» vlc media player 64 bit - chip-installer.exe
Overview
Analysis
File Details
Downloads (1)

vlc media player 64 bit - chip-installer.exe

CHIP Digital GmbH

The application vlc media player 64 bit - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from x.chip.de.

File name:

Publisher:

CHIP Digital GmbH (signed and verified)

Description:

CHIP Secured Installer

Version:

1.0.0.0

MD5:

9d45b5616b51f018f903fe9a336be357

SHA-1:

bf7709a0d08c51138190ca023b70f8f3554d65bc

SHA-256:

329689730ea55757513ccdcb59ab7ecfd201a4912d85b17b8dd86167a9f833f5

Scanner detections:

25 / 68

Status:

Potentially unwanted

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 10:28:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1602076

885

avast!

Win32:Adware-BLN [Adw]

2014.9-140902

Baidu Antivirus

Adware.Win32.Illyx

4.0.3.1492

Bitdefender

Trojan.GenericKD.1602076

1.0.20.1225

Comodo Security

ApplicUnwnt

18107

Dr.Web

BackDoor.Cybergate.1

9.0.1.0245

Emsisoft Anti-Malware

Trojan.GenericKD.1602076

8.14.09.02.03

ESET NOD32

Win32/GameTool.BB

8.9603

Fortinet FortiGate

W32/FrauDrop.ADJIS!tr

9/2/2014

F-Secure

Trojan.GenericKD.1602076

11.2014-02-09_3

G Data

Trojan.GenericKD.1602076

14.9.24

IKARUS anti.virus

Trojan-Dropper.Win32.FrauDrop

t3scan.2.2.29

K7 AntiVirus

Riskware

13.176.11584

Kaspersky

Trojan-Dropper.Win32.FrauDrop

14.0.0.3312

Malwarebytes

Trojan.Inject.RRE

v2014.09.02.03

McAfee

Artemis!37BD65F12E99

5600.7019

MicroWorld eScan

Trojan.GenericKD.1602076

15.0.0.735

Norman

Suspicious_Gen4.FXLPV

11.20140902

nProtect

Trojan.GenericKD.1602076

14.03.27.01

Qihoo 360 Security

Win32/Trojan.Dropper.0c3

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.2.15

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R00UH07C914

7.2.245

Vba32 AntiVirus

TrojanPSW.Ruftar

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

27776

File size:

1.1 MB (1,101,648 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\vlc media player 64 bit - chip-installer.exe

Digital Signature

Signed by:

CHIP Digital GmbH

Authority:

Thawte, Inc.

Valid from:

2/25/2014 1:00:00 AM

Valid to:

2/26/2015 12:59:59 AM

Subject:

CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata

Compilation timestamp:

8/18/2014 3:33:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:Uq5TfcdHj4fmbQ2qZjUm0G8eiLsxkG5NeQUc:UUTsamUxZuG87GDp

Entry address:

0x18D870

Entry point:

60, BE, 00, A0, 53, 00, 8D, BE, 00, 70, EC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

336 KB (344,064 bytes)

The file vlc media player 64 bit - chip-installer.exe has been seen being distributed by the following URL.

http://x.chip.de/intern/dl/?url=http://www.chip.de/.../?lastchange=070820141659&pid=chipde&cid=54504926&euid=721a82b8af885efa83ab6b46&source=BLUB2&browser=chrome

Remove vlc media player 64 bit - chip-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.