» vlc media player 64 bit - chip-installer.exe
Overview
Analysis
File Details

vlc media player 64 bit - chip-installer.exe

CHIP Digital GmbH

The application vlc media player 64 bit - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

Publisher:

CHIP Digital GmbH (signed and verified)

Description:

CHIP Secured Installer

Version:

1.0.2.1

MD5:

34c8407c8e6d16d33a8121013ff70a31

SHA-1:

3c89a1986fb336def51ebaa1a40e685a7cb66737

SHA-256:

c1a2fc46c422c27caf320bc88712c8d1615ee8782536476931120f7daec104e5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 11:39:09 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ChipDigital.Bundler.Covus.Installer.Meta (M)

16.2.15.4

File size:

1.1 MB (1,174,352 bytes)

Product version:

1.0.2.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\vlc media player 64 bit - chip-installer.exe

Digital Signature

Signed by:

CHIP Digital GmbH

Authority:

Thawte, Inc.

Valid from:

2/25/2014 1:00:00 AM

Valid to:

2/26/2015 12:59:59 AM

Subject:

CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata

Compilation timestamp:

11/27/2014 3:07:17 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:kq5TfcdHj4fmbS2qXQesjlDMBKDUIhAG+DVUYhQsIQv:kUTsamGxGURbUY2Y

Entry address:

0x19F890

Entry point:

60, BE, 00, C0, 54, 00, 8D, BE, 00, 50, EB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

336 KB (344,064 bytes)

Remove vlc media player 64 bit - chip-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.