home

player-chrome.exe

Build Input

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Premium Installer ” by Build Input has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Premium Installer   (signed by Build Input)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
c189de077858155413a8710dc9ac10c5

SHA-1:
4d9331e75b3deb7fe126be383c10bbb006e55c26

SHA-256:
7bef3fcf59c5466688c5aa2be8206f6087e04e89407a76bc6973b4fe3ea66297

Scanner detections:
23 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 2:07:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.61512
886

Agnitum Outpost
Trojan.Badur
7.1.1

AhnLab V3 Security
PUP/Win32.IBryte
2014.09.02

Avira AntiVirus
Adware/iBryte.bxmz
7.11.170.102

avast!
Win32:Adware-gen [Adw]
140813-1

AVG
Adware AdPlugin.AAE
2014.0.4015

Bitdefender
Gen:Variant.Adware.Strictor.61512
1.0.20.1220

Comodo Security
Application.Win32.AgentCV.HWYE
19393

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.61512
9.0.0.4324

ESET NOD32
Win32/AdWare.iBryte.BF (variant)
8.10350

F-Prot
W32/A-37401952
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.61512
11.2014-01-09_2

G Data
Gen:Variant.Adware.Strictor.61512
14.9.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.iBryte
14.0.0.3315

Malwarebytes
PUP.Optional.OptimunInstaller
v2014.09.01.09

MicroWorld eScan
Gen:Variant.Adware.Strictor.61512
15.0.0.732

NANO AntiVirus
Trojan.Win32.Badur.deebps
0.28.2.61942

Panda Antivirus
Trj/Genetic.gen
14.09.01.09

Reason Heuristics
PUP.Installer.BuildInput.N
14.9.1.20

Sophos
iBryte Premium Installer
4.98

Vba32 AntiVirus
AdWare.iBryte
3.12.26.3

VIPRE Antivirus
Threat.4778314
32210

Zillya! Antivirus
Downloader.Agent.Win32.207357
2.0.0.1908

File size:
142.4 KB (145,784 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\player-chrome.exe

Digital Signature
Signed by:
Build Input

Authority:
COMODO CA Limited

Valid from:
3/23/2014 8:00:00 PM

Valid to:
3/24/2015 7:59:59 PM

Subject:
CN=Build Input, O=Build Input, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0093C151407610A7B56F799C03CB8D955D

File PE Metadata
Compilation timestamp:
8/24/2014 5:05:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:IGxYf8IUVv/CpeOFL8aXHXlZXLIvZ3oLLhjLmOiU6fEyPXXT0UypVcWwELa6:7Yf8IUVv/dOFLX1ZbmZJLtPw

Entry address:
0x53A7

Entry point:
E8, 3C, 05, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F8, A1, 40, 00, 89, 0D, F4, A1, 40, 00, 89, 15, F0, A1, 40, 00, 89, 1D, EC, A1, 40, 00, 89, 35, E8, A1, 40, 00, 89, 3D, E4, A1, 40, 00, 66, 8C, 15, 10, A2, 40, 00, 66, 8C, 0D, 04, A2, 40, 00, 66, 8C, 1D, E0, A1, 40, 00, 66, 8C, 05, DC, A1, 40, 00, 66, 8C, 25, D8, A1, 40, 00, 66, 8C, 2D, D4, A1, 40, 00, 9C, 8F, 05, 08, A2, 40, 00, 8B, 45, 00, A3, FC, A1, 40, 00, 8B, 45, 04, A3, 00, A2, 40, 00, 8D, 45, 08, A3, 0C, A2, 40...
 
[+]

Entropy:
5.4546

Code size:
20.5 KB (20,992 bytes)

Remove player-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.