5f5b877dfac2a4ec5af890f33d7801c6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Feb-02 12:45:32
Debug artifacts C:\CHIP\Rel2\dmr\DMR\obj\Debug\DMR.pdb
Comments Presetup for Content Online
CompanyName Chip Digital GmbH
FileDescription CHIP Secured Installer
FileVersion 3.0.0.7
InternalName DMR.exe
LegalCopyright Copyright © 2020 Chip Digital GmbH
LegalTrademarks CHIP Secured Installer
OriginalFilename DMR.exe
ProductName CHIP Secured Installer
ProductVersion 3.0.0.7
Assembly Version 3.0.0.7

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ 8.0
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • rundll32.exe
 Contains references to internet browsers:
  • chrome.exe
  • firefox.exe
  • iexplore.exe
 Accesses the WMI:
  • root\Security
 Contains domain names:
  • api2.chip-secured-download.de
  • burda-tagging.com
  • chip-installer.burda-tagging.com
  • chip-secured-download.de
  • download.de
  • downloads.focus.de
  • focus.de
  • http://api2.chip-secured-download.de
  • http://api2.chip-secured-download.de/brandmachine
  • http://api2.chip-secured-download.de/dotnet/com
  • http://api2.chip-secured-download.de/downloaderContent/afterdl.php
  • http://api2.chip-secured-download.de/downloaderContent/progress.php?pid
  • http://api2.chip-secured-download.de/geoip/geoip.php?ip
  • http://api2.chip-secured-download.de/newbrandmachine
  • http://api2.chip-secured-download.de/tos/OCSagb-branded.php?pid
  • http://api2.chip-secured-download.de/track/uac.php?clientid
  • http://www.chip.de
  • http://www.chip.de/s_specials/Datenschutz-CHIP-Online_45829526.html
  • http://www.chip.de/secured-installer-support/faq
  • http://www.chip.de/secured-installer-support/faq?pid
  • http://www.chip.de/secured-installer-support/feedback?t
  • https://chip-installer.burda-tagging.com
  • https://chip-installer.burda-tagging.com/v1/inference
  • https://search.chip.de
  • https://search.chip.de/?q
  • https://www.chip.de
  • https://www.chip.de/downloads/?icp2
  • https://www.downloads.focus.de
  • installer.burda-tagging.com
  • paint.net
  • search.chip.de
  • secured-download.de
  • tagging.com
  • www.chip.de
  • www.downloads.focus.de
Suspicious Unusual section name found: .sdata
Info The PE is digitally signed. Signer: CHIP Digital GmbH
Issuer: Symantec Class 3 Extended Validation Code Signing CA - G2
Malicious VirusTotal score: 36/68 (Scanned on 2021-08-18 13:19:07) McAfee: Artemis!5F5B877DFAC2
Cylance: Unsafe
K7AntiVirus: Adware ( 004b8e971 )
K7GW: Adware ( 004b8e971 )
Cyren: W32/Application.TEOW-2838
Symantec: PUA.DownloadSponsor
ESET-NOD32: a variant of Win32/DownloadSponsor.C potentially unwanted
ClamAV: Win.Dropper.Miner-7086571-0
Kaspersky: not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen
Alibaba: Downloader:MSIL/Generic.aa3b6f63
NANO-Antivirus: Riskware.Win32.DownloadSponsor.iiybgh
ViRobot: Adware.Downloadsponsor.482040
Rising: PUF.DownloadSponsor!1.BE33 (CLASSIC)
Emsisoft: Application.AdLoad (A)
Comodo: ApplicUnwnt@#3mfep1rhn46ci
DrWeb: Adware.Covus.101
TrendMicro: PUA.MSIL.DownloadSponsor.SMDR
McAfee-GW-Edition: BehavesLike.Win32.Generic.gh
Sophos: Generic ML PUA (PUA)
SentinelOne: Static AI - Suspicious PE
Jiangmin: Downloader.MSIL.qbu
Webroot: W32.Adware.Gen
eGambit: Unsafe.AI_Score_99%
Antiy-AVL: Trojan/Generic.ASCommon.ED
Gridinsoft: PUP.Downloader.dd!c
Microsoft: PUA:Win32/DownloadSponsor
SUPERAntiSpyware: PUP.Downloader/Variant
GData: MSIL.Application.DownloadSponsor.U
AhnLab-V3: Malware/Gen.RL_Reputation.C4316742
VBA32: TScope.Trojan.MSIL
MAX: malware (ai score=99)
Malwarebytes: PUP.Optional.ChipDe
Panda: PUP/DownloadAssistant
TrendMicro-HouseCall: PUA.MSIL.DownloadSponsor.SMDR
MaxSecure: Downloader.MSIL.DownloadSponsor.gen
Fortinet: Riskware/DownloadSponsor

Hashes

MD5 5f5b877dfac2a4ec5af890f33d7801c6
SHA1 24efb81d89aeda0c573e12797089f0e40c189747
SHA256 5c3022d3cedd37473e7fa598742ca27da5b07c1e658a801cc64686f2e1fcb729
SHA3 360fdfac6c37a54772ffee3e7113901f78a55efa184b19797ef42b790717ab11
SSDeep 6144:PjYcDGi+omluvZgOyRd640Wo89YoMCNzfZ7rjvveM///nM/hnmjgFXBYyvlx32aI:PdKoRgOyRd83oztIRtl17C
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2021-Feb-02 12:45:32
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 11.0
SizeOfCode 0x71e00
SizeOfInitializedData 0x1e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00073D1E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x74000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x7a000
SizeOfHeaders 0x400
Checksum 0x7fa97
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3297dac21eaaa3d741a2f6679d569805
SHA1 9db460901ec0341342a0650a98483fdd5ae552c7
SHA256 2ca817854fb4e0ed7b2bb75c253153734e59fef46db049da3d0fdefd27306a1d
SHA3 32eda1cd92efa61bb448096740991b6f1a5b82206d02f87d53f40c05a9f15627
VirtualSize 0x71d24
VirtualAddress 0x2000
SizeOfRawData 0x71e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.24515

.sdata

MD5 2bf416025ebe076c989df7d562516a54
SHA1 488cff7985f8570014cbf3d3095da9cf7efcd668
SHA256 ea0de02a58db0924ee6ea63372c8abe149b63911103681dad552b614e6d2b7e0
SHA3 82dd8a16575e86ad7212ef9e6f8f65b0037d9f8cc9f32e3f7e386326e12ba322
VirtualSize 0x138
VirtualAddress 0x74000
SizeOfRawData 0x200
PointerToRawData 0x72200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.31696

.rsrc

MD5 b3aef5806a1232f927b6b166a868652d
SHA1 5c9a781062b6024cca68fff9ed855f929244234f
SHA256 d63732e71ce8becc9c7014edec57ff9f9f5546a18fd18b7d2ede11c9b9f67848
SHA3 4ad8d01a7aa8c0b3e76d3479a058c90f4809bb52481bae325743fe73b49998ad
VirtualSize 0x18a8
VirtualAddress 0x76000
SizeOfRawData 0x1a00
PointerToRawData 0x72400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.02395

.reloc

MD5 d859aaeedc500ef7424c69793e7f7521
SHA1 86c0228b7893968c7cc0a476b5c766d1c7e6a59f
SHA256 5145a364da345fb1b4eee49738a3160f4c765888f68317c83e8993375dc6c233
SHA3 69eaac1ee3e7b27493d85a708228a44dabf0af129b88bdee82d3a1d3da40b8d3
VirtualSize 0xc
VirtualAddress 0x78000
SizeOfRawData 0x200
PointerToRawData 0x73e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x64a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.8038
Detected Filetype PNG graphic file
MD5 1fda60fc6265618a05ced260ddad49fd
SHA1 cf6004e9316476520949513979adf7a49db5b528
SHA256 f10aed49216e216123a94f255553562de3e469238966255a1e246e0e611dc2e0
SHA3 b37f80bb23b584903d360913b5748a918d97ee2c1218c575510f17015931b77b

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 fa77a0b4f508895de7ca53261015dd34
SHA1 3d445631f350b71990d2e3313d64bbfcca4196e8
SHA256 89dfce28e39f4cfa07836e10ab88246c8ee7e1054705376f650cecc38d6d0a52
SHA3 5ebe2d8588f79591e5d1e705597644bf971a7e5a8e41af926819b4553e892852

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x3e0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.3806
MD5 5a31bb3d5ff48fe579e035fcfe695343
SHA1 4f531a020b0f5effc3a7b46c9e8f455a6e6b087d
SHA256 de6cbf9b9997f3230159ca21e48cf85c6560215ef5e1ac17d22e3f8c4fadfda0
SHA3 22579797bfad4df0381cc1e70ec92f3d636f7a87cb700ddb366283b622032026

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xd2d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07382
MD5 73c8c0c8e18c2a941d545d9695cd602a
SHA1 79a257c4e6adf2a0c629d2f279b8eb656df7345a
SHA256 6491bc9831f9c65eddf5ee7b41edfd2395149c41dc41d195448eac1f0b13124c
SHA3 07a7ac04e8146a2ef5b09b3e5b2e983c9f551d295962caa08ca9b82cd85d2b44

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.0.0.7
ProductVersion 3.0.0.7
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Presetup for Content Online
CompanyName Chip Digital GmbH
FileDescription CHIP Secured Installer
FileVersion (#2) 3.0.0.7
InternalName DMR.exe
LegalCopyright Copyright © 2020 Chip Digital GmbH
LegalTrademarks CHIP Secured Installer
OriginalFilename DMR.exe
ProductName CHIP Secured Installer
ProductVersion (#2) 3.0.0.7
Assembly Version 3.0.0.7
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2021-Feb-02 12:45:32
Version 0.0
SizeofData 284
AddressOfRawData 0x7401c
PointerToRawData 0x7221c
Referenced File C:\CHIP\Rel2\dmr\DMR\obj\Debug\DMR.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors