vdu_install_chrome.exe

Video Downloader Ultimate

Link64 GmbH

The application vdu_install_chrome.exe, “Updater [VideoDownloadUltimate]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from my.startpage24.com.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Video Downloader Ultimate

Description:
Updater [VideoDownloadUltimate]

Version:
1.0.1.2

MD5:
a3c35694b078d5c717190a0f7eca0dc4

SHA-1:
a33d741f559a699694a2cf03e9c8c23e0c537d68

SHA-256:
bbb44bef80a881edb9040cbb4c27a6cc353fb6dcf3a7fc08ede520d3adb4a9a2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/30/2024 11:28:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Link64GmbH.S
14.8.29.15

File size:
2.8 MB (2,979,448 bytes)

Product version:
1.0.1.2

Copyright:
(c) 2003-14 Link64 GmbH. All rights reserved.

Original file name:
vdu_install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vdu_install_chrome.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/20/2013 1:00:00 AM

Valid to:
3/23/2015 12:59:59 AM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
70B8C92A22236AF8064642CFE2790458

File PE Metadata
Compilation timestamp:
1/9/2014 1:46:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:p9QSoT1nO4IHZhIHSV5RdT0qB2vryU3rn0NYG5S32JMg8p/hTcB7ewticti2:p9QbIHZhEvR3oNYKVMPOF

Entry address:
0x5F13

Entry point:
E8, 7D, 70, 00, 00, E9, 17, FE, FF, FF, 8B, 44, 24, 04, A3, 1C, FF, 43, 00, C3, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, 00, E2, 43, 00, 33, C5, 89, 85, A4, 02, 00, 00, 56, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00, 00, 89, 95, 80, 00, 00, 00, 89, 5D, 7C, 89, 75, 78, 89, 7D, 74, 66, 8C, 95, A0, 00, 00, 00, 66, 8C, 8D, 94, 00, 00, 00, 66, 8C, 5D, 70, 66, 8C, 45, 6C, 66, 8C, 65, 68, 66, 8C, 6D, 64, 9C, 8F, 85, 98, 00, 00, 00, 8B, B5, AC, 02, 00, 00, 8D, 85, AC, 02, 00, 00, 89, 85, 9C, 00...
 
[+]

Code size:
192 KB (196,608 bytes)

The file vdu_install_chrome.exe has been seen being distributed by the following URL.

Remove vdu_install_chrome.exe - Powered by Reason Core Security