» chroimner.exe
Overview
Analysis
File Details
Network (1)

chroimner.exe

Chromiun logging system

Hefei Hejunzhengce Info Tech Co., Ltd.

The application chroimner.exe by Hefei Hejunzhengce Info Tech Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising While running, it connects to the Internet address 8a.eb.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

chroimner.exe

Publisher:

CosoSystem (signed by Hefei Hejunzhengce Info Tech Co., Ltd.)

Product:

Chromiun logging system

Version:

1.7.9.0

MD5:

887c1fc51bd6dcc4c833edf5f7fd95f0

SHA-1:

5a7066d14c095472a2020a8890c01a2561e8a146

SHA-256:

02bf1816a06bb585aadc4470b53a2d7b5d689014020432f0a9ebf68823da24a2

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 11:35:56 AM UTC (today)

Scan engine

Detection

Engine version

Microsoft Security Essentials

SoftwareBundler:Win32/WinOptimizer

1.1.11502.0

Reason Heuristics

PUP.HefeiHejunzhengceInfoTechCo (M)

15.7.24.22

Trend Micro House Call

Suspicious_GEN.F47V0329

7.2.100

File size:

2.8 MB (2,970,712 bytes)

Product version:

1.7.9.0

CosoSystem

Trademarks:

CosoSystem

Original file name:

Chromiun logging system

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\chromium logging\g3\chroimner.exe

Digital Signature

Signed by:

Hefei Hejunzhengce Info Tech Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

3/5/2015 9:35:27 PM

Valid to:

12/29/2016 9:35:27 PM

Subject:

CN="Hefei Hejunzhengce Info Tech Co., Ltd.", O="Hefei Hejunzhengce Info Tech Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

3312D0B8D4D7941DF85AA59F134E7719

File PE Metadata

Compilation timestamp:

3/24/2015 6:06:39 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:2es6HTWv1S9w/pzQYY/qo5ZAVQjnBQkorodFV0vTLoXo:2epH2/iY+qkoroHico

Entry address:

0x229738

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, A4, D6, 61, 00, E8, 1B, 29, DE, FF, A1, 14, 1B, 63, 00, 8B, 00, 80, 78, 38, 00, 74, 10, A1, 14, 1B, 63, 00, 8B, 00, E8, 5E, 57, EE, FF, 84, C0, 74, 0C, A1, 14, 1B, 63, 00, 8B, 00, 8B, 10, FF, 52, 44, 8B, 0D, 88, 15, 63, 00, A1, 14, 1B, 63, 00, 8B, 00, 8B, 15, 84, D1, 61, 00, 8B, 18, FF, 53, 40, A1, 14, 1B, 63, 00, 8B, 00, 8B, 10, FF, 52, 48, 5B, E8, 1C, DF, DD, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5148

Developed / compiled with:

Microsoft Visual C++

Code size:

2.2 MB (2,262,016 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 8a.eb.6132.ip4.static.sl-reverse.com (50.97.235.138:80)

Remove chroimner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.