home

player-chrome.exe

INSTALL DOT EXE

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Premium Installer ” by INSTALL DOT EXE has been detected as adware by 39 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Premium Installer   (signed by INSTALL DOT EXE)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
71a8a077535fe4e56ef553c21feb65f8

SHA-1:
6c3f5ecf3790c597fea88e346667a8a0da8ce474

SHA-256:
899a27165f5bf0c7a56045b6b8078a91a02356c09834d4d21bd746b898f85b2c

Scanner detections:
39 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/3/2024 12:02:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.OptimumInstaller.1
6099679

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Buzus
2014.01.31

Avira AntiVirus
Adware/iBryte.M
7.11.130.82

avast!
IBryte-CC [PUP]
141130-1

AVG
Adware Skodna.Generic.AVG
2014.0.4189

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.14129

Bitdefender
Application.Generic.593289
1.0.20.1715

Clam AntiVirus
Win.Adware.Agent-6916
0.98/19168

Comodo Security
Application.Win32.iBryte.R
17759

Dr.Web
Trojan.Packed.25441
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.OptimumInstaller
9.0.0.4668

ESET NOD32
Win32/AdWare.iBryte.Q application
7.0.302.0

Fortinet FortiGate
Riskware/IBryte
12/9/2014

F-Prot
W32/Backdoor2.HTKO
v6.4.7.1.166

F-Secure
Application.Generic.593289
11.2014-09-12_3

G Data
Win32.Application.OptimumInstaller
14.12.24

IKARUS anti.virus
Win32.AdWare
t3scan.2.2.29

K7 AntiVirus
Adware
13.176.11595

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2822

Malwarebytes
PUP.Optional.OptimumInstaller.A
v2014.12.09.03

McAfee
Artemis!5032EA165D47
5600.6921

MicroWorld eScan
Application.Generic.593289
15.0.0.1029

NANO AntiVirus
Trojan.Win32.Buzus.ctabuf
0.28.0.57630

Norman
Gen:Variant.Application.Bundler.OptimumInstaller.1
04.12.2014 14:30:06

nProtect
Trojan-Clicker/W32.iBryte.555816
14.05.09.01

Panda Antivirus
Adware/iBryte
14.12.09.03

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.iBryte.DK4
12.14.14.00

Reason Heuristics
PUP.Installer.INSTALLDOTEXE.N
14.12.9.15

Rising Antivirus
PE:PUF.PremiumInstaller!1.9F73
23.00.65.141207

Sophos
PUA 'iBryte Optimum Installer'
5.08

SUPERAntiSpyware
Adware.OptimumInstaller/Variant
10188

Total Defense
Win32/Tnega.SRDMYD
37.0.10849

Trend Micro House Call
TROJ_GEN.F47V0127
7.2.343

Trend Micro
TROJ_BUZUS_DD30051C.UVPA
10.465.09

Vba32 AntiVirus
SScope.Malware-Cryptor.iBryte
3.12.24.3

VIPRE Antivirus
Optimum Installer
25984

Zillya! Antivirus
Trojan.Buzus.Win32.120232
2.0.0.1771

File size:
1.7 MB (1,741,608 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\player-chrome.exe

Digital Signature
Signed by:
INSTALL DOT EXE

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 7:00:00 PM

Valid to:
9/20/2014 6:59:59 PM

Subject:
CN=INSTALL DOT EXE, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=INSTALL DOT EXE, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4C8303B332693FCF64E1E7DFD7841493

File PE Metadata
Compilation timestamp:
2/10/2014 11:03:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:Y/KRpAoEaNmfr0chSGck/4e8ZluppSTQYAXRdnV37xc4DrNeeatPuyqR9:QKRpAoHUoU9wequppSQXNxaeyPzqb

Entry address:
0x38D55

Entry point:
E8, 5A, 8E, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, E0, 7C, 47, 00, E8, C1, 35, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, D8, 32, 5A, 00, 77, 22, 6A, 04, E8, 5D, 90, 00, 00, 59, 83, 65, FC, 00, 56, E8, BF, 9D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CD, 35, 00, 00, C3, 6A, 04, E8, 40, 8F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, 14, 1F, 5A, 00, 00, 75, 18, E8, 95, 83, 00, 00, 6A, 1E, E8, BD, 81, 00, 00, 68, FF, 00, 00, 00, E8, D7, 4C, 00, 00, 59, 59, A1...
 
[+]

Entropy:
7.1225

Code size:
404 KB (413,696 bytes)

Remove player-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.