home

vlc media player 64 bit - chip-installer.exe

CHIP Digital GmbH

The application vlc media player 64 bit - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
CHIP Digital GmbH  (signed and verified)

Description:
CHIP Secured Installer

Version:
1.0.0.0

MD5:
7c14521374855f1c31f841116bc3fba4

SHA-1:
5b1d8aef6f26b3e919c5738c25c55b9053cab927

SHA-256:
d5a1484231f865f68748eda0c8fe1971dc94deb0599a0d7fddb9671e60f6e2a1

Scanner detections:
25 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 1:35:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1602076
885

avast!
Win32:Adware-BLN [Adw]
2014.9-140902

Baidu Antivirus
Adware.Win32.Illyx
4.0.3.1492

Bitdefender
Trojan.GenericKD.1602076
1.0.20.1225

Comodo Security
ApplicUnwnt
18107

Dr.Web
BackDoor.Cybergate.1
9.0.1.0245

Emsisoft Anti-Malware
Trojan.GenericKD.1602076
8.14.09.02.07

ESET NOD32
Win32/GameTool.BB
8.9603

Fortinet FortiGate
W32/FrauDrop.ADJIS!tr
9/2/2014

F-Secure
Trojan.GenericKD.1602076
11.2014-02-09_3

G Data
Trojan.GenericKD.1602076
14.9.24

IKARUS anti.virus
Trojan-Dropper.Win32.FrauDrop
t3scan.2.2.29

K7 AntiVirus
Riskware
13.176.11584

Kaspersky
Trojan-Dropper.Win32.FrauDrop
14.0.0.3311

Malwarebytes
Trojan.Inject.RRE
v2014.09.02.07

McAfee
Artemis!37BD65F12E99
5600.7019

MicroWorld eScan
Trojan.GenericKD.1602076
15.0.0.735

Norman
Suspicious_Gen4.FXLPV
11.20140902

nProtect
Trojan.GenericKD.1602076
14.03.27.01

Qihoo 360 Security
Win32/Trojan.Dropper.0c3
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.2.19

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R00UH07C914
7.2.245

Vba32 AntiVirus
TrojanPSW.Ruftar
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27776

File size:
1.1 MB (1,101,648 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014 Chip Digital GmbH

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\vlc media player 64 bit - chip-installer.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
Thawte, Inc.

Valid from:
2/25/2014 1:00:00 AM

Valid to:
2/26/2015 12:59:59 AM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata
Compilation timestamp:
8/18/2014 3:33:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:0q5TfcdHj4fmbQ2qZCUm0G8eiLsxkG5NeQU8:0UTsamUxZBG87GDJ

Entry address:
0x18D870

Entry point:
60, BE, 00, A0, 53, 00, 8D, BE, 00, 70, EC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
336 KB (344,064 bytes)

Remove vlc media player 64 bit - chip-installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.