home

chromium.exe

bon joueur

The executable chromium.exe has been detected as malware by 22 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Google Chromium’. The file has been seen being downloaded from docs.google.com and multiple other hosts.
Product:
bon joueur

Version:
3, 3, 8, 1

MD5:
b1a04e9ebf35fcfdf6174e88cd63554f

SHA-1:
bb22beb1beb8e0ab238c4d83c4b84665346211fd

SHA-256:
240c7e7b7c3946464c379214463e45b86726cecbe24b0c9fddde50371723ac10

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
4/25/2024 9:50:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.49919
729

AhnLab V3 Security
Trojan/Win32.Asprox
2015.02.04

Avira AntiVirus
TR/Crypt.cfi.besd
7.11.206.214

avast!
Win32:Dropper-gen [Drp]
2014.9-150206

Baidu Antivirus
Trojan.Win32.VB
4.0.3.1526

Bitdefender
Gen:Variant.Symmi.49919
1.0.20.185

Comodo Security
TrojWare.Win32.Injector.DSTF
20955

Dr.Web
Trojan.Siggen1.63828
9.0.1.037

Emsisoft Anti-Malware
Gen:Variant.Symmi.49919
8.15.02.06.02

ESET NOD32
Win32/VB.RTN
9.11120

Fortinet FortiGate
W32/ExtenBro.AK!tr
2/6/2015

F-Secure
Gen:Variant.Symmi.49919
11.2015-06-02_6

G Data
Gen:Variant.Symmi.49919
15.2.25

Kaspersky
Trojan.Win32.VB
14.0.0.2529

Malwarebytes
Trojan.Agent
v2015.02.06.02

McAfee
Artemis!B1A04E9EBF35
5600.6863

Microsoft Security Essentials
Trojan:Win32/Kilim.gen!C
1.1.11302.0

MicroWorld eScan
Gen:Variant.Symmi.49919
16.0.0.111

Norman
VBTroj.VWAF
11.20150206

Panda Antivirus
Trj/Genetic.gen
15.02.06.02

Qihoo 360 Security
Win32/Trojan.682
1.0.0.1015

Quick Heal
TrojanDownloader.Murlo.clv.n3
2.15.14.00

File size:
694.1 KB (710,741 bytes)

Product version:
3, 3, 8, 1

Copyright:
bon service de lecteur

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\chromium.exe

File PE Metadata
Compilation timestamp:
9/25/2009 8:57:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:ONIQAPGsAqY9IMVYd38sJdpQHlGlY8KfTAFoRnI55vnE1Db/l9TXQCV:DPGSY91VwNJcFMqTiys5vSDbdVXlV

Entry address:
0x42B4F

Entry point:
6A, 60, 68, 88, 1A, 46, 00, E8, AD, 5C, 01, 00, BF, 94, 00, 00, 00, 8B, C7, E8, E9, 56, 01, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 14, A2, 45, 00, 8B, 4E, 10, 89, 0D, A4, B4, 46, 00, 8B, 46, 04, A3, B0, B4, 46, 00, 8B, 56, 08, 89, 15, B4, B4, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, A8, B4, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, A8, B4, 46, 00, C1, E0, 08, 03, C2, A3, AC, B4, 46, 00, 33, F6, 56, 8B, 3D, 5C, A2, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
354 KB (362,496 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Google Chromium

Command:
"C:\users\{user}\appdata\roaming\chromium.exe"


The file chromium.exe has been seen being distributed by the following 5 URLs.

https://docs.google.com/uc?id=0Bwk1Wz2TozHZbnN6bWlMM2sxR1k

https://doc-0o-8o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ck4u4sf6v1dklnn8i1k9q6hfb8fjufma/1423015200000/13165863439555758987/.../0Bwk1Wz2TozHZNDRkTGxqakZOWXM

https://docs.google.com/uc?id=0Bwk1Wz2TozHZNDRkTGxqakZOWXM

https://doc-14-8o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/d5d14l60q7ntl5v52sravtevreutijjk/1423015200000/13165863439555758987/.../0Bwk1Wz2TozHZTG9ENjdVWW8zSWs

https://docs.google.com/uc?id=0Bwk1Wz2TozHZTG9ENjdVWW8zSWs

Remove chromium.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.