0Eh3lWaUnfnnO/sWv0:zUTsamsxW3nhwlonnO/g

Entry address:
0x1A6890

Entry point:
60, BE, 00, 30, 55, 00, 8D, BE, 00, E0, EA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
336 KB (344,064 bytes)

Remove firefox - chip-installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.