vlc-media-player-32-bit.exe

CHIP Digital GmbH

The application vlc-media-player-32-bit.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
CHIP Digital GmbH  (signed and verified)

Description:
CHIP Secured Installer

Version:
1.1.6.3

MD5:
8d752e22235644a53aa2f4abf9c0ed0c

SHA-1:
c31e209a0af81836c949ed3c933f09bf406f30d2

SHA-256:
2846c5dad28fa2870b7f1174a9f7b2e82330e9d6c44d4cecb7a989df90c453d4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 9:54:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ChipDigital.Bundler (M)
17.3.16.9

File size:
1.4 MB (1,475,104 bytes)

Product version:
1.1.6.3

Copyright:
Copyright © 2016 Chip Digital GmbH

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\vlc-media-player-32-bit.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/29/2015 12:00:00 PM

Valid to:
6/29/2016 11:59:59 AM

Subject:
CN=CHIP Digital GmbH, OU=Download Development, O=CHIP Digital GmbH, STREET=St.-Martin-Straße 66, L=München, S=Bayern, PostalCode=81541, C=DE

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2A68C822ECB5BBB6F677B31B69C07F78

File PE Metadata
Compilation timestamp:
3/24/2016 2:19:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x1E8900

Entry point:
60, BE, 00, 50, 59, 00, 8D, BE, 00, C0, E6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.1530

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
336 KB (344,064 bytes)

Remove vlc-media-player-32-bit.exe - Powered by Reason Core Security