home

TubeBoxSetup_tubebox_org.exe

TubeBox

Freemium GmbH

The file TubeBoxSetup_tubebox_org.exe by Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl-2.kbm2.com.
Publisher:
Freetec  (signed by Freemium GmbH)

Product:
TubeBox

Version:
4.2.0

MD5:
d22461a6c18954b609b9ab9c2857c234

SHA-1:
5d6c5d127268abceabf7195696bf729938bf606c

SHA-256:
749eb46820852e278b751c7c0d59657e0b1cf428fea46c5d70c2592f6e7e7d09

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 5:05:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus.Freemium.Bundler (M)
16.2.7.23

File size:
14.8 MB (15,556,240 bytes)

Product version:
4.2.0

Copyright:
Copyright (c) Freetec. All rights reserved.

Original file name:
TubeBoxSetup_tubebox_org.exe

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\793c2f2.tmp

Digital Signature
Signed by:
Freemium GmbH

Authority:
GlobalSign nv-sa

Valid from:
2/13/2012 1:34:07 AM

Valid to:
2/13/2013 1:34:07 AM

Subject:
CN=Freemium GmbH, O=Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121252CF10F5361359FEF99CB5B54F17E94

File PE Metadata
Compilation timestamp:
9/3/2012 6:44:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:BePWajx78E42GA8Zt4RJY6Xg8jUl5sJcXBHrDoui1Z7CH3V9wdhK5pE:BetjDGHn4RhLUcWXJDi1Zejw3K52

Entry address:
0x474B

Entry point:
E8, AC, 14, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 01, 15, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 55, 47, 40, 00, FF, 15, 7C, 11, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 84, 11, 40, 00, FF, 75, 08, FF, 15, 80, 11, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00...
 
[+]

Entropy:
7.9974  (probably packed)

Code size:
311.5 KB (318,976 bytes)

The file TubeBoxSetup_tubebox_org.exe has been seen being distributed by the following URL.

http://dl-2.kbm2.com/.../tubeboxORG20130213.exe

Remove TubeBoxSetup_tubebox_org.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.