home

chrome_setup.exe

FUSION INSTALL

The Fusion Installer, which is a variant of Adknowledge's download manager bundles a number of ad-supported offerings in the installer. The application chrome_setup.exe, “Fusion Install ” by FUSION INSTALL has been detected as adware by 39 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Fusion Install   (signed by FUSION INSTALL)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
665a9e26e732eddf0643323def73b7d0

SHA-1:
346740c8c36ce0338dfc60c2a362119935eb01d2

SHA-256:
7a9e9e0a40a990a70064eb66fef76382dde6dff20fb58e95a6af878e617a0138

Scanner detections:
39 / 68

Status:
Adware

Explanation:
This setup/installer bundles various adware components (toolbars, coupon extensions, ad-supported extensions and utility offers).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 1:40:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.593289
377

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Buzus
2014.02.09

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.144.160

avast!
PUP-gen [PUP]
2014.9-160124

AVG
Adware Skodna.Generic
2017.0.2855

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.16124

Bitdefender
Application.Generic.593289
1.0.20.120

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-6804
0.98/21411

Comodo Security
Application.Win32.IBryte.U
18142

Dr.Web
Trojan.Inject.64592
9.0.1.024

Emsisoft Anti-Malware
Adware.Agent.NUY
8.16.01.24.07

ESET NOD32
Win32/AdWare.iBryte.Q application
10.7.0.302.0

Fortinet FortiGate
Riskware/IBryte
1/24/2016

F-Prot
W32/Backdoor2.HTKO
v6.4.7.1.166

F-Secure
Application.Generic.593289
11.2016-24-01_1

G Data
Win32.Application.OptimumInstaller
16.1.24

IKARUS anti.virus
Win32.AdWare
t3scan.2.2.29

K7 AntiVirus
Adware
13.175.10781

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.768

Malwarebytes
PUP.Optional.iBryte
v2016.01.24.07

McAfee
Artemis!5032EA165D47
5600.6511

MicroWorld eScan
Application.Generic.593289
17.0.0.72

NANO AntiVirus
Trojan.Win32.Buzus.cssrww
0.28.0.59921

nProtect
Trojan-Clicker/W32.iBryte.555816
14.05.09.01

Panda Antivirus
PUP/iBryte
16.01.24.07

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.iBryte.DK4
1.16.14.00

Reason Heuristics
PUP.Adknowledge.FUSIONINSTALL.Installer (M)
16.1.24.7

Rising Antivirus
PE:PUF.PremiumInstaller!1.9F73
23.00.65.16122

Sophos
PUA 'iBryte Optimum Installer'
5.13

SUPERAntiSpyware
Adware.OptimumInstaller/Variant
9366

Total Defense
Win32/Tnega.EHeKKHD
37.0.10890

Trend Micro House Call
TROJ_GEN.F47V0127
7.2.24

Trend Micro
TROJ_FRS.PMA001AD14
10.465.24

Vba32 AntiVirus
SScope.Malware-Cryptor.iBryte
3.12.26.0

VIPRE Antivirus
Threat.4778314
29732

Zillya! Antivirus
Trojan.Buzus.Win32.120124
2.0.0.1806

File size:
1.6 MB (1,663,272 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\chrome_setup.exe

Digital Signature
Signed by:
FUSION INSTALL

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=FUSION INSTALL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=FUSION INSTALL, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3615E290FD8B112928257EE3CD74B519

File PE Metadata
Compilation timestamp:
1/21/2014 2:18:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:+qESip8JmzGY3wZIS+n60p1UHeFsBBGBd1P:HBip8czG72/YB6

Entry address:
0x36705

Entry point:
E8, BE, 8C, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, B0, 5C, 47, 00, E8, C1, 35, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, B8, 0C, 59, 00, 77, 22, 6A, 04, E8, C1, 8E, 00, 00, 59, 83, 65, FC, 00, 56, E8, 23, 9C, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CD, 35, 00, 00, C3, 6A, 04, E8, A4, 8D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, 14, F9, 58, 00, 00, 75, 18, E8, F9, 81, 00, 00, 6A, 1E, E8, 21, 80, 00, 00, 68, FF, 00, 00, 00, E8, 37, 4D, 00, 00, 59, 59, A1...
 
[+]

Entropy:
7.0981

Code size:
393.5 KB (402,944 bytes)

The file chrome_setup.exe has been seen being distributed by the following URL.

http://imtrk.trktoo.com/.../go.php?c=5&l=5&subid=2476571124

Remove chrome_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.