home

ssdtweaker_cb-dl-manager.exe

COMPUTER BILD Digital GmbH

The application ssdtweaker_cb-dl-manager.exe by COMPUTER BILD Digital GmbH has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Covus installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d2.computerbild.de.
Publisher:
COMPUTER BILD Digital GmbH  (signed and verified)

MD5:
fd1414ec64d00581368279538534e5f2

SHA-1:
bade632ddcdb379c635df2de3719230402a9b921

SHA-256:
2ac94419bb025dcfae487dde8fa6cf617e176d9ce805acb76acf48dbcd0f9225

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/16/2024 2:42:47 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallCore.OZ potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.181.12846

Reason Heuristics
PUP.COMPUTERBILDDigitalGmbH.Y
14.7.25.13

File size:
768.9 KB (787,392 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ssdtweaker_cb-dl-manager.exe

Digital Signature
Signed by:
COMPUTER BILD Digital GmbH

Authority:
Thawte, Inc.

Valid from:
1/9/2014 1:00:00 AM

Valid to:
12/25/2015 12:59:59 AM

Subject:
CN=COMPUTER BILD Digital GmbH, O=COMPUTER BILD Digital GmbH, L=Hamburg, S=Hamburg, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
727178E5F63BC61D108FA7070AF55522

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:2NvpBaEZEOKzE8KMT0CPg7HgV1xgFFSPUep5BtBWiN9SLvENTvC8Sf4AQXAVe:2NvDaEL38fig2TSMk5BtoUSgTo16AVe

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file ssdtweaker_cb-dl-manager.exe has been seen being distributed by the following URL.

http://d2.computerbild.de/?ic_user_id=917

Remove ssdtweaker_cb-dl-manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.