minecraft server - chip-installer.exe

CHIP Digital GmbH

The application minecraft server - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from x.chip.de.
Publisher:
CHIP Digital GmbH  (signed and verified)

Description:
CHIP Secured Installer

Version:
2.0.6.0

MD5:
ceab5fb61a974b7ffdc243232f75acdc

SHA-1:
41203c59bfc8a338b438ab2923df5d3a21cd4759

SHA-256:
dd9af66cdec93e240bd4c7a3b6049a43fdd348d487ebeaf25abe8b7d8e132d5d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 2:02:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ChipDigital.Bundler (M)
16.8.11.5

File size:
1.4 MB (1,474,568 bytes)

Product version:
2.0.6.0

Copyright:
Copyright © 2016 Chip Digital GmbH

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\minecraft server - chip-installer.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/27/2016 1:00:00 AM

Valid to:
1/27/2017 12:59:59 AM

Subject:
CN=CHIP Digital GmbH, OU=Download Development, O=CHIP Digital GmbH, STREET=St.-Martin-Strasse 66, L=Munich, S=Bavaria, PostalCode=81541, C=DE

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B0564F3FBF54F6269517864BB24329FC

File PE Metadata
Compilation timestamp:
6/24/2016 2:16:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:hq5TfcdHj4fmb9Ve9l2qDK26wQzLMnUAFFIfHWEzKJ9TtrWgXiFurFtW0zQJ9Tte:hUTsamC9lx5FB5lFI5e

Entry address:
0x1E8900

Entry point:
60, BE, 00, 50, 59, 00, 8D, BE, 00, C0, E6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
336 KB (344,064 bytes)

The file minecraft server - chip-installer.exe has been seen being distributed by the following URL.

Remove minecraft server - chip-installer.exe - Powered by Reason Core Security