home

chrome_setup.exe

FUSION INSTALL

The Fusion Installer, which is a variant of Adknowledge's download manager bundles a number of ad-supported offerings in the installer. The application chrome_setup.exe, “Fusion Install ” by FUSION INSTALL has been detected as adware by 39 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Fusion Install   (signed by FUSION INSTALL)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
9db53ed09b2444bf56e4bbc13054048c

SHA-1:
303a91c9a92bbaa4a1e97c7c32faeb7de61ad80d

SHA-256:
f6e6d91d2ac05a6309c000dcb08e166d835db0938893cfe0a1b8a4c55a7150d5

Scanner detections:
39 / 68

Status:
Adware

Explanation:
This setup/installer bundles various adware components (toolbars, coupon extensions, ad-supported extensions and utility offers).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 3:41:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.593289
388

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Buzus
2014.02.09

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.144.160

avast!
PUP-gen [PUP]
2014.9-160113

AVG
Adware Skodna.Generic
2017.0.2866

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.16113

Bitdefender
Application.Generic.593289
1.0.20.65

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-6804
0.98/21411

Comodo Security
Application.Win32.IBryte.U
18142

Dr.Web
Trojan.Inject.64592
9.0.1.013

Emsisoft Anti-Malware
Adware.Agent.NUY
8.16.01.13.07

ESET NOD32
Win32/AdWare.iBryte.Q application
10.7.0.302.0

Fortinet FortiGate
Riskware/IBryte
1/13/2016

F-Prot
W32/Backdoor2.HTKO
v6.4.7.1.166

F-Secure
Application.Generic.593289
11.2016-13-01_4

G Data
Win32.Application.OptimumInstaller
16.1.24

IKARUS anti.virus
Win32.AdWare
t3scan.2.2.29

K7 AntiVirus
Adware
13.175.10781

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.823

Malwarebytes
PUP.Optional.iBryte
v2016.01.13.07

McAfee
Artemis!5032EA165D47
5600.6522

MicroWorld eScan
Application.Generic.593289
17.0.0.39

NANO AntiVirus
Trojan.Win32.Buzus.cssrww
0.28.0.59921

nProtect
Trojan-Clicker/W32.iBryte.555816
14.05.09.01

Panda Antivirus
PUP/iBryte
16.01.13.07

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.iBryte.DK4
1.16.14.00

Reason Heuristics
PUP.Adknowledge.FUSIONINSTALL.Installer (M)
16.1.13.7

Rising Antivirus
PE:PUF.PremiumInstaller!1.9F73
23.00.65.16111

Sophos
PUA 'iBryte Optimum Installer'
5.13

SUPERAntiSpyware
Adware.OptimumInstaller/Variant
9388

Total Defense
Win32/Tnega.EHeKKHD
37.0.10890

Trend Micro House Call
TROJ_GEN.F47V0127
7.2.13

Trend Micro
TROJ_FRS.PMA001AD14
10.465.13

Vba32 AntiVirus
SScope.Malware-Cryptor.iBryte
3.12.26.0

VIPRE Antivirus
Threat.4778314
29732

Zillya! Antivirus
Trojan.Buzus.Win32.120124
2.0.0.1806

File size:
2.5 MB (2,670,888 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\chrome_setup.exe

Digital Signature
Signed by:
FUSION INSTALL

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 7:00:00 PM

Valid to:
9/20/2014 6:59:59 PM

Subject:
CN=FUSION INSTALL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=FUSION INSTALL, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3615E290FD8B112928257EE3CD74B519

File PE Metadata
Compilation timestamp:
1/10/2014 4:39:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:rds6PQcOsIkwOK1JmYwqYyXWQzicroH6en8jhET2gBjP8/ZfHBGBdH2Nx7:rXPQ5sIkw/ghyHroHz8jhET/BQ/VBo23

Entry address:
0x79ED5

Entry point:
E8, BE, 8C, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, C0, 8C, 4B, 00, E8, C1, 35, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 98, 62, 68, 00, 77, 22, 6A, 04, E8, C1, 8E, 00, 00, 59, 83, 65, FC, 00, 56, E8, 23, 9C, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CD, 35, 00, 00, C3, 6A, 04, E8, A4, 8D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, F4, 4E, 68, 00, 00, 75, 18, E8, F9, 81, 00, 00, 6A, 1E, E8, 21, 80, 00, 00, 68, FF, 00, 00, 00, E8, 37, 4D, 00, 00, 59, 59, A1...
 
[+]

Entropy:
7.2382

Code size:
663.5 KB (679,424 bytes)

The file chrome_setup.exe has been seen being distributed by the following URL.

http://imtrk.trktoo.com/.../go.php?c=5&l=5&subid=2442515699

Remove chrome_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.