home

TubeBoxSetup.exe

TubeBox

Freemium GmbH

The application TubeBoxSetup.exe by Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. It is also typically executed from the user's temporary directory.
Publisher:
Freetec  (signed by Freemium GmbH)

Product:
TubeBox

Version:
1.0.0.0

MD5:
b7067a24e95f35f33eca1de2796db46f

SHA-1:
c13c26d6f0b69d232e9d8ff932f4ff4d6ac65dae

SHA-256:
d64bf5591c9697ab393cb35a8473deb60cdfd9550f379b7c4c7684e468206dbf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/20/2024 2:42:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus.Freemium.Bundler (M)
16.5.21.11

File size:
14.5 MB (15,204,176 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (c) Freetec. All rights reserved.

Original file name:
TubeBoxSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\tubeboxsetup.exe

Digital Signature
Signed by:
Freemium GmbH

Authority:
GlobalSign nv-sa

Valid from:
2/13/2012 10:34:07 AM

Valid to:
2/13/2013 10:34:07 AM

Subject:
CN=Freemium GmbH, O=Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121252CF10F5361359FEF99CB5B54F17E94

File PE Metadata
Compilation timestamp:
9/3/2012 3:44:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:L1mKZYsBet7PHB2Bny4r91Y2LQEKONaJ0BN6lBxIi17x1+/L/DbPbH:xxB4t7PHoBNNEEKMaJXPpcL/bH

Entry address:
0x474B

Entry point:
E8, AC, 14, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 01, 15, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 55, 47, 40, 00, FF, 15, 7C, 11, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 84, 11, 40, 00, FF, 75, 08, FF, 15, 80, 11, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00...
 
[+]

Code size:
311.5 KB (318,976 bytes)

Remove TubeBoxSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.