home

tmp1.exe

Chromium

Shan Feng

The application tmp1.exe, “Chromium Installer” by Shan Feng has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Install Service(ChromiumDL)”.
Publisher:
Shan Feng  (signed and verified)

Product:
Chromium

Description:
Chromium Installer

Version:
1.0.0.1

MD5:
41325dd87364e6114733a5eb925cdf2c

SHA-1:
04649cece8dd79f5b34aaf0c5f8a60537d1c0cb3

SHA-256:
11d2d39354eb6b0ce0cbc8f15bcd1a9902ca5483ead94916e9a59990a23f7d80

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/14/2025 9:46:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex (M)
16.6.29.10

File size:
440.4 KB (450,944 bytes)

Product version:
51.0.2704.64

Copyright:
Copyright (C) 2016 Chromium Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\tmp1.exe

Digital Signature
Signed by:
Shan Feng

Authority:
thawte, Inc.

Valid from:
6/17/2016 2:00:00 AM

Valid to:
2/4/2017 12:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
391C322A50AE6A84201D902A32C096B9

File PE Metadata
Compilation timestamp:
6/17/2016 4:32:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:DfdTqAxflu+1i4vGhYexUfA4AHzRYOd7zF52rmupklTGWBkjaYKBI24i:Dfde0u+1pGhYeGpudtH2rmuKlThZx/4i

Entry address:
0x31708

Entry point:
84, 76, 37, 00, 00, 9F, EC, 86, C0, A9, B2, 53, 10, 5B, 7A, 00, C6, 3B, 98, 1C, B6, 5B, 00, 00, 00, 00, 66, 09, 12, 28, 37, F3, DA, 0B, 1C, 84, AF, F3, 72, A6, 7E, BB, 9E, 90, 62, AE, B2, 89, 9E, 91, E5, A9, B2, 89, E7, 35, D3, 65, 80, 84, 84, 34, C7, A9, B2, 84, 85, B1, C0, A9, B2, 26, 08, 87, 0A, 00, 00, 00, 00, F5, 7B, 72, 41, 5D, 08, 5C, 33, 05, 1B, 21, E5, 50, B4, BE, EC, CA, FD, 3E, 00, 65, 88, 26, 93, 0D, C3, 91, 08, 8A, 93, 87, C0, A9, C0, 33, 98, 1C, 9C, 00, 00, 00, 00, 8A, FC, 06, 29, 89, 59, 00...
 
[+]

Entropy:
6.9627

Code size:
320.5 KB (328,192 bytes)

Service
Display name:
Install Service(ChromiumDL)

Service name:
ChromiumDL

Description:
To ensure browser softwareinstallation is completed.This service uninstallsitself after browsersoftware installed.

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove tmp1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.