» google chrome.exe
Overview
Analysis
File Details

google chrome.exe

Wizard

Volvan Premium SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google chrome.exe by Volvan Premium SL has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

google chrome.exe

Publisher:

Volvan Premium SL (signed and verified)

Product:

Wizard

Version:

1. 9. 8. 7

MD5:

69761a6426c36a83dde796296cde3103

SHA-1:

54d89f4b59b3de1b7d7c77d7541f65d0a2cc7110

SHA-256:

c92bb764845707adcad0e834f74a26afdf7690d45b274ef7106077ea29676fd8

Scanner detections:

34 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 8:51:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.168670

354

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Win-PUP/SoftPulse

2014.11.29

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

avast!

Win32:SoftPulse-DE [Adw]

2014.9-160215

AVG

Found Win32/DH{gRIxfX5QgQd5VE8VUYEVgQkcU4ETQYEP}

2017.0.2832

Bitdefender

Gen:Variant.Graftor.165890

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.MultiPlug-31138

0.98/20101

Comodo Security

Application.Win32.SoftPulse.D

20252

Dr.Web

Adware.SoftPules.3, Trojan.DownLoader11.54695

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.168670

8.16.02.15.07

ESET NOD32

Win32/SoftPulse.S potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/DriverUpd

2/15/2016

F-Prot

W32/A-3f31f6a7

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.168670

11.2016-15-02_2

G Data

Win32.Application.SoftPulse

16.2.24

IKARUS anti.virus

PUA.SoftPulse

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.186.14239

Kaspersky

not-a-virus:AdWare.Win32.SoftPulse

14.0.0.656

Malwarebytes

PUP.Optional.SmartSec

v2016.02.15.07

McAfee

Program.SoftPulse

5600.6488

MicroWorld eScan

Gen:Variant.Graftor.165890

17.0.0.138

NANO AntiVirus

Trojan.Win32.DriverUpd.djmoky

0.28.6.63726

Norman

Gen:Variant.Adware.Kazy.494201

11.20160215

nProtect

Trojan-Clicker/W32.SoftPulse.1145768

15.02.24.01

Panda Antivirus

Trj/Genetic.gen

16.02.15.07

Qihoo 360 Security

Malware.QVM17.Gen

1.0.0.1015

Reason Heuristics

PUP.Softpulse.VolvanPremium.Bundler (M)

16.2.15.19

Sophos

PUA 'SoftPulse' (of type Adware)

5.13

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9321

Vba32 AntiVirus

Signed-Adware.Softpulse

3.12.26.3

VIPRE Antivirus

Threat.4783235

35418

Zillya! Antivirus

Adware.SoftPulse.Win32.33

2.0.0.2011

File size:

1 MB (1,097,576 bytes)

Product version:

1. 9. 8. 7

Original file name:

Wizard.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Language:

Spanish

Common path:

C:\users\{user}\downloads\google chrome.exe

Digital Signature

Signed by:

Volvan Premium SL

Authority:

VeriSign, Inc.

Valid from:

8/19/2014 7:00:00 PM

Valid to:

8/20/2015 6:59:59 PM

Subject:

CN=Volvan Premium SL, O=Volvan Premium SL, L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

248F413947247E20924C496ECEB61F8A

File PE Metadata

Compilation timestamp:

12/10/2014 7:15:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:Q0BfZ15Scs4mUj79qPiqn7yauT/asgd0tp8A4:Q0guUuT/asgUE

Entry address:

0x1BFC6

Entry point:

E8, 9D, 7F, 00, 00, E9, 7F, FE, FF, FF, E9, 90, 27, 00, 00, 3B, 0D, 6C, C8, 48, 00, 75, 02, F3, C3, E9, 27, 3F, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00... 
[+]

Entropy:

7.5727

Code size:

208 KB (212,992 bytes)

Remove google chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.