chroimner.exe

Chromiun logging system

Hefei Hejunzhengce Info Tech Co., Ltd.

The application chroimner.exe by Hefei Hejunzhengce Info Tech Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising While running, it connects to the Internet address 8a.eb.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
CosoSystem  (signed by Hefei Hejunzhengce Info Tech Co., Ltd.)

Product:
Chromiun logging system

Version:
1.7.9.0

MD5:
887c1fc51bd6dcc4c833edf5f7fd95f0

SHA-1:
5a7066d14c095472a2020a8890c01a2561e8a146

SHA-256:
02bf1816a06bb585aadc4470b53a2d7b5d689014020432f0a9ebf68823da24a2

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 3:26:30 PM UTC  (today)

Scan engine
Detection
Engine version

Microsoft Security Essentials
SoftwareBundler:Win32/WinOptimizer
1.1.11502.0

Reason Heuristics
PUP.HefeiHejunzhengceInfoTechCo (M)
15.7.24.22

Trend Micro House Call
Suspicious_GEN.F47V0329
7.2.100

File size:
2.8 MB (2,970,712 bytes)

Product version:
1.7.9.0

Copyright:
CosoSystem

Trademarks:
CosoSystem

Original file name:
Chromiun logging system

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\chromium logging\g3\chroimner.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
3/5/2015 9:35:27 PM

Valid to:
12/29/2016 9:35:27 PM

Subject:
CN="Hefei Hejunzhengce Info Tech Co., Ltd.", O="Hefei Hejunzhengce Info Tech Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3312D0B8D4D7941DF85AA59F134E7719

File PE Metadata
Compilation timestamp:
3/24/2015 6:06:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:2es6HTWv1S9w/pzQYY/qo5ZAVQjnBQkorodFV0vTLoXo:2epH2/iY+qkoroHico

Entry address:
0x229738

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, A4, D6, 61, 00, E8, 1B, 29, DE, FF, A1, 14, 1B, 63, 00, 8B, 00, 80, 78, 38, 00, 74, 10, A1, 14, 1B, 63, 00, 8B, 00, E8, 5E, 57, EE, FF, 84, C0, 74, 0C, A1, 14, 1B, 63, 00, 8B, 00, 8B, 10, FF, 52, 44, 8B, 0D, 88, 15, 63, 00, A1, 14, 1B, 63, 00, 8B, 00, 8B, 15, 84, D1, 61, 00, 8B, 18, FF, 53, 40, A1, 14, 1B, 63, 00, 8B, 00, 8B, 10, FF, 52, 48, 5B, E8, 1C, DF, DD, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5148

Developed / compiled with:
Microsoft Visual C++

Code size:
2.2 MB (2,262,016 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 8a.eb.6132.ip4.static.sl-reverse.com  (50.97.235.138:80)

Remove chroimner.exe - Powered by Reason Core Security