avast-free-antivirus.exe

OCSClient

CHIP Digital GmbH

The application avast-free-antivirus.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Chip Digital OCSClient installer. The installer is marketed through download protals and search ads as the free AVAST Antivirus but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
CHIP Digital GmbH  (signed and verified)

Product:
OCSClient

Description:
CHIP Secured Installer

Version:
7.00

MD5:
872c1360231029c4954483172aad9263

SHA-1:
4f63d8ccdcbcc698965763f1991eebe42cafdf7d

SHA-256:
dc6dbc9e7ae67be7ef1f5bee9a6427a261799b574a00db4847a81fd14f073442

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 10:25:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ChipDigital.Bundler (M)
16.7.31.21

File size:
938.8 KB (961,360 bytes)

Product version:
7.00

Copyright:
Copyright © 2014 Chip Digital GmbH

Original file name:
ocsclient.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Chip Digital OCSClient

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\avast-free-antivirus.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/25/2014 12:00:00 AM

Valid to:
2/25/2015 11:59:59 PM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata
Compilation timestamp:
7/8/2014 3:40:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:d7lw1DxrNXeGQpnmSsR87RAie/kRRU7AAysgfBnnl2F:d7m1DPXeB7RAiej7AAysgpnncF

Entry address:
0x1684

Entry point:
68, 74, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, BE, 94, 86, 5E, 78, 67, 9E, 43, 9D, C2, E8, 8B, A9, F8, 76, C0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, 16, 1A, 2D, BC, FF, 5E, B7, 44, B2, 06, 38, F4, C1, 21, 31, 3B, C7, 14, 1B, 51, 28, 94, 81, 40, 89, 85, 2C, 1A, 60, AA, 65, 86, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.2424

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
100 KB (102,400 bytes)

The file avast-free-antivirus.exe has been seen being distributed by the following URL.

Remove avast-free-antivirus.exe - Powered by Reason Core Security