» google chrome.exe
Overview
Analysis
File Details

google chrome.exe

FIRSERIA, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application google chrome.exe by FIRSERIA, S.L has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

google chrome.exe

Publisher:

Firseria·s·l· (signed by FIRSERIA, S.L.)

Version:

1.0.0.15

MD5:

36a67355b55416050eecce5bb86d534e

SHA-1:

f2778fb2d23e7fe84118635206a7ed069678aa0c

SHA-256:

81fa9f2cdc8a4aea0541d4d1eeb408205c835f71e3290375d7596ef052489f16

Scanner detections:

34 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 12:44:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Bundler.Firseria.1

5768726

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Firseria

2015.06.14

Avira AntiVirus

PUA/Firseria.Gen

8.3.1.6

Arcabit

Application.Bundler.Firseria.1

1.0.0.425

avast!

Win32:Firseria-A [PUP]

150602-1

AVG

Adware AdInstaller.Firseria

2015.0.4355

Bitdefender

Gen:Application.Bundler.Firseria.1

1.0.20.820

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.Firseria

0.98/20565

Comodo Security

TrojWare.Win32.Trojan.Obfuscated.~EN

22436

Dr.Web

Adware.Downware.11353, Adware.Downware.1433, Adware.Downware.1433

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Bundler.Firseria

10.0.0.5366

ESET NOD32

Win32/FirseriaInstaller.C potentially unwanted application

7.0.302.0

F-Prot

W32/Backdoor2.HTEZ

4.6.5.141

F-Secure

Riskware.Gen:Application.Bundler.Firseria

5.14.151

G Data

Gen:Application.Bundler.Firseria

15.6.25

IKARUS anti.virus

PUA.Downloader.Morstar

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.205.16234

Kaspersky

not-a-virus:Downloader.Win32.Firser

15.0.0.543

Malwarebytes

PUP.Optional.Firseria

v2015.06.13.12

McAfee

Program.PUP-FFT

17.6.569.0

MicroWorld eScan

Gen:Application.Bundler.Firseria.1

16.0.0.492

NANO AntiVirus

Trojan.Win32.Firser.dcpsef

0.30.24.2086

Norman

Gen:Application.Bundler.Firseria.1

02.06.2015 14:23:46

Panda Antivirus

Adware/Firseria

15.06.13.12

Quick Heal

PUA.Firseria.DC4

6.15.14.00

Reason Heuristics

PUP.Solimba.Bundler

15.6.13.12

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.9C54

23.00.65.15611

Sophos

PUA 'Solimba Installer'

5.15

Total Defense

Win32/Tnega.cDbPCaB

37.1.62.1

Vba32 AntiVirus

Downware.Morstar

3.12.26.4

VIPRE Antivirus

Threat.4150696

40786

Zillya! Antivirus

Downloader.Morstar.Win32.1

2.0.0.2221

File size:

165.3 KB (169,272 bytes)

Product version:

1.0.0.15

Original file name:

installer·exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\google%20chrome.exe

Digital Signature

Signed by:

FIRSERIA, S.L.

Authority:

Thawte, Inc.

Valid from:

7/24/2013 2:00:00 AM

Valid to:

7/25/2014 1:59:59 AM

Subject:

CN="FIRSERIA, S.L.", OU=IT, O="FIRSERIA, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

73C4780FAC0CD497B0778732FB8AF673

File PE Metadata

Compilation timestamp:

10/14/2013 4:23:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:74HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:EiI/PlY37ZLF4Ca6WABqBOvs

Entry address:

0x76117

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

101 KB (103,424 bytes)

Remove google chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.