» google chrome distribuido por getnow.exe
Overview
Analysis
File Details

google chrome distribuido por getnow.exe

Download Manager

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application google chrome distribuido por getnow.exe by LiveSoftAction has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

LiveSoftAction (signed and verified)

Product:

Download Manager

Version:

1.0.11.0

MD5:

d00050ba1343c0977bd4d64b211e12ca

SHA-1:

9a12a36a8b672819f41543536e494a1892ddd2f8

SHA-256:

1e370ad099d478d61ba838f4840b0fd0d00cb9f4c1da1a6e55451cec83bb6efc

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is a modified installer that uses the Appscion to bundle adware.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 6:46:09 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Sien (M)

17.3.15.19

File size:

2 MB (2,094,288 bytes)

Product version:

1.0.11.0

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

SIEN SuperInstall

Language:

English (United States)

Common path:

C:\users\{user}\downloads\google chrome distribuido por getnow.exe

Digital Signature

Signed by:

LiveSoftAction

Authority:

VeriSign, Inc.

Valid from:

6/4/2012 9:00:00 PM

Valid to:

6/5/2014 8:59:59 PM

Subject:

CN=LiveSoftAction, OU=SienAppNetwork, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=LiveSoftAction, L=Bucharest, S=functiune, C=RO

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

17E4CA22DB0D2CFD73BAACB9BD605BF7

File PE Metadata

Compilation timestamp:

5/15/2013 12:58:41 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x1298C5

Entry point:

E8, CE, 91, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, F0, 2E, 5B, 00, 75, 02, F3, C3, E9, 55, 92, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, 20, 36, 00, 00, 6A, 16, 5E, 89, 30, E8, BF, 94, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 81, 2A, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, EF, 29, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, D6, 35, 00, 00, 6A... 
[+]

Code size:

1.3 MB (1,415,168 bytes)

Remove google chrome distribuido por getnow.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.