home

chrome.exe

Internet App

The executable chrome.exe, “Internet App Setup ” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from tmpfile1578.s3.amazonaws.com.
Product:
Internet App

Description:
Internet App Setup

Version:
3.4.5.2

MD5:
7d0a61165a5ba27c09e828b683889893

SHA-1:
73c78005c2b0a36bc9d8704ba4b61497bab36046

SHA-256:
c957e4bbc99a30566e422243b27ffb16f4c600312d483fbb8f915519ebb09d82

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
4/29/2024 8:34:14 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160215-2

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6352.0

VIPRE Antivirus
Threat.4721115
47240

File size:
1 MB (1,071,000 bytes)

Product version:
1.4.3

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\chrome.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:TsZArVxCQj3xV1tQ7iUgkFKk0x0fo+aun7ifaxGa9QSp:T+2j3xVfYiU7FS0f9au7EaAa9QM

Entry address:
0xA5F8

Entry point:
60, 0F, C0, F4, 69, C5, 16, 5E, 82, 6A, D3, D1, 0F, C0, CE, 28, DC, 0F, AC, DD, 70, F6, C0, 33, 0F, BB, D5, 84, E3, 69, FD, 5A, D4, 07, 15, 0F, C1, C0, E8, 34, 00, 00, 00, 8B, CB, 89, D0, B9, 39, 91, 06, 0E, F6, C7, 48, 0F, BF, CD, 0F, B3, C9, 8D, 06, 89, F1, F2, 8A, CC, C6, C5, 75, D2, C6, BD, 00, 00, 00, 00, EB, 02, D2, CD, 8B, E8, 81, E3, 71, 54, 0B, AB, FF, C1, 0F, C1, FB, 5E, 0F, A5, F9, 21, CA, 2A, D9, 0F, A4, FF, E9, 4A, 0F, A5, FB, 69, C2, 1B, 5C, 0B, 57, 88, D5, D1, D3, 0F, BB, C0, 0F, B3, F9, 0F...
 
[+]

Entropy:
7.9375  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file chrome.exe has been seen being distributed by the following URL.

https://tmpfile1578.s3.amazonaws.com/download77/ic_trackings/253816/.../chrome.exe

Remove chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.