» TubeBoxSetup_brothersoft.exe
Overview
Analysis
File Details
Programs (1)

TubeBoxSetup_brothersoft.exe

TubeBox

Freemium GmbH

The file TubeBoxSetup_brothersoft.exe by Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. This file is typically installed with the program TubeBox by Freetec Ltd.. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Freetec (signed by Freemium GmbH)

Product:

TubeBox

Version:

4.0.26.0

MD5:

730481d0499c0e02dfc6d5d1afe5c66b

SHA-1:

9826462e9952ab3637027c08862a293696050b91

SHA-256:

d890cb818294bf8ad428f0349532f324a1a70e2447d8c585ae7e9b6226b41eeb

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

5/8/2024 6:10:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Covus.Freemium.Bundler (M)

16.5.25.2

File size:

419.6 KB (429,656 bytes)

Product version:

4.0.26.0

Original file name:

TubeBoxSetup_brothersoft.exe

Bundler/Installer:

Covus

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\del6838.tmp

Digital Signature

Signed by:

Freemium GmbH

Authority:

GlobalSign nv-sa

Valid from:

2/13/2012 10:34:07 AM

Valid to:

2/13/2013 10:34:07 AM

Subject:

CN=Freemium GmbH, O=Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121252CF10F5361359FEF99CB5B54F17E94

File PE Metadata

Compilation timestamp:

9/3/2012 3:44:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:jKbe2meV3IipMkHmCoj86wTBsLsfMKu4qaGx:NlE3FHmfgJsL4MKfA

Entry address:

0x474B

Entry point:

E8, AC, 14, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 01, 15, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 55, 47, 40, 00, FF, 15, 7C, 11, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 84, 11, 40, 00, FF, 75, 08, FF, 15, 80, 11, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00... 
[+]

Code size:

311.5 KB (318,976 bytes)

The file TubeBoxSetup_brothersoft.exe has been discovered within the following program.

TubeBox by Freetec Ltd.

Publisher's description - “The TubeBox facilitates video search many suppliers directly from the program. And finding your favorite videos is easier than on the video page itself, because you do not even need to restart the browser.”

tubebox.org

36% remove it

Remove TubeBoxSetup_brothersoft.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.