» chrome.exe
Overview
Analysis
File Details
Behaviors (1)

chrome.exe

ar_9_8_J_X_B_G_r_Q_

aC_V_X_M_O_Q_O_

The executable chrome.exe has been detected as malware by 23 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘HKCU’.

File name:

chrome.exe

Publisher:

aC_V_X_M_O_Q_O_

Product:

ar_9_8_J_X_B_G_r_Q_

Description:

ae_4_v_i_A_

Version:

14.19.24.96

MD5:

367bd99f981f9ac1a0811001b0729b61

SHA-1:

62f83ddea168e10fed0d203cc0d6c2b036bb6aa1

SHA-256:

547b7f3b1e536e71e5fe0d791f98bb932e40d84a1c5a07e0e8b7a97a7e35c394

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/18/2024 11:20:19 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.317289

1022

Avira AntiVirus

TR/Dropper.Gen2

7.11.143.196

AVG

MSIL3

2015.0.3500

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.14419

Bitdefender

Gen:Variant.Kazy.317289

1.0.20.545

Comodo Security

TrojWare.MSIL.Injector.CKE

18113

Dr.Web

Win32.HLLW.Autoruner2.1821

9.0.1.0109

Emsisoft Anti-Malware

Gen:Variant.Kazy.317289

8.14.04.19.02

ESET NOD32

MSIL/Injector.CKR (variant)

8.9683

Fortinet FortiGate

MSIL/Injector.BFQ!tr

4/19/2014

F-Secure

Gen:Variant.Kazy.317289

11.2014-19-04_7

G Data

Gen:Variant.Kazy.317289

14.4.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

Kaspersky

Trojan.Win32.Xtrat

14.0.0.3994

Malwarebytes

Trojan.MSIL.UL

v2014.04.19.02

McAfee

Trojan-FDUD!367BD99F981F

5600.7156

Microsoft Security Essentials

TrojanDownloader:MSIL/Ranos.A

1.10501

MicroWorld eScan

Gen:Variant.Kazy.317289

15.0.0.327

NANO AntiVirus

Trojan.Win32.Disfa.cwbhis

0.28.0.59288

Panda Antivirus

Generic Malware

14.04.19.02

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.FakeIcon!1.64A5

23.00.65.14417

VIPRE Antivirus

Backdoor.MSIL.Bladabindi.a

28280

File size:

83 KB (84,992 bytes)

Product version:

14.19.24.96

Trademarks:

a3_h_D_H_n_D_K_h_u_P_

Original file name:

2.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

4/12/2014 8:05:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:vvDv7I5jZsDJFSh4dh7fN39PLDrssHlospOEBXCd4cqAJUqaGjz/xobfKWnZKmnI:vI5Fu9d9LDBHlEEmqAJUqtWZnZ10

Entry address:

0x15DBE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.6205

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

80 KB (81,920 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HKCU

Command:

C:\adel\chrome.exe

Remove chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.