home

libreoffice - chip-installer.exe

CHIP Digital GmbH

The application libreoffice - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Covus installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
CHIP Digital GmbH  (signed and verified)

Description:
CHIP Secured Installer

Version:
1.0.6.0

MD5:
944fa850463d1c53d2d494eb94518e93

SHA-1:
3262a02a07f6248a3336fed6cb7b5d39a1952a45

SHA-256:
a0d652474b7d7ff89bafe55b6f478513a3020168f50a3b219ddd6992b7bf693c

Scanner detections:
4 / 68

Status:
Potentially unwanted

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 11:59:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

ESET NOD32
Win32/DownloadSponsor.C potentially unwanted application
7.0.302.0

F-Secure
Riskware.Application.Bundler.Agent
5.13.68

McAfee
Artemis!19D8275624DB
5600.6868

File size:
1.1 MB (1,191,200 bytes)

Product version:
1.0.6.0

Copyright:
Copyright © 2015 Chip Digital GmbH

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\libreoffice - chip-installer.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
DigiCert Inc

Valid from:
1/7/2015 1:00:00 AM

Valid to:
2/24/2016 1:00:00 PM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=München, S=Bavaria, C=DE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01A0C3E3BC069F71B464AAD34063E209

File PE Metadata
Compilation timestamp:
1/21/2015 11:39:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Zq5TfcdHj4fmbA2qT0MmV0VMXR9mOphGkDKTeOffsGi/:ZUTsamUxJOzrOffc

Entry address:
0x1A3890

Entry point:
60, BE, 00, 00, 55, 00, 8D, BE, 00, 10, EB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
336 KB (344,064 bytes)

Remove libreoffice - chip-installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.