home

341b259f_stp.exe

Shan Feng

The application 341b259f_stp.exe by Shan Feng has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Install Service(ChromiumDL)”.
Publisher:
Shan Feng  (signed and verified)

MD5:
cb6222dc9de69688279fad066e9e6b95

SHA-1:
97fd241e557f34bf3dd6fd0ad40b1706a8a5c526

SHA-256:
8a66d10ad1e489ce1e84d2ac68163b692ea84a5b5977e1f63ec687c45955bd9d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
7/4/2025 10:28:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.8.1.10

File size:
372.9 KB (381,824 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\341b259f_stp.exe

Digital Signature
Signed by:
Shan Feng

Authority:
thawte, Inc.

Valid from:
8/1/2016 2:00:00 AM

Valid to:
2/4/2017 12:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4BFB4DF38F614EB4693F0E34CE19A156

File PE Metadata
Compilation timestamp:
8/1/2016 9:27:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:UZp9I1NPJSc2i3Mrab8ncbsZsggJ4PvbGtSOh9g0hsbHMJIlsGAO0jTWlY:UZH0Scq+BsZRg0vbcSpoCD2sY

Entry address:
0x20D51

Entry point:
D0, 55, 41, 00, 00, 9B, EF, 97, A8, 9A, CF, 48, B3, 5E, 12, 00, BB, 04, 97, 07, FB, 62, 00, 00, 00, 00, 34, 10, 33, 08, 63, BB, AC, 3E, 32, 80, AC, E2, 1A, 95, 03, A0, BD, 84, 02, C0, CF, B6, 91, 8A, A8, 90, 96, A8, EE, 7D, 81, 7C, A1, A4, D0, 73, B1, 9C, 9C, 80, 86, A0, A8, 9A, CF, 3D, 2B, 93, 63, 00, 00, 00, 00, EE, 36, 4B, 65, 7C, 01, 14, 61, 1C, 3A, 01, B1, 18, C2, 8B, C2, 02, DF, 2C, 00, 56, F5, 3D, B0, 19, AA, FF, 75, B5, 9C, 9C, 8D, 90, E4, 12, 91, 54, CE, 00, 00, 00, 00, C2, 8A, 33, 07, 8D, 5A, 00...
 
[+]

Code size:
260.5 KB (266,752 bytes)

Service
Display name:
Install Service(ChromiumDL)

Service name:
ChromiumDL

Description:
To ensure browser softwareinstallation is completed.This service uninstallsitself after browsersoftware installed.

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove 341b259f_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.