home

player-chrome.exe

FUSION INSTALLER

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application player-chrome.exe, “Fusion Install ” by FUSION INSTALLER has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from easysetupinstall.com.
Publisher:
Fusion Install   (signed by FUSION INSTALLER)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
82c7dd213d6fb5cf280b86c1735d1685

SHA-1:
18345ea4ccdde4b81397177b43bcbb7a54ae0a69

SHA-256:
ea9c4e9176ff74904c2e112033749c5ad18ff075dc2e426f4ba59ba09338ce7a

Scanner detections:
40 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 12:10:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.OptimumInstaller.R
354

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.IBryte
2014.07.31

Avira AntiVirus
Adware/iBryte.qoemnl
7.11.143.56

avast!
Win32:Malware-gen
2014.9-160215

AVG
Adware AdPlugin
2017.0.2832

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.16215

Bitdefender
Gen:Variant.Graftor.149578
1.0.20.230

Bkav FE
W32.VikesluLTAH.Adware
1.3.0.4959

Clam AntiVirus
Win.Adware.Agent-7183
0.98/19265

Comodo Security
Application.Win32.IBryte.S
18097

Dr.Web
Adware.Downware.2216
9.0.1.046

Emsisoft Anti-Malware
Gen:Variant.Graftor.149578
8.16.02.15.06

ESET NOD32
Win32/AdWare.iBryte
10.9671

Fortinet FortiGate
Riskware/IBryte
2/15/2016

F-Prot
W32/DomaIQ.G2.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Graftor.149578
11.2016-15-02_2

G Data
Win32.Adware.Ibryte
16.2.24

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11737

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.656

Malwarebytes
PUP.Optional.OptimumInstaller.A
v2016.02.15.06

McAfee
Artemis!9F3D6B19E1FF
5600.6488

MicroWorld eScan
Gen:Variant.Graftor.149578
17.0.0.138

NANO AntiVirus
Trojan.Win32.Downware.cukphe
0.28.0.59048

Norman
Downloader
11.20160215

nProtect
Adware.IBryte.U
14.07.03.01

Panda Antivirus
PUP/iBryte
16.02.15.06

Qihoo 360 Security
Win32/Virus.Downloader.dbe
1.0.0.1015

Quick Heal
Adware.iBryte.DK4
2.16.14.00

Reason Heuristics
PUP.Adknowledge.FUSIONINSTALLER.Installer (M)
16.2.15.18

Rising Antivirus
PE:Malware.iBryte!6.14B5
23.00.65.16213

Sophos
iBryte Optimum Installer
4.98

SUPERAntiSpyware
Adware.OptimumInstaller/Variant
9321

Total Defense
Win32/Tnega.MWULDGC
37.0.10864

Trend Micro House Call
TROJ_GEN.F47V0310
7.2.46

Trend Micro
TROJ_FRS.PMA001AD14
10.465.15

Vba32 AntiVirus
Downloader.Agent.bkfx
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28214

Zillya! Antivirus
Downloader.Agent.Win32.185015
2.0.0.1790

File size:
63.8 KB (65,320 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\player-chrome.exe

Digital Signature
Signed by:
FUSION INSTALLER

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=FUSION INSTALLER, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=FUSION INSTALLER, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
21DB9738D9B500E3DAF0570B5DA9E8B9

File PE Metadata
Compilation timestamp:
8/4/2014 1:38:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:diI5aB0oAtH2YUlN7NpAJdWkigEDTRdUW6vOXbwp3ggskwvPLjZ:nEB0oAl1U/hiDWkig+QOXbwHaP5

Entry address:
0x641D

Entry point:
E8, 46, 05, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, B2, 40, 00, 89, 0D, 04, B2, 40, 00, 89, 15, 00, B2, 40, 00, 89, 1D, FC, B1, 40, 00, 89, 35, F8, B1, 40, 00, 89, 3D, F4, B1, 40, 00, 66, 8C, 15, 20, B2, 40, 00, 66, 8C, 0D, 14, B2, 40, 00, 66, 8C, 1D, F0, B1, 40, 00, 66, 8C, 05, EC, B1, 40, 00, 66, 8C, 25, E8, B1, 40, 00, 66, 8C, 2D, E4, B1, 40, 00, 9C, 8F, 05, 18, B2, 40, 00, 8B, 45, 00, A3, 0C, B2, 40, 00, 8B, 45, 04, A3, 10, B2, 40, 00, 8D, 45, 08, A3, 1C, B2, 40...
 
[+]

Entropy:
5.8360

Code size:
25 KB (25,600 bytes)

The file player-chrome.exe has been seen being distributed by the following URL.

http://easysetupinstall.com/o/.../Player-Chrome.exe

Remove player-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.