home

1b4cebe3-f952-4482-8ca2-0c9dd2b0db70.exe

Google Chrome

Google Chrome Inc

The executable 1b4cebe3-f952-4482-8ca2-0c9dd2b0db70.exe has been detected as malware by 24 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Chrome’. While running, it connects to the Internet address edge-star-shv-09-fra2.facebook.com on port 80 using the HTTP protocol.
Publisher:
Google Chrome Inc

Product:
Google Chrome

Version:
1.0.0.0

MD5:
74e562d1e9133f4790eee22a9a4dfac0

SHA-1:
b9006bd3e21eac457c9539a14c0bdef5beaf3dff

SHA-256:
8608220b3658f2bfcccb9c184983924a767ff3c900a859d705abfe0bfb68cd79

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
11/5/2024 11:43:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.18691
943

Avira AntiVirus
TR/Strictor.18691.8
7.11.158.90

avast!
Win32:Malware-gen
2014.9-140707

AVG
Luhe.MSIL.D
2015.0.3421

Baidu Antivirus
Trojan.MSIL.BitMiner
4.0.3.1477

Bitdefender
Gen:Variant.Strictor.18691
1.0.20.940

Emsisoft Anti-Malware
Gen:Variant.Strictor.18691
8.14.07.07.10

ESET NOD32
MSIL/Agent.PIP
8.10040

Fortinet FortiGate
W32/BitMiner.ZU!tr
7/7/2014

F-Secure
Gen:Variant.Strictor.18691
11.2014-07-07_2

G Data
Gen:Variant.Strictor.18691
14.7.24

IKARUS anti.virus
Win32.Msil
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.180.12612

Kaspersky
Trojan.MSIL.BitMiner
14.0.0.3598

McAfee
RDN/Generic.dx!ddn
5600.7077

MicroWorld eScan
Gen:Variant.Strictor.18691
15.0.0.564

Norman
Injector.GMWJ
11.20140707

Panda Antivirus
Trj/CI.A
14.07.07.10

Qihoo 360 Security
Win32/Trojan.e92
1.0.0.1015

Rising Antivirus
PE:Trojan.FakeChrome!1.9C7B
23.00.65.14705

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0EG114
7.2.188

Trend Micro
TROJ_GEN.R0CBC0EG114
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
30924

File size:
197 KB (201,728 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Trademarks:
Google Chrome Inc

Original file name:
Google Chrome.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\appdata\roaming\chrome\1b4cebe3-f952-4482-8ca2-0c9dd2b0db70.exe

File PE Metadata
Compilation timestamp:
6/27/2014 11:32:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:OQ/xr+VBFaI1YIYiheeeeeeeeefYDeOiClppeppOpplppepppDppptpppjpppmpO:FZrMBgkSOG9iO2RK

Entry address:
0x355E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
5.5 KB (5,632 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Chrome

Command:
C:\users\{user}\appdata\roaming\chrome\1b4cebe3-f952-4482-8ca2-0c9dd2b0db70.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static-99-230-132-188.sadecehosting.net  (188.132.230.99:80)

TCP (HTTP):
Connects to static-98-230-132-188.sadecehosting.net  (188.132.230.98:80)

TCP (HTTP):
Connects to sof01s02-in-f8.1e100.net  (173.194.39.232:80)

TCP (HTTP):
Connects to retarget.xa.dc.openx.org  (173.241.240.7:80)

TCP (HTTP):
Connects to mpr1.ngd.vip.ch1.yahoo.com  (217.163.21.34:80)

TCP (HTTP):
Connects to host-85.232.230.230.maxpi.pl  (85.232.230.230:80)

TCP (HTTP):
Connects to host-85.232.230.229.maxpi.pl  (85.232.230.229:80)

TCP (HTTP):
Connects to float.1695.bm-impbus.prod.fra1.adnexus.net  (37.252.170.102:80)

TCP (HTTP):
Connects to edge-star-shv-09-fra2.facebook.com  (31.13.81.128:80)

TCP (HTTP):
Connects to 85.111.24.154.static.ttnet.com.tr  (85.111.24.154:80)

Remove 1b4cebe3-f952-4482-8ca2-0c9dd2b0db70.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.