» vlc media player 32 bit - chip-installer.exe
Overview
Analysis
File Details
Downloads (1)

vlc media player 32 bit - chip-installer.exe

CHIP Digital GmbH

The application vlc media player 32 bit - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 26 anti-malware scanners. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from x.chip.de.

File name:

Publisher:

CHIP Digital GmbH (signed and verified)

Description:

CHIP Secured Installer

Version:

1.0.0.0

MD5:

4370f984e14508791ad5111211cba979

SHA-1:

2c295f8139b7f53b69faa19a6a367f60a957df31

SHA-256:

d647b14a30e3b93a6b89ebf370199d72968dbb94b9a04d3159a7df3e59fa9f0b

Scanner detections:

26 / 68

Status:

Potentially unwanted

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 10:27:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1602076

856

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

avast!

Win32:Adware-BLN [Adw]

2014.9-141002

Baidu Antivirus

Adware.Win32.Illyx

4.0.3.14102

Bitdefender

Trojan.GenericKD.1602076

1.0.20.1375

Comodo Security

ApplicUnwnt

18107

Dr.Web

BackDoor.Cybergate.1

9.0.1.0275

Emsisoft Anti-Malware

Trojan.GenericKD.1602076

8.14.10.02.05

ESET NOD32

Win32/GameTool.BB

8.9603

Fortinet FortiGate

W32/FrauDrop.ADJIS!tr

10/2/2014

F-Secure

Trojan.GenericKD.1602076

11.2014-02-10_5

G Data

Trojan.GenericKD.1602076

14.10.24

IKARUS anti.virus

Trojan-Dropper.Win32.FrauDrop

t3scan.2.2.29

K7 AntiVirus

Riskware

13.176.11584

Kaspersky

Trojan-Dropper.Win32.FrauDrop

14.0.0.3164

Malwarebytes

Trojan.Inject.RRE

v2014.10.02.05

McAfee

Artemis!37BD65F12E99

5600.6990

MicroWorld eScan

Trojan.GenericKD.1602076

15.0.0.825

Norman

Suspicious_Gen4.FXLPV

11.20141002

nProtect

Trojan.GenericKD.1602076

14.03.27.01

Qihoo 360 Security

Win32/Trojan.Dropper.0c3

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.2.5

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R00UH07C914

7.2.275

Vba32 AntiVirus

TrojanPSW.Ruftar

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

27776

File size:

1.1 MB (1,101,648 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\vlc media player 32 bit - chip-installer.exe

Digital Signature

Signed by:

CHIP Digital GmbH

Authority:

Thawte, Inc.

Valid from:

2/25/2014 1:00:00 AM

Valid to:

2/26/2015 12:59:59 AM

Subject:

CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata

Compilation timestamp:

8/18/2014 3:33:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:Jq5TfcdHj4fmbQ2qZnUm0G8eiLsxkG5NeQU+:JUTsamUxZyG87GDL

Entry address:

0x18D870

Entry point:

60, BE, 00, A0, 53, 00, 8D, BE, 00, 70, EC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

336 KB (344,064 bytes)

The file vlc media player 32 bit - chip-installer.exe has been seen being distributed by the following URL.

http://x.chip.de/intern/dl/?url=http://www.chip.de/.../?lastchange=070820141659&pid=chipde&cid=54384361&euid=9bfc2723b4c10f0aab303161&source=BLUB2&browser=chrome

Remove vlc media player 32 bit - chip-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.