home

chrome_setup.exe

Installer

Download Ship

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application chrome_setup.exe, “Installer Setup ” by Download Ship has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Application   (signed by Download Ship)

Product:
Installer

Description:
Installer Setup

MD5:
e4b74f2e617182a32e30616de5936902

SHA-1:
5f365e4a21a720a424a0c6ec1d82eb076b7dfc6e

SHA-256:
b7646939f4202e5e8ae93d3ec18af0ee747808af0df14dc44711bc15475aa088

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 4:14:32 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Adware InstallCore
2016.0.2913

Dr.Web
Trojan.InstallCore.642
9.0.1.0331

ESET NOD32
Win32/InstallCore.ZC potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2015-27-11_6

Malwarebytes
PUP.Optional.InstallCore.C
v2015.11.27.03

McAfee
Trojan.Artemis!C8BE51C6A88B
5600.6569

Reason Heuristics
PUP.installCore.DownloadShip.Installer (M)
15.11.27.3

VIPRE Antivirus
Threat.4150696
39354

File size:
795.6 KB (814,736 bytes)

Product version:
5.3.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\chrome_setup.exe

Digital Signature
Signed by:
Download Ship

Authority:
COMODO CA Limited

Valid from:
2/26/2015 7:00:00 PM

Valid to:
2/26/2017 6:59:59 PM

Subject:
CN=Download Ship, O=Download Ship, STREET="1930 Village Center Circle #3-1234", L=Las Vegas, S=NV, PostalCode=89134, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3205F0A598C4107AE3ADC64267F5AC51

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Drz95FFfNiB0IXbhSqTtxqYELZWDu9eP3ZGriV:DHJ+BnVSqTtxqYELZWC63ZGriV

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8917

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove chrome_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.