vlc media player 64 bit - chip-installer.exe

CHIP Digital GmbH

The application vlc media player 64 bit - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
CHIP Digital GmbH  (signed and verified)

Description:
CHIP Secured Installer

Version:
1.1.0.0

MD5:
7f90d8e89035347ecb318834f24e610e

SHA-1:
9137505590c3eb2719a82417800a9a9d9e34ec9b

SHA-256:
8923b8bc440f0e3fcdca23087027919d7ab3c0e054220287907f4febd3d6ba0c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 2:56:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ChipDigital.Bundler (M)
16.8.11.2

File size:
1.1 MB (1,197,344 bytes)

Product version:
1.1.0.0

Copyright:
Copyright © 2015 Chip Digital GmbH

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\vlc media player 64 bit - chip-installer.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
1/7/2015 1:00:00 AM

Valid to:
2/24/2016 1:00:00 PM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=München, S=Bavaria, C=DE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01A0C3E3BC069F71B464AAD34063E209

File PE Metadata
Compilation timestamp:
5/26/2015 10:58:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Eq5TfcdHj4fmbj2qc0MmV0VMXAJYoupGeMJ2Jordss4t:EUTsamPxXowvord2

Entry address:
0x1A5890

Entry point:
60, BE, 00, 20, 55, 00, 8D, BE, 00, F0, EA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
336 KB (344,064 bytes)

The file vlc media player 64 bit - chip-installer.exe has been seen being distributed by the following URL.

Remove vlc media player 64 bit - chip-installer.exe - Powered by Reason Core Security