» google-chrome.exe
Overview
Analysis
File Details

google-chrome.exe

Program Setup

FunnelFlash (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application google-chrome.exe by FunnelFlash (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

google-chrome.exe

Publisher:

SecuredDownload (signed by FunnelFlash (Fried Cookie Ltd))

Product:

Program Setup

Version:

1.0.5.a0.1_54015

MD5:

b1c379ca42eef68d0e20e5cb679f71f2

SHA-1:

c6e2a01ebbe9d84250d74e65e3d7ea54831c0a3e

SHA-256:

e3a36a815cee53dfc71dffa1c9b74000a4499cdc17819eb829f55a1ddd9a431d

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

5/21/2024 4:21:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.FC (M)

17.3.14.6

File size:

984.6 KB (1,008,240 bytes)

Product version:

1.0.5.a0.1_54015

SecuredDownload

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\google-chrome.exe

Digital Signature

Signed by:

FunnelFlash (Fried Cookie Ltd)

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 5:15:18 AM

Valid to:

6/2/2016 8:37:39 AM

Subject:

CN=FunnelFlash (Fried Cookie Ltd), O=FunnelFlash (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112174E2E69934660E5CFB4EA6713CBE4561

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9117

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove google-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.