» imgburn.exe
Overview
Analysis
File Details
Downloads (1)

imgburn.exe

CHIP Digital GmbH

The application imgburn.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The file has been seen being downloaded from www.tr.downloads-hub.com.

File name:

imgburn.exe

Publisher:

CHIP Digital GmbH (signed and verified)

Description:

CHIP Secured Installer

Version:

1.0.7.6

MD5:

50ad1b3d3dad77d9a483889c55b3a3e2

SHA-1:

1ef061b03fa596c069cd6a75b001b9ae82efbac7

SHA-256:

eba26cf59e66b2fba5cf6db2b307b53e5666c08507c6d0866531a5393807697a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/18/2024 9:51:05 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.1.21.16

File size:

1.1 MB (1,164,184 bytes)

Product version:

1.0.7.6

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\imgburn.exe

Digital Signature

Signed by:

CHIP Digital GmbH

Authority:

COMODO CA Limited

Valid from:

6/30/2015 1:00:00 AM

Valid to:

6/30/2016 12:59:59 AM

Subject:

CN=CHIP Digital GmbH, OU=Download Development, O=CHIP Digital GmbH, STREET=St.-Martin-Straße 66, L=München, S=Bayern, PostalCode=81541, C=DE

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2A68C822ECB5BBB6F677B31B69C07F78

File PE Metadata

Compilation timestamp:

9/1/2015 3:16:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:0q5TfcdHj4fmbUB2qR0MmV0VMX8y/fZJaqO/pw/Xf:0UTsamex8/q/pA

Entry address:

0x19C880

Entry point:

60, BE, 00, 90, 54, 00, 8D, BE, 00, 80, EB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

6.9831

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

336 KB (344,064 bytes)

The file imgburn.exe has been seen being distributed by the following URL.

http://www.tr.downloads-hub.com/downloadca/.../54406863?source=landingpage

Remove imgburn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.