» player-chrome.exe
Overview
Analysis
File Details

player-chrome.exe

File Monarch

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Premium Installer ” by File Monarch has been detected as adware by 41 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

player-chrome.exe

Publisher:

Premium Installer (signed by File Monarch)

Product:

Premium Installer

Description:

Premium Installer

Version:

2.4.8.1

MD5:

626629c6164ee04d4fa0664c65f9869b

SHA-1:

1bbfae3cb46b94559b8b3d1c5a58233687a3279c

Scanner detections:

41 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 4:54:34 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Graftor.152464

435

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2014.08.16

Avira AntiVirus

Adware/iBryte.bxop

7.11.171.120

avast!

Win32:Adware-gen [Adw]

2014.9-151126

AVG

Generic

2016.0.2913

Baidu Antivirus

Adware.Win32.iBryte

4.0.3.151126

Bitdefender

Gen:Variant.Application.Graftor.152464

1.0.20.1650

Bkav FE

W32.Buzus.A.Adware

1.3.0.6267

Clam AntiVirus

Win.Adware.Ibryte-3427

0.98/21411

Comodo Security

Application.Win32.AgentCV.HWYE

19470

Dr.Web

Trojan.DownLoader11.31929

9.0.1.0330

Emsisoft Anti-Malware

Gen:Variant.Application.Graftor.152464

8.15.11.26.08

ESET NOD32

Win32/AdWare.iBryte.BI (variant)

9.10392

Fortinet FortiGate

Adware/IBryte

11/26/2015

F-Prot

W32/A-34fffba4

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Graftor

11.2015-26-11_5

G Data

Gen:Variant.Application.Graftor.152464

15.11.24

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13319

Kaspersky

not-a-virus:AdWare.Win32.iBryte

14.0.0.1061

Malwarebytes

PUP.Optional.OptimunInstaller

v2015.11.26.08

McAfee

Trojan.Artemis!0D59CA479E98

5600.6569

Microsoft Security Essentials

TrojanClicker:Win32/Clikug.A

1.10401

MicroWorld eScan

Gen:Variant.Application.Graftor.152464

16.0.0.990

NANO AntiVirus

Trojan.Win32.IBryte.ddtkup

0.28.2.61519

Norman

IBryte.PDB

11.20151126

nProtect

Adware.IBryte.AF

14.08.18.01

Panda Antivirus

Trj/Genetic.gen

15.11.26.08

Qihoo 360 Security

Win32/Virus.Adware.cf5

1.0.0.1015

Quick Heal

TrojanDownloader.Badur.A5

11.15.14.00

Reason Heuristics

PUP.Adknowledge.FileMonarch.Bundler (M)

15.11.26.20

Rising Antivirus

PE:Malware.iBryte!6.192B

23.00.65.151124

Sophos

Adware.iBryte Premium Installer

SUPERAntiSpyware

PUP.OptimumInstaller/Variant

9483

Total Defense

Win32/Tnega.BJcMELB

37.0.11287

Trend Micro House Call

TROJ_CLIKUG.A

7.2.330

Trend Micro

TROJ_CLIKUG.A

10.465.26

Vba32 AntiVirus

AdWare.iBryte

3.12.26.3

VIPRE Antivirus

Threat.4778314

32938

Zillya! Antivirus

Downloader.Agent.Win32.206074

2.0.0.1899

File size:

141.4 KB (144,760 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\player-chrome.exe

Digital Signature

Signed by:

File Monarch

Authority:

COMODO CA Limited

Valid from:

3/17/2014 8:00:00 PM

Valid to:

3/18/2015 7:59:59 PM

Subject:

CN=File Monarch, O=File Monarch, STREET="4600 Madison Ave., FL 10", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E65C750985B066CBB7B485ACF86E58B1

File PE Metadata

Compilation timestamp:

9/6/2014 5:15:15 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:jrYcOvNxdJ1UYLpfKzYG9O1mMXrIakTCm1t:WLpfAYG9O1et

Entry address:

0x93E7

Entry point:

E8, 4C, 05, 00, 00, E9, 36, FD, FF, FF, CC, FF, 25, B8, B1, 40, 00, FF, 25, 44, B1, 40, 00, CC, CC, 68, 59, 94, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, F0, 40, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C... 
[+]

Entropy:

6.0746

Code size:

39 KB (39,936 bytes)

Remove player-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.