home

chrome.exe

Google Chrome

Google Inc

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GoogleChromeAutoLaunch’. This is installed with Google Chrome. The file has been seen being downloaded from mail-attachment.googleusercontent.com and multiple other hosts.
Publisher:
Google Inc.  (signed by Google Inc)

Product:
Google Chrome

Version:
33.0.1750.146

MD5:
026c4ca19fae1f84894a99735b15aaca

SHA-1:
d487d67e5e3760ca6710e821c46f00ecc563b81a

SHA-256:
65c530149d7dedf977e806521839b0d18fb62a5625ee796e3edf00c50d7a84f7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/19/2024 3:30:45 PM UTC  (today)

File size:
839.3 KB (859,464 bytes)

Product version:
33.0.1750.146

Copyright:
Copyright 2012 Google Inc. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\google\chrome\application\chrome.exe

Digital Signature
Signed by:
Google Inc

Authority:
VeriSign, Inc.

Valid from:
1/29/2014 12:00:00 AM

Valid to:
1/29/2016 11:59:59 PM

Subject:
CN=Google Inc, OU=Digital ID Class 3 - Java Object Signing, OU=Digital ID Class 3 - Java Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2912C70C9A2B8A3EF6F6074662D68B8D

File PE Metadata
Compilation timestamp:
3/2/2014 1:22:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:ysga5LoK4GIWO7EidHezg79Jf8X/T23K0xVdK7BOwvVy9Nwevwob/qyrdZsHG5Xa:yS+kkxwOwvVyIe4e7IHG0NLKPq/

Entry address:
0x47EF2

Entry point:
E8, 92, B3, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 54, 52, 46, 00, 57, FF, 35, 14, 54, 49, 00, FF, D6, FF, 35, 10, 54, 49, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE...
 
[+]

Code size:
399.5 KB (409,088 bytes)

4 Scheduled Tasks
Task name:
Chrome @ Startup

Trigger:
Logon (Runs on logon)

Task name:
Total Domination W1

Trigger:
Time (Next runs on 08.03.2014 at 15:05)

Action:
chrome.exe --app=httC:\pv.plarium.com\landing7?adcampaign=11

Task name:
Total Domination W2

Trigger:
Time (Next runs on 09.03.2014 at 15:05)

Action:
chrome.exe --app=httC:\pv.plarium.com\landing7?adcampaign=11

Task name:
Task_ShellExecuteAs

Trigger:
Registration (Runs on registration)

Action:
chrome.exe "httC:\www.gomplayer.jp\?utm_source=promo&utm_med


4 Shell Open Commands
Open type:
ftp

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
http

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
https

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
mailto

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"


15 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --no-startup-window

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DE91681B94C85234C815F17A7D194DBB5680A5F2._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
43EA598AC7A3145B476246EFDBFAF9F888878C76._service_run

Command:
"C:\users\{user}\appdata\local\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
C52CF77DF6CEBB470B60FC17A243D209E0FF34F7._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
4B4D2EFB93816F03AB128F55187FA45F5F0366AA._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service


4 Startup Files (User Run Once)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #2

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session "httC:\toolbar.avg.com\p-uninstall?cid={070b8b3c-9019-4ebb-9f81-b41bca1c74e0}&m

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #1

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session httC:\1-vinstaller.com\thankyou?&returncodeid=13&accountid=14333&campaignid=795

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #0

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session httC:\feed.snapdo.com\?publisher=snapdoopencandy&dpid=snapdoopencandy&co=eg&use

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #4

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- httC:\sitedirector.symantec.com\932743328\?ssdcat=299&lcid=1033&serviceid=81


Windows Firewall Allowed Program
Name:
C:\Program Files\Google\Chrome\Application\chrome.exe


The file chrome.exe has been discovered within the following programs.

Google Chrome  by Google Inc
Google Chrome is a free web browser developed by Google that uses the WebKit layout engine. It is designed to be secure, fast, simple and stable. Chrome supports plug-ins with the Netscape Plugin Application Programming Interface (NPAPI).
www.google.com/chrome
6% remove it
 
Powered by Should I Remove It?

The file chrome.exe has been seen being distributed by the following 3 URLs.

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=02558cb00d&view=att&th=144b7f538ab91386&attid=0.1&disp=safe&realattid=f_hsp1zg4t0&zw&saduie=AG9B_P-Z2e7eBOcbQfnBtf0x74Qs&sadet=1395246050174&sads=w5_yH1n1-y1UP7r06xoT_FFatEg&sadssc=1

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=02558cb00d&view=att&th=144b7f538ab91386&attid=0.1&disp=safe&realattid=f_hsp1zg4t0&zw&saduie=AG9B_P-Z2e7eBOcbQfnBtf0x74Qs&sadet=1395246050174&sads=w5_yH1n1-y1UP7r06xoT_FFatEg

https://mail.google.com/mail/u/.../?ui=2&ik=02558cb00d&view=att&th=144b7f538ab91386&attid=0.1&disp=safe&realattid=f_hsp1zg4t0&zw

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.