home

chrome-download.exe

Installer

Advertiso

The executable chrome-download.exe has been detected as malware by 27 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Advertiso

Product:
Installer

Version:
1.0.0.1

MD5:
dca808482c112a17ec71c85b10c16b0c

SHA-1:
37566dd585d16cea9b4797953df1a79e04d238f9

SHA-256:
dfc72067c71ac4c3f6522cf468b4d92344a2d88c9515442bde641734d841375b

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/19/2024 6:46:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.151493
834

Agnitum Outpost
Trojan.DR.Agent
7.1.1

Avira AntiVirus
TR/Graftor.151493.6
7.11.168.242

avast!
Win32:Malware-gen
2014.9-141024

Baidu Antivirus
Trojan.Win32.Dropper
4.0.3.141024

Bitdefender
Gen:Variant.Graftor.151493
1.0.20.1485

Dr.Web
Trojan.DownLoader11.25777
9.0.1.0297

Emsisoft Anti-Malware
Gen:Variant.Graftor.151493
8.14.10.24.05

Fortinet FortiGate
W32/Agent.LICL!tr
10/24/2014

F-Secure
Gen:Variant.Graftor.151493
11.2014-24-10_6

G Data
Gen:Variant.Graftor.151493
14.10.24

IKARUS anti.virus
Trojan-Dropper.Win32.Agent
t3scan.1.7.5.0

K7 AntiVirus
Riskware
13.183.13139

Kaspersky
Trojan-Dropper.Win32.Agent
14.0.0.3054

McAfee
Artemis!1D656250130A
5600.6968

MicroWorld eScan
Gen:Variant.Graftor.151493
15.0.0.891

NANO AntiVirus
Trojan.Win32.Agent.ddhtxs
0.28.2.61721

Panda Antivirus
Trj/Chgt.C
14.10.24.05

Qihoo 360 Security
Win32/Trojan.Dropper.b65
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.24.5

Rising Antivirus
PE:Trojan.Win32.Generic.17241928!388241704
23.00.65.141022

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047C0EHM14
7.2.297

Trend Micro
TROJ_GEN.R047C0EHM14
10.465.24

Vba32 AntiVirus
TrojanDropper.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32478

Zillya! Antivirus
Dropper.Agent.Win32.159266
2.0.0.1899

File size:
41.1 MB (43,055,616 bytes)

Product version:
1.0.0.1

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\chrome-download.exe

File PE Metadata
Compilation timestamp:
7/19/2014 3:35:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
786432:VYCHBB0aTbEECYqc7Hv/qWlk7T3NOZOJmJtuZ2:VHhNcE7qyHvfloZREJto2

Entry address:
0x18C97C

Entry point:
E8, E1, A2, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 30, 36, 63, 00, 75, 02, F3, C3, E9, C8, 38, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 69, 00, 00, 00, C7, 06, C0, 4E, 5F, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 0D, 00, 00, 00, C7, 06, C0, 4E, 5F, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, A0, 4E, 5F, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, A0, 4E, 5F...
 
[+]

Code size:
1.8 MB (1,864,192 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove chrome-download.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.