home

google_chromeinstaller.exe

Guhe

Delivery Superb (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application google_chromeinstaller.exe, “Guhe Setup ” by Delivery Superb (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Den   (signed by Delivery Superb (Fried Cookie Ltd.))

Product:
Guhe

Description:
Guhe Setup

Version:
3.5.2.2

MD5:
08d65828dd72d8af988dfb6e3358f83d

SHA-1:
cc3f09feb42d885c73e784abd0de060183ede3d1

SHA-256:
608cae108a2a329494f0f236ea2af477060f87bf0735c173f3ae0cd44c963e9c

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
10/6/2025 6:58:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
16.2.23.0

File size:
1.1 MB (1,169,128 bytes)

Product version:
4.3.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\google_chromeinstaller.exe

Digital Signature
Signed by:
Delivery Superb (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 1:59:53 PM

Valid to:
6/22/2016 4:54:14 PM

Subject:
CN=Delivery Superb (Fried Cookie Ltd.), O=Delivery Superb (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211DDE033C8F24FD358ED7B6271AD4DE2B

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:tHsL7oAF2TkYEL6/JBGUTTDcQuZRlNgw8f9JbPVS8:tHOjF29O6j9DcQGDg9VdS8

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8682

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file google_chromeinstaller.exe has been seen being distributed by the following 5 URLs.

http://www.aliasingdd.com/c?x=i1xqsA/7gFWInk17IL6f4swN3p9eVk98e2R8MfFbyM0=&c=5jFI5/iaN18kDxDYVlQLAobcpqsXA8kgqwNoOmM47EZ1/pR 6HTIAoN/igsLMm0YmqVabUrqBwdm2NlbRsq1J4v/dIAHCEksVtaO1zrm3yqm3aZp8f3zqIouHzefGf6C&downloadAs=Google ChromeInstaller.exe&fallback_url=https://dl.google.com/tag/s/appguid={4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}&iid={95315A21-492A-291B-AE25-E00412B9D2FC}&lang=en&browser=3&usagestats=1&appname=Google Chrome Canary&needsadmin=false/update2/.../ChromeSetup.exe

http://www.bitsguardtoday.com/c?x=hSC9sccj9bs6G1778BV/CMfohUvIVeJTyfoQ8m/9cvk=&c=2k9FM6i4MkxZtLCApryMCdb1BEAlBzQhXUWwNfCAsh8eZH1Vik1MkHLGnjCr1Haj6hNkccJazfD8oAg4Msz9DNs JNv/MKNvBA8dHruRQvMEyjuXInh82XZ2qUE5cCMB&downloadAs=Google ChromeInstaller.exe&fallback_url=https://dl.google.com/tag/s/appguid={4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}&iid={95315A21-492A-291B-AE25-E00412B9D2FC}&lang=en&browser=3&usagestats=1&appname=Google Chrome Canary&needsadmin=false/update2/.../ChromeSetup.exe

http://www.aliasingdd.com/c?x=4BnXUpCYtssN Poo15TpqitBleNnzcGrOinoVF5vOXY=&c=K2RW9te8QlCvTWp3hQsmjTfrOXh/GG0Vdsv7soJXGjoDt8Ajg6GT4GI3loq7QKQukx6Dk8G7Q2BcHEM57MPmzCFMh91gtWK3XixgZpSb FeyZ0k7tpmuGunex0osUK8Z&downloadAs=Google ChromeInstaller.exe&fallback_url=https://dl.google.com/tag/s/appguid={4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}&iid={95315A21-492A-291B-AE25-E00412B9D2FC}&lang=en&browser=3&usagestats=1&appname=Google Chrome Canary&needsadmin=false/update2/.../ChromeSetup.exe

http://www.bitsguardtoday.com/c?x=8wgzAd2ZUT8ScDt1WGN1qunNXEqEYDk71oxgDi7iYx8=&c=KatnneZM6kxBD4FK9iIbcR73DgByOwHEsYU9Ec13BbwpvdHABDMICOVnUBsPm0gLnfcXyXp7NKtxDUOhX4Gy1Pc/mBcbVKGS6DSVqdaRYRrqZYy2L3dT1Z8oufImhpvC&downloadAs=Google ChromeInstaller.exe&fallback_url=https://dl.google.com/tag/s/appguid={4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}&iid={95315A21-492A-291B-AE25-E00412B9D2FC}&lang=en&browser=3&usagestats=1&appname=Google Chrome Canary&needsadmin=false/update2/.../ChromeSetup.exe

http://www.aliasingdd.com/c?x=IzJk5y7LXBfAdt3BbOBaqIVfY2xDg1eqTYirjINTwaA=&c=SllVuPiHAzCbOYXrS9QpM4TZ2/DVOZ3RcyNVwdHK6u4 UeyVgXQpRe00wNtVsk26Y HfMOG0dq5NQ90bY4XIrpEbUSCy8X0blhn99KoJE0Z8J9YmKMAttfgiH01 VL6W&downloadAs=Google ChromeInstaller.exe&fallback_url=https://dl.google.com/tag/s/appguid={4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}&iid={95315A21-492A-291B-AE25-E00412B9D2FC}&lang=en&browser=3&usagestats=1&appname=Google Chrome Canary&needsadmin=false/update2/.../ChromeSetup.exe

Remove google_chromeinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.