home

google chrome.exe

App secure LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google chrome.exe by App secure has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
App secure LLC  (signed and verified)

MD5:
6a4f22bfc00b8ab14ae3bb6b28fcb65f

SHA-1:
ac0d5557d7835908ef10f4d224ba54b09a7a6f99

SHA-256:
bd3c746dc7f86044e63956884d6c24cc1ff84cbd12f5317cf64f64647ee36ce6

Scanner detections:
26 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/19/2024 7:23:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.2334
6397750

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.02.13

Avira AntiVirus
APPL/Softpulse.rtfa
7.11.209.210

AVG
Generic
2016.0.3201

Bitdefender
Gen:Variant.Adware.Mikey.2334
1.0.20.215

Clam AntiVirus
Win.Trojan.Softpulse-127
0.98/21511

Comodo Security
Application.Win32.SoftPulse.D
21051

Dr.Web
Trojan.Domaiq.115
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.2334
9.0.0.4799

ESET NOD32
Win32/SoftPulse.W potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Zbot.AAN!tr
2/12/2015

F-Prot
W32/S-1ecda7a6
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey.2334
5.13.68

G Data
Gen:Variant.Adware.Mikey.2334
15.2.25

IKARUS anti.virus
PUA.DigiPlug
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
15.0.0.543

Malwarebytes
PUP.Optional.SoftPulse
v2015.02.12.08

McAfee
Program.SoftPulse
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.Mikey.2334
16.0.0.129

NANO AntiVirus
Trojan.Win32.DriverUpd.dmudtv
0.30.0.65070

Panda Antivirus
Trj/Genetic.gen
15.02.12.08

Reason Heuristics
PUP.Softpulse
15.2.12.8

Vba32 AntiVirus
AdWare.SoftPulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Adware.Agent.Win32.39085
2.0.0.2062

File size:
869.5 KB (890,416 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\google chrome.exe

Digital Signature
Signed by:
App secure LLC

Authority:
VeriSign, Inc.

Valid from:
12/16/2014 5:00:00 PM

Valid to:
12/17/2015 4:59:59 PM

Subject:
CN=App secure LLC, O=App secure LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D0A1845D85007CD040B350F48C5F721

File PE Metadata
Compilation timestamp:
1/22/2015 2:18:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:GpibiW7+xKzjwvsqEgNE54F/yW5+80/mQggSoOMQnodL3QhQSEgHQKqWzHECjZGT:maS+wvREwE875ZQS28hNEbAQ

Entry address:
0x8CB6

Entry point:
E8, 9E, 52, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 6F, 05, 00, 00, 3B, 0D, A0, 21, 42, 00, 75, 02, F3, C3, E9, 15, 53, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 3F, 54, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, FD, 04, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 4C, 2B, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 4B, 3C, 00, 00, 83...
 
[+]

Entropy:
7.8725  (probably packed)

Code size:
102.5 KB (104,960 bytes)

The file google chrome.exe has been seen being distributed by the following URL.

http://ttb.grabsofts.com/download/request/google-chrome/.../chrome&fileName=google-chrome

Remove google chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.