chrome.exe

Google Chrome

Google Inc

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘27163E39237FCEEF4F39784AE33E72ADD6BE812F._service_run’. This is installed with Google Chrome. The file has been seen being downloaded from mg.mail.yahoo.com.
Publisher:
Google Inc.  (signed by Google Inc)

Product:
Google Chrome

Version:
35.0.1916.153

MD5:
a5fcd42334ccc682da1882a54338686c

SHA-1:
f585b9920cbc65655c68bab42657d4798fae12dd

SHA-256:
74c8b614672d1a7f0889243056ea4b3e03b5f66dfdfeff5dd6cc17dbe088d18f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/9/2016 4:44:44 AM UTC  (a few moments ago)

File size:
840.3 KB (860,488 bytes)

Product version:
35.0.1916.153

Copyright:
Copyright 2012 Google Inc. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\google\chrome\application\chrome.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/29/2014 1:00:00 AM

Valid to:
1/30/2016 12:59:59 AM

Subject:
CN=Google Inc, OU=Digital ID Class 3 - Java Object Signing, OU=Digital ID Class 3 - Java Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2912C70C9A2B8A3EF6F6074662D68B8D

File PE Metadata
Compilation timestamp:
6/5/2014 2:01:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:ST9WU9I6r98wLVlrmNERO43xuvgaPvm49XFjXGSuOHeZNSxSxIdzYbppj6BI94KC:STgul6FCR6yC6pe1Kl8Ym

Entry address:
0x4993B

Entry point:
E8, 24, AD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, 57, E8, 34, 76, 00, 00, 8B, F8, 89, 7E, 08, 8B, 57, 6C, 89, 16, 8B, 4F, 68, 89, 4E, 04...
 
[+]

Code size:
403.5 KB (413,184 bytes)

3 Scheduled Tasks
Task name:
Google Chrome

Path:
C:\WINDOWS\Tasks\Google Chrome.job

Trigger:
Boot (Runs on boot)

Task name:
Total Domination

Trigger:
Time

Action:
chrome.exe --app=httC:\totaldomination.com\en\landing\lp5_1?

Task name:
Total Domination t

Trigger:
Time

Action:
chrome.exe --app=httC:\totaldomination.com\en\landing\lp5_1?


4 Shell Open Commands
Open type:
ftp

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
http

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
https

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
mailto

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"


5 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
27163E39237FCEEF4F39784AE33E72ADD6BE812F._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
280268F194988B9D15788ADD913CE4CA3D68FC47._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run

Command:
"C:\users\{user}\appdata\local\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
F700B5D07FE047F68BCA1A147FA557AC0BA044D6._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --no-startup-window


4 Startup Files (User Run Once)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #0

Command:
C:\users\{user}\appdata\local\google\chrome\application\chrome.exe --register-pepper-plugins="C:\Program Files\tnt2\2.0.0.1760\pptnt2.dll;application\x-tnt2pp" --flag-switches-begin --flag-switches-end

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #1

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end -- httC:\www.filepuma.com\updates2\14

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #3

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- "httC:\www.shouldiremoveit.com\program.ashx?s=1&programhash=5a1affbdaedee6fe

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
ArcadeParlor806.000000

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -uninstall-extension=bifpegonkcooekdlmlfngpbifliiamoo


3 Windows Firewall Allowed Programs
Name:
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Name:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name:
C:\Program Files\Google\Chrome\Application\chrome.exe


The file chrome.exe has been discovered within the following programs.

Google Chrome  by Google Inc
Google Chrome is a free web browser developed by Google that uses the WebKit layout engine. It is designed to be secure, fast, simple and stable. Chrome supports plug-ins with the Netscape Plugin Application Programming Interface (NPAPI).
www.google.com/chrome
6% remove it
Google Chrome Frame  by Google Inc
Publisher's description - “Google Chrome Frame is a free plug-in for Internet Explorer. Some advanced web apps use Google Chrome Frame to provide you with additional features and better performance. Sites that utilize Google Chrome Frame become more responsive.”
www.google.com/chromeframe
12% remove it
 
Powered by Should I Remove It?

The file chrome.exe has been seen being distributed by the following URL.

https://mg.mail.yahoo.com/ya/download?m=YaDownload&mid=2_0_0_3_6851_AFK/.../7d1QAAAG zUk4&fid=Draft&pid=3&clean=0&appid=YahooMailNeo