home

chrome_setup.exe

DOWNLOADZONE

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application chrome_setup.exe by DOWNLOADZONE has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
DOWNLOADZONE  (signed and verified)

MD5:
2e7ad3d9ecd868cea16fc634127a6d82

SHA-1:
6ac6f833c610b1e504073583264f07aad1ca8986

SHA-256:
4da1f236a84be2818c767695390c7d2a8fbc1ce7251f2ebb34da6b1f951f1c26

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 12:38:25 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.MyWebSearch
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-150216

AVG
AdPlugin
2016.0.3197

ESET NOD32
Win32/Toolbar.MyWebSearch.S potentially unwanted (variant)
9.11168

Fortinet FortiGate
Riskware/Toolbar_MyWebSearch
2/16/2015

K7 AntiVirus
Unwanted-Program
13.194.14945

Malwarebytes
PUP.Optional.Downloadster
v2015.02.16.10

McAfee
Artemis!2E7AD3D9ECD8
5600.6853

Reason Heuristics
PUP.Installer.Adlogica
15.2.16.10

Sophos
Generic PUA CH
4.98

VIPRE Antivirus
MyWebSearch Toolbar (not malicious)
37498

File size:
820.9 KB (840,600 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\chrome_setup.exe

Digital Signature
Signed by:
DOWNLOADZONE

Authority:
COMODO CA Limited

Valid from:
9/11/2013 5:00:00 PM

Valid to:
9/12/2015 4:59:59 PM

Subject:
CN=DOWNLOADZONE, O=DOWNLOADZONE, STREET=96 Jessie st, STREET=4th Floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B24C5AAB5A6D4FED7E156750E71003D

File PE Metadata
Compilation timestamp:
6/21/2014 7:05:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:4uR5EPHvTzkWJ0fZWcynKfFfIrTVRL8SpX1c8y1MmG3ss23atdLEk3b:sf7zkW+ryKNmTESpFc8y2t3ss23av

Entry address:
0x162E0

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C8, 89, 45, CC, 89, 45, D0, 89, 45, EC, 89, 45, D8, 89, 45, D4, B8, D4, 5E, 41, 00, E8, 12, 00, FF, FF, 33, C0, 55, 68, ED, 64, 41, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 8B, 64, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 50, 8D, 45, D8, E8, BE, AF, FF, FF, 8B, 45, D8, 89, 45, DC, C6, 45, E0, 0B, 8D, 55, D4, B8, 08, 00, 00, 00, E8, CF, AF, FF, FF, 8B, 45, D4, 89, 45, E4, C6, 45, E8, 0B, 8D, 55, DC, B9, 01, 00, 00, 00, B8, 04, 65, 41, 00...
 
[+]

Entropy:
7.8727

Developed / compiled with:
Microsoft Visual C++

Code size:
85.5 KB (87,552 bytes)

The file chrome_setup.exe has been seen being distributed by the following URL.

https://s3-eu-west-1.amazonaws.com/.../Chrome_Setup.exe

Remove chrome_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.