home

vlc media player 64 bit - chip-downloader.exe

OCSClient

ThinkLABs Ltd. & Co. KG

The application vlc media player 64 bit - chip-downloader.exe by ThinkLABs & Co. KG has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Chip Digital OCSClient installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
www.download-sponsor.de  (signed by ThinkLABs Ltd. & Co. KG)

Product:
OCSClient

Version:
1.00

MD5:
b2d4a198fe48f8ee687dd3ebc62ec7f0

SHA-1:
a8bc39662771b65bc3f3164a836fe481969e3c8c

SHA-256:
2f8de3b98132b79cbc8b3d1d688ec8f4f65b89566eb07f817a49a5b17ea4da18

Scanner detections:
9 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 11:44:11 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.163.164

AVG
Win.Threat.Medium
2014.0.3986

Dr.Web
Adware.Downware.2124
9.0.1.05190

ESET NOD32
Win32/DownloadSponsor.A potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.181.12819

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14721

Vba32 AntiVirus
Downware.VB.AndreClient
3.12.26.3

VIPRE Antivirus
Threat.4791934
31208

File size:
602.8 KB (617,312 bytes)

Product version:
1.00

Copyright:
Copyright @ www.download-sponsor.de

Original file name:
ocsclient.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Chip Digital OCSClient

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vlc media player 64 bit - chip-downloader.exe

Digital Signature
Signed by:
ThinkLABs Ltd. & Co. KG

Authority:
Thawte, Inc.

Valid from:
11/19/2012 1:00:00 AM

Valid to:
11/20/2013 12:59:59 AM

Subject:
CN=ThinkLABs Ltd. & Co. KG, O=ThinkLABs Ltd. & Co. KG, L=Pfarrkirchen, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
07887F9E890968F4282F5DDADFFE84E7

File PE Metadata
Compilation timestamp:
6/5/2013 4:20:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:g7lw1DxojpVLfX9r5blkNQaF7ysgfBnnl2v:g7m1DGbJrllkaaF7ysgpnncv

Entry address:
0x1620

Entry point:
68, 08, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, BF, B3, 34, EC, E7, D7, 38, 49, A5, 76, 6C, 85, DF, 01, 4F, F5, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, F9, D8, 5C, 9D, 6F, F5, D6, 4B, 84, 05, 45, 15, E5, 71, BE, 01, 37, 44, 67, 67, F6, 4E, 9C, 46, 90, F6, BE, 24, C9, 50, 34, 0B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
96 KB (98,304 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.