» TubeBoxSetup_tubebox_org.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

TubeBoxSetup_tubebox_org.exe

TubeBox

Freemium GmbH

The application TubeBoxSetup_tubebox_org.exe by Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. This is the uninstaller utility registered in the Windows Control Panel for the program TubeBox by Freetec. This file is typically installed with the program TubeBox by Freetec Ltd..

File name:

Publisher:

Freetec (signed by Freemium GmbH)

Product:

TubeBox

Version:

4.0.26.0

MD5:

c846e3db46471df89fd9ea726dc32678

SHA-1:

81a5f6ce42f92fedd30816c30548767fa3c1ce03

SHA-256:

0a6ac9514c521838bc719fbe9ed176a43051326453b13700c65aede68bf824a8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/27/2024 4:42:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Covus.Freemium.Bundler (M)

16.4.19.12

File size:

419.6 KB (429,656 bytes)

Product version:

4.0.26.0

Original file name:

TubeBoxSetup_tubebox_org.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

English (United States)

Common path:

C:\ProgramData\package cache\{71a1e792-3da0-4644-b9c1-aa2378fc67e0}\tubeboxsetup_tubebox_org.exe

Digital Signature

Signed by:

Freemium GmbH

Authority:

GlobalSign nv-sa

Valid from:

2/13/2012 1:34:07 AM

Valid to:

2/13/2013 1:34:07 AM

Subject:

CN=Freemium GmbH, O=Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121252CF10F5361359FEF99CB5B54F17E94

File PE Metadata

Compilation timestamp:

9/3/2012 6:44:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:1Kbe2meV3IipMkHmCoj86wTBsLw7Vru4qaG6:TlE3FHmfgJsLoxfx

Entry address:

0x474B

Entry point:

E8, AC, 14, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 01, 15, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 55, 47, 40, 00, FF, 15, 7C, 11, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 84, 11, 40, 00, FF, 75, 08, FF, 15, 80, 11, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00... 
[+]

Entropy:

6.9838

Code size:

311.5 KB (318,976 bytes)

Program Uninstaller

Program name:

TubeBox

Display publisher:

Freetec

Display version:

4.0.26.0

Uninstall string:

"C:\ProgramData\Package Cache\{71a1e792-3da0-4644-b9c1-aa2378fc67e0}\TubeBoxSetup_tubebox_org.exe" /uninstall

The file TubeBoxSetup_tubebox_org.exe has been discovered within the following program.

TubeBox by Freetec Ltd.

Publisher's description - “The TubeBox facilitates video search many suppliers directly from the program. And finding your favorite videos is easier than on the video page itself, because you do not even need to restart the browser.”

tubebox.org

36% remove it

Remove TubeBoxSetup_tubebox_org.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.