dmr_72.exe

CHIP Secured Installer

CHIP Digital GmbH

The application dmr_72.exe by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. While running, it connects to the Internet address ocs1.chdi-server.de on port 8080.
Publisher:
CHIP Digital GmbH  (signed and verified)

Product:
CHIP Secured Installer

Description:
DMR

Version:
1.1.5.6

MD5:
25bbe781403dbd685377647a982df817

SHA-1:
5b5ea2f5cec496f99d245a68c884c09f5849e037

SHA-256:
ca718f45191351cdda8ed5ca2c8074c899d32837dd019d325c72e4123b5edbfc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 2:48:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.Covus.Bundler.Meta
15.11.26.12

File size:
504.3 KB (516,384 bytes)

Product version:
1.1.5.6

Copyright:
Copyright © 2015 Chip Digital GmbH

Trademarks:
CHIP Secured Installer

Original file name:
DMR.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dmr_72.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
1/7/2015 1:00:00 AM

Valid to:
2/24/2016 1:00:00 PM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=München, S=Bavaria, C=DE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01A0C3E3BC069F71B464AAD34063E209

File PE Metadata
Compilation timestamp:
11/24/2015 1:38:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:eCjhHmf4rVpiakv93Jro0zOFJ2+l9AlstfWET1w:Vl/piakl3Jro0zQJ9TtD1w

Entry address:
0x7B4FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
485.5 KB (497,152 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www1.chdi-server.de  (176.9.97.244:80)

TCP (HTTP):
Connects to www2.chdi-server.de  (5.9.198.83:80)

TCP (HTTP SSL):
Connects to ocs2.chdi-server.de  (5.9.116.27:443)

TCP (HTTP):
Connects to ocs3.chdi-server.de  (5.9.176.3:80)

TCP (HTTP):
Connects to static.84.198.9.5.clients.your-server.de  (5.9.198.84:80)

TCP (HTTP):
Connects to www1.thinklabs-cluster.de  (148.251.198.118:80)

TCP (HTTP):
Connects to static.245.97.9.176.clients.your-server.de  (176.9.97.245:80)

TCP (HTTP SSL):
Connects to ocs1.chdi-server.de  (5.9.175.19:443)

TCP (HTTP):
Connects to www2.thinklabs-cluster.de  (148.251.198.119:80)

TCP (HTTP):
Connects to a95-101-82-9.deploy.akamaitechnologies.com  (95.101.82.9:80)

TCP (HTTP):
Connects to a95-101-82-32.deploy.akamaitechnologies.com  (95.101.82.32:80)

TCP (HTTP):
Connects to a95-101-82-24.deploy.akamaitechnologies.com  (95.101.82.24:80)

TCP (HTTP):
Connects to a92-123-180-179.deploy.akamaitechnologies.com  (92.123.180.179:80)

TCP (HTTP):
Connects to openx-farm.l3muc-b.cxo.name  (212.162.62.38:80)

TCP (HTTP):
Connects to a95-101-89-33.deploy.akamaitechnologies.com  (95.101.89.33:80)

TCP (HTTP):
Connects to a95-101-82-57.deploy.akamaitechnologies.com  (95.101.82.57:80)

TCP (HTTP):
Connects to a92-123-180-192.deploy.akamaitechnologies.com  (92.123.180.192:80)

TCP (HTTP):
Connects to a92-123-180-178.deploy.akamaitechnologies.com  (92.123.180.178:80)

TCP (HTTP):
Connects to a88-221-116-90.deploy.akamaitechnologies.com  (88.221.116.90:80)

TCP (HTTP):
Connects to a88-221-116-120.deploy.akamaitechnologies.com  (88.221.116.120:80)

Remove dmr_72.exe - Powered by Reason Core Security