» {55eb45d3-8168-447f-b185-294070ca9dae}
Overview
Analysis
File Details

{55eb45d3-8168-447f-b185-294070ca9dae}

COMPUTER BILD Digital GmbH

The file {55eb45d3-8168-447f-b185-294070ca9dae} by COMPUTER BILD Digital GmbH has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the Covus installer.

File name:

Publisher:

COMPUTER BILD Digital GmbH (signed and verified)

MD5:

a81f2bd122d15df9340cfb597f00b0dc

SHA-1:

98f1c6c0180f8e2e5e5be70ece6fb532a1d72051

SHA-256:

8ac81f8c0d12e64237a960337a030a4ee84d8d11ae7008d5bd9d3d07d9829952

Scanner detections:

12 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/6/2024 1:00:15 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3148

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.DownloadGuide.AK

22026

Dr.Web

Adware.Downware.10580, Adware.Downware.9982

9.0.1.095

ESET NOD32

Win32/DownloadGuide.D potentially unwanted application

9.7.0.302.0

G Data

Win32.Application.Downloadguide

15.7.25

herdProtect (fuzzy)

variant of no23recorder_cb-dl-manager.exe (PUP)

2015.7.9.10

K7 AntiVirus

Unwanted-Program

13.203.15826

NANO AntiVirus

Trojan.Win32.DownloadHelper.dounzy

0.30.24.1357

Reason Heuristics

PUP.Bundler.Covus

15.4.5.11

Vba32 AntiVirus

Downloader.DownloadHelper

3.12.26.3

Zillya! Antivirus

Downloader.DownloadHelper.Win32.34

2.0.0.2168

File size:

581.9 KB (595,872 bytes)

Bundler/Installer:

Covus

Language:

English (United States)

Digital Signature

Signed by:

COMPUTER BILD Digital GmbH

Authority:

Thawte, Inc.

Valid from:

9/10/2014 2:00:00 AM

Valid to:

9/10/2016 1:59:59 AM

Subject:

CN=COMPUTER BILD Digital GmbH, O=COMPUTER BILD Digital GmbH, L=Hamburg, S=Hamburg, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

422F8132724CEFCA5F32674D2C10C12B

File PE Metadata

Compilation timestamp:

3/5/2015 4:05:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:97EydAdFaHP7ka1l0KF0uq0cXutlzzFHLZ8vL6/dZoPZAsPycViEbVT:hDdAd0HIa1l0KF0uq0cXutRzFHLZZdZg

Entry address:

0x269FA

Entry point:

E8, A8, 74, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, C2, 14, 00, 00, 6A, 16, 5E, 89, 30, E8, 66, 14, 00, 00, 8B, C6, E9, 8F, 00, 00, 00, 57, 39, 5D, 08, 77, 13, E8, A6, 14, 00, 00, 6A, 16, 5E, 89, 30, E8, 4A, 14, 00, 00, 8B, C6, EB, 75, 33, C9, 39, 5D, 10, 88, 1E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 83, 14, 00, 00, 6A, 22, EB, DB, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C9, 8B, CE, 39, 5D, 10, 74, 0B, 33, DB, 43, C6, 06, 2D, 8D, 4E, 01, F7, D8, 8B, F9... 
[+]

Code size:

370 KB (378,880 bytes)

Remove {55eb45d3-8168-447f-b185-294070ca9dae} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.