home

chrome_update.exe

The application chrome_update.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer, however the file is not signed with an authenticode signature from a trusted source. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
MD5:
fe3400c0b5e7d8136bb8617029293e3c

SHA-1:
e0539d3abd736c0301ca1d4e779d773cdd16aee8

SHA-256:
e5495c4248813ea7baaf9cee133825e727bd6bb10cbee081924c9230b5a4c00a

Scanner detections:
4 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 3:28:55 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

Kaspersky
not-a-virus:AdWare.Win32.AirAdInstaller
15.0.0.494

Sophos
AirInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10279

File size:
840.4 KB (860,584 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Common path:
C:\users\{user}\downloads\chrome_update.exe

File PE Metadata
Compilation timestamp:
1/9/2014 6:31:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:43TF63gCL3+KmTw0JtYKDhHfEY/amBmTcGMcrpz3:4Dsall9fEY/amwTBMcrR

Entry address:
0x266D40

Entry point:
60, BE, 00, 40, 5A, 00, 8D, BE, 00, D0, E5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8866

Packer / compiler:
UPX 2.90LZMA

Code size:
780 KB (798,720 bytes)

Remove chrome_update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.