Freemium GmbH - 60% Detection Rate *

Did you just run into a download or a file on your computer that is digitally signed by Freemium GmbH? Some of the security products refers to the detected files as Gen:Variant.Application.Bundler.DownloadGuide.24 and W32.HfsAdware.C530. The detection rate for the Freemium GmbH files collected here is 60%. Please read on for more details.

You'll typically notice Freemium GmbH when double-clicking to run the file. The publisher name shows up as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where Freemium GmbH appears as the verified publisher in the UAC dialog

You can view additional details from the Freemium GmbH certificate with the following steps:

Open Windows Explorer and locate the Freemium GmbH file
Right-click on the file and select Properties
Click on the Digital Signatures tab
Click the View Certificate button

Here is a screenshot of a file signed by Freemium GmbH:

Screenshot of the Freemium GmbH certificate

As you can see in the screencap above, Windows reports that "This digital signature is OK". This means that the file has been published by Freemium GmbH and that the file has not been tampered with.

If you click the View Certificate button shown in the screenshot above, you can examine all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also examine the address for Freemium GmbH, such as the street name, city and country.

Go Daddy Secure Certificate Authority - G2 and COMODO RSA Code Signing CA has issued the Freemium GmbH certificates. You can also see the details of the issuer by clicking the View Certificate button shown in the screenshot above.

Freemium GmbH Files

The following are the Freemium GmbH files I have collected, thanks to the FreeFixer users.

Detection Ratio	File Name
3/56	tv.exe
27/56	download-audiograbber.exe
36/57	skat-peter-heinlein-9.5.1-setup.exe
30/57	setup-mediathekview.exe
39/67	download-lateinwoerterbuch.exe
43/69	svgview.exe
5/56	download-finaltorrent.exe
14/53	win-install_Microsoft Access_1.0.exe
3/58	download-vbtools.exe

Scanner and Detection Names

Here's the detection names for the Freemium GmbH files. I have grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

Scanner	Detection Names
AVG	Generic.B6A, Generic.9E1, Win32:BundlerX-gen [PUP]
AVware	DownloadSponsor (fs), Trojan.Win32.Generic!BT
Ad-Aware	Gen:Variant.Application.Bundler.DownloadGuide.24
AhnLab-V3	PUP/Win32.Generic.C1118821, PUP/Win32.DownloadGuide.R245289
Antiy-AVL	GrayWare[AdWare]/Win32.DownloadGuide.dd, RiskWare[Downloader]/Win32.DownloaderGuide.d
Arcabit	Trojan.Application.Bundler.DownloadGuide.24
Avast	Win32:BundlerX-gen [PUP]
BitDefender	Gen:Variant.Application.Bundler.DownloadGuide.24
Bkav	W32.HfsAdware.C530
CAT-QuickHeal	PUA.Freemiumgm2.Gen, PUA.Freemiumgm.Gen
ClamAV	Win.Malware.Downloadguide-6803841-0
Comodo	ApplicUnsaf.Win32.DownloadGuide.AZ, Application.Win32.DownloadGuide.A@7y5gwx
CrowdStrike	malicious_confidence_100% (D)
Cybereason	malicious.596977, malicious.52f518
Cylance	Unsafe
Cyren	W32/S-58b25de1!Eldorado, W32/S-e7937fa1!Eldorado
DrWeb	Adware.Downware.9662, Adware.Covus.49, Adware.ClickMeIn.9515, Adware.ClickMeIn.9588, Adware.Downware.10569
ESET-NOD32	a variant of Win32/DownloadGuide.D, a variant of Win32/DownloadGuide.D potentially unwanted
Emsisoft	Application.Downloader (A)
Endgame	malicious (high confidence)
F-Prot	W32/S-58b25de1!Eldorado, W32/S-e7937fa1!Eldorado
F-Secure	Gen:Variant.Application.Bundler
Fortinet	Riskware/DownloaderGuide
GData	Gen:Variant.Application.Bundler.DownloadGuide.24, Win32.Application.DownloadGuide.T
Ikarus	PUA.DownloadGuide
Invincea	trojandropper.win32.sventore.a, heuristic
Jiangmin	Downloader.DownloaderGuide.anu
K7AntiVirus	Unwanted-Program ( 004c20af1 ), Adware ( 004b92681 ), Unwanted-Program ( 004b51ac1 ), Unwanted-Program ( 004ceeee1 )
K7GW	Unwanted-Program ( 004c20af1 ), Adware ( 004b92681 ), Unwanted-Program ( 004b51ac1 ), Unwanted-Program ( 004ceeee1 )
Kaspersky	not-a-virus:Downloader.Win32.DownloaderGuide.pwj, not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen, not-a-virus:Downloader.Win32.DownloaderGuide.d
MAX	malware (ai score=77)
Malwarebytes	PUP.Optional.Freemium, Adware.Downloader
McAfee	Artemis!61141724651F, PUP-FXK
McAfee-GW-Edition	BehavesLike.Win32.Downloader.hh, BehavesLike.Win32.BrowseFox.hh
MicroWorld-eScan	Gen:Variant.Application.Bundler.DownloadGuide.24
Microsoft	PUA:Win32/DownloadGuide
NANO-Antivirus	Trojan.Win32.Covus.fcbadw, Trojan.Win32.Covus.fkfkjs
Panda	PUP/Multitoolbar
Qihoo-360	HEUR/QVM10.1.0000.Malware.Gen, Win32/Application.95d
Rising	Adware.DownloadGuide!1.A1DB, Malware.Heuristic!ET (rdm+), Adware.DownloadGuide!1.A1DB (CLASSIC), PE:Adware.DownloadGuide!1.A1DB [F]
SUPERAntiSpyware	PUP.Freemium/Variant, Adware.Downloader/Variant
SentinelOne	static engine - malicious
Sophos	Generic PUA AF (PUA)
Symantec	PUA.Downloader, SMG.Heur!gen
TrendMicro	TROJ_GEN.R047C0EIE16, PUA.Win32.DownGuide.SM
TrendMicro-HouseCall	TROJ_GEN.R047C0EIE16, PUA.Win32.DownGuide.SM
VBA32	BScope.Trojan.Agent, BScope.Downloader.DownloaderGuide, Downloader.DownloaderGuide
VIPRE	DownloadSponsor (fs), Trojan.Win32.Generic!BT
Webroot	Pua.Freemium
Yandex	PUA.Downloader!
Zillya	Adware.ClickMeInCRTD.Win32.2320
ZoneAlarm	not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen
eGambit	Unsafe.AI_Score_99%

* How the Detection Percentage is Calculated

The detection percentage is based on that I've gathered 8104 scan results for the Freemium GmbH files. 4828 of these scan results came up with some sort of detection. If you like, you can review the full details of the scan results by examining the files listed above.

Freemium GmbH - 60% Detection Rate *

Freemium GmbH Files

Scanner and Detection Names

* How the Detection Percentage is Calculated

Analysis Details

Comments

Leave a reply