» player-chrome.exe
Overview
Analysis
File Details

player-chrome.exe

INSTALL DOT EXE

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Premium Installer ” by INSTALL DOT EXE has been detected as adware by 36 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

player-chrome.exe

Publisher:

Premium Installer (signed by INSTALL DOT EXE)

Product:

Premium Installer

Description:

Premium Installer

Version:

2.4.8.1

MD5:

6451f01420577724f241f57fcd8a441d

SHA-1:

983c0d77990f427f8082b25d613bd02fad3e922b

SHA-256:

570d4a8f1f2b6342ad69584d84fce240e7b449426c3f43ab0f19663a13dca88c

Scanner detections:

36 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/23/2024 8:26:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.593289

943

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Buzus

14.04.17

Avira AntiVirus

Adware/iBryte.qoemnb

7.11.141.246

avast!

Win32:IBryte-CD [PUP]

2014.9-140417

AVG

Adware InstallCore.P

2015.0.3501

Bitdefender

Application.Generic.593289

1.0.20.935

Clam AntiVirus

Win.Adware.Agent-6804

0.98/21411

Comodo Security

Application.Win32.iBryte.R

18069

Dr.Web

Adware.Downware.2165

9.0.1.0107

ESET NOD32

Win32/AdWare.iBryte.Q application

8.7.0.302.0

Fortinet FortiGate

Riskware/IBryte

7/6/2014

F-Prot

W32/Backdoor2.HTKO

v6.4.7.1.166

F-Secure

Application.Generic.593289

11.2014-06-07_1

G Data

Win32.Application.OptimumInstaller

14.4.24

herdProtect (fuzzy)

variant of update.exe (Adware)

2014.7.6.23

IKARUS anti.virus

Win32.AdWare

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.176.11696

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4000

Malwarebytes

PUP.Optional.OptimumInstaller.A

v2014.04.17.09

McAfee

Artemis!5032EA165D47

5600.7077

MicroWorld eScan

Application.Generic.593289

15.0.0.561

NANO AntiVirus

Trojan.Win32.Buzus.ctabuf

0.28.0.59048

nProtect

Trojan/W32.Buzus.1708840

14.05.12.01

Panda Antivirus

PUP/iBryte

14.07.06.11

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.INSTALLDOTEXE.N

14.8.8.3

Rising Antivirus

PE:PUF.PremiumInstaller!1.9F73

23.00.65.14415

Sophos

iBryte Optimum Installer

4.98

SUPERAntiSpyware

Adware.OptimumInstaller/Variant

10499

Total Defense

Win32/Tnega.EHeKKHD

37.0.10885

Trend Micro House Call

TROJ_GEN.F47V0127

7.2.187

Trend Micro

TROJ_BUZUS_DD300467.UVPA

10.465.06

Vba32 AntiVirus

SScope.Malware-Cryptor.iBryte

3.12.26.0

VIPRE Antivirus

Optimum Installer

28128

Zillya! Antivirus

Trojan.Buzus.Win32.120254

2.0.0.1775

File size:

539.8 KB (552,744 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\player-chrome.exe

Digital Signature

Signed by:

INSTALL DOT EXE

Authority:

VeriSign, Inc.

Valid from:

10/3/2013 8:00:00 PM

Valid to:

9/20/2014 7:59:59 PM

Subject:

CN=INSTALL DOT EXE, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=INSTALL DOT EXE, L=Kansas City, S=Missouri, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4C8303B332693FCF64E1E7DFD7841493

File PE Metadata

Compilation timestamp:

2/7/2014 11:01:43 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:p5RrTh9dBgZbjyvkqq3lZKLAeSsALygM0NZuqpco:t5BhvkqREeULygM0NE5o

Entry address:

0x3B5E8

Entry point:

E8, C7, 60, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 28, 7D, 47, 00, E8, CA, 09, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 18, 23, 48, 00, 77, 22, 6A, 04, E8, CA, 62, 00, 00, 59, 83, 65, FC, 00, 56, E8, 2C, 70, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D6, 09, 00, 00, C3, 6A, 04, E8, AD, 61, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, 74, 0F, 48, 00, 00, 75, 18, E8, 02, 56, 00, 00, 6A, 1E, E8, 2A, 54, 00, 00, 68, FF, 00, 00, 00, E8, 44, 21, 00, 00, 59, 59, A1... 
[+]

Entropy:

6.4337

Code size:

402.5 KB (412,160 bytes)

Remove player-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.