player-chrome.exe

FUSION INSTALL

The Fusion Installer, which is a variant of Adknowledge's download manager bundles a number of ad-supported offerings in the installer. The application player-chrome.exe, “Fusion Install ” by FUSION INSTALL has been detected as adware by 81 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from install.fusioninstall.com and multiple other hosts.
Remove player-chrome.exe - Powered by Reason Core Security
Publisher:
Fusion Install   (signed by FUSION INSTALL)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
692a8e699fe99c9a4bf0f838b2fde59d

SHA-1:
099cb65f537f26ed9c98b43e0ee9d44541b0433c

SHA-256:
7b73e26164abe3340b4f5dfe8887022078b83621378d9631d9a447fc8039cadd

Scanner detections:
68 / 68

Status:
Adware

Explanation:
This setup/installer bundles various adware components (toolbars, coupon extensions, ad-supported extensions and utility offers).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/6/2016 6:56:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.128117
911

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Buzus
2014.02.09

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.137.120

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.iBryte
0.1.0.1

avast!
Win32:PUP-gen [PUP]
140608-0

AVG
Adware Skodna.Generic.AVT
2014.0.3955

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.14610

Bitdefender
Gen:Variant.Adware.Graftor.128117
1.0.20.1100

Clam AntiVirus
Win.Adware.Ibryte-271
0.98/21411

CMC Antivirus
Packed.Win32.TDSS.2!O
1.1.0.977

Comodo Security
Application.Win32.iBryte.QK
17943

Dr.Web
Adware.Downware.2216
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.128117
8.14.08.08.03

ESET NOD32
Win32/AdWare.iBryte.S application
7.0.302.0

Fortinet FortiGate
Adware/IBryte
6/10/2014

F-Prot
W32/DomaIQ.G.gen
v6.4.7.1.166

G Data
Win32.Application.OptimumInstaller
14.6.24

IKARUS anti.virus
Win32.AdWare
t3scan.1.6.1.0

Jiangmin
Adware/iBryte.gtfe
KV140610

K7 AntiVirus
Unwanted-Program
13.176.11784

K7 Gateway Antivirus
Unwanted-Program
13.176.11595

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.3731

Kingsoft AntiVirus
Win32.Troj.Undef.(kcloud)
331020.49267

Malwarebytes
v2014.06.10.08

McAfee
Artemis!2DA27C0F7D24
5600.7103

McAfee Web Gateway
Artemis!2DA27C0F7D24
7.7103

MicroWorld eScan
Gen:Variant.Adware.Graftor.128117
15.0.0.660

NANO AntiVirus
Trojan.Win32.Downware.ctwcbx
0.28.0.58394

nProtect
Trojan-Clicker/W32.iBryte.555816
14.04.18.01

Panda Antivirus
14.06.10.08

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.FUSIONINSTALL.N
14.8.8.3

Rising Antivirus
PE:Malware.iBryte!6.14B5
23.00.65.14608

SUPERAntiSpyware
10551

Total Defense
Win32/Tnega.XGSDMHC
37.0.10841

Trend Micro House Call
TROJ_GEN.F47V0221
7.2.161

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Optimum Installer
27078

Zillya! Antivirus
Downloader.Agent.Win32.185015
2.0.0.1774

Remove player-chrome.exe - Powered by Reason Core Security
File size:
215.3 KB (220,456 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\player-chrome.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=FUSION INSTALL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=FUSION INSTALL, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3615E290FD8B112928257EE3CD74B519

File PE Metadata
Compilation timestamp:
3/3/2014 3:27:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:lu3Gd91/yJi41VLfzqZkSrwumsJJWRAZ5qNpi3O:lu369dGKSSr7m2eNpi3O

Entry address:
0xCEBB

Entry point:
E8, BC, 47, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, AC, 72, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 5C, 70, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.3916

Code size:
151 KB (154,624 bytes)

The file player-chrome.exe has been seen being distributed by the following 2 URLs.

Remove player-chrome.exe - Powered by Reason Core Security