» tubebox_Setup_portale_de-DE.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

tubebox_Setup_portale_de-DE.exe

TubeBox

Immanitas Entertainment GmbH

The application tubebox_Setup_portale_de-DE.exe by Immanitas Entertainment GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program TubeBox by Freetec. This file is typically installed with the program TubeBox by Freetec Ltd..

File name:

Publisher:

Freetec (signed by Immanitas Entertainment GmbH)

Product:

TubeBox

Version:

4.3.0.0

MD5:

e15624f4b66c284981721d65f423da17

SHA-1:

3b9ef528790519d6ab694eedb3fb269e42a24250

SHA-256:

2d5594747b45f649fb2b6a80141a5c6f629729ef3914b1427386dd413c822fb0

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/15/2024 3:31:32 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.2.11.2

File size:

420 KB (430,120 bytes)

Product version:

4.3.0.0

Original file name:

tubebox_Setup_portale_de-DE.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\package cache\{dc6973cd-920d-498e-b275-eea04fbb3cf2}\tubebox_setup_portale_de-de.exe

Digital Signature

Signed by:

Immanitas Entertainment GmbH

Authority:

COMODO CA Limited

Valid from:

4/12/2013 2:00:00 AM

Valid to:

4/13/2014 1:59:59 AM

Subject:

CN=Immanitas Entertainment GmbH, O=Immanitas Entertainment GmbH, STREET=Ahornstrasse 14a, L=Velten, S=Brandenburg, PostalCode=16727, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C313F4D5A67152C438F618A43B60448D

File PE Metadata

Compilation timestamp:

12/24/2012 10:43:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x25D1C

Entry point:

E8, 1E, 1F, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, E8, 3E, 45, 00, 00, 74, 05, E9, 7E, 1F, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA... 
[+]

Code size:

218 KB (223,232 bytes)

Program Uninstaller

Program name:

TubeBox

Display publisher:

Freetec

Display version:

4.3.0.0

Uninstall string:

"C:\ProgramData\Package Cache\{dc6973cd-920d-498e-b275-eea04fbb3cf2}\tubebox_Setup_portale_de-DE.exe" /uninstall

The file tubebox_Setup_portale_de-DE.exe has been discovered within the following program.

TubeBox by Freetec Ltd.

Publisher's description - “The TubeBox facilitates video search many suppliers directly from the program. And finding your favorite videos is easier than on the video page itself, because you do not even need to restart the browser.”

tubebox.org

36% remove it

Remove tubebox_Setup_portale_de-DE.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.