home

player-chrome.exe

File Monarch

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Premium Installer ” by File Monarch has been detected as adware by 41 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Premium Installer   (signed by File Monarch)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
cdfab11e6f375338313e2f520938ac99

SHA-1:
b0c980206209d082f57a43077213f699e4094c5f

SHA-256:
ecd40ea15c866c675ea4a3975927b380f7e9f4c0a6f059173888068d2604d35a

Scanner detections:
41 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/17/2024 4:50:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.25
6769766

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.08.16

Avira AntiVirus
Adware/iBryte.bxmz
7.11.166.250

avast!
Win32:Adware-gen [Adw]
2014.9-150305

AVG
Adware AdPlugin
2016.0.3180

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.1535

Bitdefender
Gen:Variant.Application.Kazy.427497
1.0.20.320

Bkav FE
W32.Buzus.A.Adware
1.3.0.6267

Clam AntiVirus
Win.Adware.Ibryte-3654
0.98/20148

Comodo Security
Application.Win32.AgentCV.HWYE
19178

Dr.Web
Trojan.DownLoader11.30787
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.25
8.15.03.05.02

ESET NOD32
Win32/AdWare.iBryte.BI application
9.7.0.302.0

Fortinet FortiGate
W32/Zbot.AAN!tr
3/5/2015

F-Prot
W32/A-f45b4d3a
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

G Data
Gen:Variant.Application.Kazy.427497
15.3.24

IKARUS anti.virus
AdWare.AdPlugin
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13286

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.2395

Malwarebytes
PUP.Optional.OptimunInstaller
v2015.03.05.02

McAfee
Program.IBryte-FSU
5600.6836

Microsoft Security Essentials
TrojanClicker:Win32/Clikug.A
1.10401

MicroWorld eScan
Gen:Variant.Application.Kazy.427497
16.0.0.192

NANO AntiVirus
Trojan.Win32.IBryte.ddtkup
0.28.2.61519

Norman
Gen:Variant.Application.Bundler.25
11.20150305

nProtect
Adware.IBryte.AF
14.08.18.01

Panda Antivirus
Trj/Genetic.gen
15.03.05.02

Qihoo 360 Security
Win32/Virus.Adware.cf5
1.0.0.1015

Quick Heal
TrojanDownloader.Badur.A5
3.15.14.00

Reason Heuristics
PUP.Bundler.Adknowledge
15.3.5.2

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.15303

Sophos
PUA 'iBryte Optimum Installer'
5.11

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
10017

Total Defense
Win32/Tnega.BJcMELB
37.0.11287

Trend Micro House Call
TROJ_CLIKUG.A
7.2.64

Trend Micro
TROJ_CLIKUG.A
10.465.05

Vba32 AntiVirus
AdWare.iBryte
3.12.26.3

VIPRE Antivirus
Threat.4778314
32186

Zillya! Antivirus
Downloader.Agent.Win32.206074
2.0.0.1899

File size:
141.4 KB (144,760 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\player-chrome.exe

Digital Signature
Signed by:
File Monarch

Authority:
COMODO CA Limited

Valid from:
3/17/2014 8:00:00 PM

Valid to:
3/18/2015 7:59:59 PM

Subject:
CN=File Monarch, O=File Monarch, STREET="4600 Madison Ave., FL 10", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E65C750985B066CBB7B485ACF86E58B1

File PE Metadata
Compilation timestamp:
9/7/2014 3:15:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:deSDpYxxOpdSZfj0usOVmMXrIakTCmJDiTCg:zSZf4usOVyDiTCg

Entry address:
0x93E7

Entry point:
E8, 4C, 05, 00, 00, E9, 36, FD, FF, FF, CC, FF, 25, B8, B1, 40, 00, FF, 25, 44, B1, 40, 00, CC, CC, 68, 59, 94, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, F0, 40, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C...
 
[+]

Entropy:
6.0776

Code size:
39 KB (39,936 bytes)

The file player-chrome.exe has been seen being distributed by the following 5 URLs.

https://install.oinstaller5.com/o/.../Player-Chrome.exe

http://secure.20-pn-installer.com/o/.../Player-Chrome.exe

http://myquickfiles.com/track/install?adprovider=marmarfc&source=mobit_newlink&_al=1&_cb=1&cpixel=http://PartnerPixel-702897885.us-east-1.elb.amazonaws.com/Installer/Conversion?adProvider={adprovider}&source={source}&context=Z5dXVpZD01YTI3YjlhYy0zMmM3LTQ0YzgtYjA5ZS1jNzE1NTc0NTk5Y2Q&dlink=http://secure.20-pn-installer.com/o/.../Player-Chrome.exe

https://install.oinstaller5.com/o/.../Player-Chrome.exe

http://yourinstaller.com/o/.../Player-Chrome.exe

Remove player-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.