chromatic.exe

Chromatic

Site on Spot Ltd.

This is part of the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application chromatic.exe by Site on Spot has been detected as adware by 6 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Chromatic’.
Publisher:
The Chromatic Authors  (signed by Site on Spot Ltd.)

Product:
Chromatic

Version:
39.0.2171.99

MD5:
d5732d16b5260e531a7e317578ab80d0

SHA-1:
7f56dcc47f686c83dbf4e3bea2d19dce190e2e6d

SHA-256:
b1fa9b552a45bc71d7954980cb79f02ca918c88be02fe97025fecd8dfab6e97d

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/2/2024 3:25:30 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3068

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Somoto.129
9.0.1.0175

Panda Antivirus
PUP/Somoto
15.06.24.03

Reason Heuristics
PUP.SiteonSpot (M)
15.6.24.11

Trend Micro House Call
Suspicious_GEN.F47V0528
7.2.175

File size:
838.1 KB (858,240 bytes)

Product version:
39.0.2171.99

Copyright:
Copyright 2014 The Chromatic Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\chromatic\application\chromatic.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
7/7/2014 7:00:00 PM

Valid to:
7/13/2015 7:00:00 AM

Subject:
CN=Site on Spot Ltd., O=Site on Spot Ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07621A29054B7D0FC199D39E45691241

File PE Metadata
Compilation timestamp:
5/18/2015 12:53:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:TkIUm6i+KlUjrl0s8H7+5P5CDbuFBcxsjsRUDDEkvHklOv1WumdWcZHYH8KZx76r:Tke6ql+EH7nRUDDfk4NPUZNXQgpvBHf

Entry address:
0x45EB4

Entry point:
E8, 2B, D0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, A1, 84, 7A, 49, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 84, 7A, 49, 00, 6A, 04, 50, E8, 00, 51, 00, 00, A3, 80, 7A, 49, 00, 59, 59, 85, C0...
 
[+]

Entropy:
6.3655

Code size:
392.5 KB (401,920 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Chromatic

Command:
C:\users\{user}\appdata\local\chromatic\application\chromatic.exe --restore-last-session


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-iad3.fbcdn.net  (31.13.69.203:443)

TCP (HTTP):
Connects to server-54-192-9-234.lhr3.r.cloudfront.net  (54.192.9.234:80)

TCP (HTTP):
Connects to server-52-85-63-94.lhr50.r.cloudfront.net  (52.85.63.94:80)

TCP (HTTP):
Connects to server-52-85-63-29.lhr50.r.cloudfront.net  (52.85.63.29:80)

TCP (HTTP SSL):
Connects to server-52-85-63-21.lhr50.r.cloudfront.net  (52.85.63.21:443)

TCP (HTTP):
Connects to a92-123-180-75.deploy.akamaitechnologies.com  (92.123.180.75:80)

TCP (HTTP):
Connects to a92-123-180-194.deploy.akamaitechnologies.com  (92.123.180.194:80)

TCP (HTTP):
Connects to 80.211.186.35.bc.googleusercontent.com  (35.186.211.80:80)

TCP (HTTP):
Connects to ec2-54-225-212-82.compute-1.amazonaws.com  (54.225.212.82:80)

TCP (HTTP):
Connects to waws-prod-bay-003.cloudapp.net  (137.117.17.70:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-iad3.facebook.com  (31.13.69.228:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-iad3.facebook.com  (31.13.69.193:443)

TCP (HTTP SSL):
Connects to a96-6-113-10.deploy.akamaitechnologies.com  (96.6.113.10:443)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-icn1.facebook.com  (31.13.68.12:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-icn1.facebook.com  (31.13.68.35:443)

TCP (HTTP):
Connects to ec2-54-235-202-6.compute-1.amazonaws.com  (54.235.202.6:80)

TCP (HTTP):
Connects to a23-220-153-27.deploy.static.akamaitechnologies.com  (23.220.153.27:80)

TCP (HTTP SSL):
Connects to a104-96-220-113.deploy.static.akamaitechnologies.com  (104.96.220.113:443)

TCP (HTTP):
Connects to server-52-84-6-28.ord54.r.cloudfront.net  (52.84.6.28:80)

Remove chromatic.exe - Powered by Reason Core Security