home

chrome_setup.exe

Swift Installer

Install Beta

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application chrome_setup.exe by Install Beta has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from imtrk.trktoo.com.
Publisher:
Install Beta  (signed and verified)

Product:
Swift Installer

MD5:
1432d339e9a7b1e27f20c91084a283f5

SHA-1:
e6efcf58dcfd06def0b7d3300837264d6dce89fb

SHA-256:
3cf3428c6ad9fa316236468e54aeab3e330be5503e23d3c130df0b31f9be9d0c

Scanner detections:
17 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/9/2024 12:32:39 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
ADWARE/iBryte.503272
3.6.1.96

avast!
Win32:PUP-gen [PUP]
2014.9-160114

AVG
Generic_r
2017.0.2865

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.DownLoader12.8756
9.0.1.014

ESET NOD32
Win32/Adware.iBryte.BY (variant)
10.11411

F-Prot
W32/S-f8f9eddb
v6.4.7.1.166

IKARUS anti.virus
Backdoor.Bredolab
t3scan.1.8.9.0

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.818

McAfee
Artemis!1483B6DA2165
5600.6521

NANO AntiVirus
Riskware.Win32.IBryte.dncdze
0.30.8.659

Qihoo 360 Security
Win32/Virus.Adware.ab6
1.0.0.1015

Reason Heuristics
PUP.Adknowledge.InstallBeta.Installer (M)
16.1.14.10

Vba32 AntiVirus
AdWare.iBryte
3.12.26.3

VIPRE Antivirus
AdKnowledge
38964

Zillya! Antivirus
Adware.iBryte.Win32.6464
2.0.0.2123

File size:
491.5 KB (503,272 bytes)

Product version:
2.4.8.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\chrome_setup.exe

Digital Signature
Signed by:
Install Beta

Authority:
COMODO CA Limited

Valid from:
3/23/2014 8:00:00 PM

Valid to:
3/24/2015 7:59:59 PM

Subject:
CN=Install Beta, O=Install Beta, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009A48736EA8E3F31268B7C9D99C833A71

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:JQiGFLH+wGHrv6AvKo+MBTlPadSfXioRcpMXVJod:JQiY+iAvKDMBTlP0QjcpMXVJod

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.4246

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file chrome_setup.exe has been seen being distributed by the following URL.

http://imtrk.trktoo.com/.../go.php?s=2763713493

Remove chrome_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.