» chrome-delta_2.2.3.0_cn.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)
Network (4)

chrome-delta_2.2.3.0_cn.exe

The application chrome-delta_2.2.3.0_cn.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. The file has been seen being downloaded from 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com. While running, it connects to the Internet address NY1WV3561 on port 80 using the HTTP protocol.

File name:

MD5:

ba58a9ddbe7eff4f16f5014af04a9f3d

SHA-1:

48904eed624f8feed126fc1e2b3983331f4f8453

SHA-256:

e14ee5b4e76a5dd66c61ef024f101c9fe48c2bb1a5ecacffb66895eaec1c5f29

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 7:37:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Mikey.36279

232

AegisLab AV Signature

Uds.Dangerousobject.Multi!c

2.1.4+

Arcabit

Trojan.Mikey.D8DB7

1.0.0.740

avast!

Win32:Malware-gen

2014.9-160617

AVG

Generic37

2017.0.2710

Bitdefender

Gen:Variant.Mikey.36279

1.0.20.845

Emsisoft Anti-Malware

Gen:Variant.Mikey.36279

8.16.06.17.06

ESET NOD32

Win32/Toolbar.Montiera.G potentially unwanted (variant)

10.13657

Fortinet FortiGate

Riskware/Montiera

6/17/2016

F-Secure

Gen:Variant.Mikey.36279

11.2016-17-06_6

G Data

Gen:Variant.Mikey.36279

16.6.25

IKARUS anti.virus

AdWare.Win32.Montiera

t3scan.2.1.6.0

K7 AntiVirus

Adware

13.2219947

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.44

McAfee

Artemis!BA58A9DDBE7E

5600.6366

MicroWorld eScan

Gen:Variant.Mikey.36279

17.0.0.507

Qihoo 360 Security

Win32/Trojan.dff

1.0.0.1120

Quick Heal

Downloader.Montiera.017039

6.16.14.00

VIPRE Antivirus

Trojan.Win32.Generic

50154

File size:

856 KB (876,544 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\chrome-delta_2.2.3.0_cn.exe

File PE Metadata

Compilation timestamp:

6/9/2016 5:27:48 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:yzyPyk/OzBm/f1aBkei6G9kn+plgZ9/dKGiX8EOb7Afolf7H+mlfMDOYv0BKXFMb:zd/um/fckovAqgq

Entry address:

0x60F0

Entry point:

56, EB, 03, 90, 90, 90, 90, 8B, 35, 7C, D0, 44, 00, 6A, 00, FF, D6, 50, E8, 99, FF, FF, FF, 83, C4, 04, 68, 7C, F1, 45, 00, 6A, 00, FF, D6, 50, FF, 15, 78, D0, 44, 00, 5E, 85, C0, 74, 02, FF, E0, 33, C0, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 41, 04, 2B, 01, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 8B, F1, 83, 7E, 04, 00, 57, 75, 10, 8B, 06, 8B, 4E, 08, 03, C8, 3B, C1, 76, 02, 8B, C1, 80, 78, 01, 4B, 0F, 94, C1, 88, 08, 84, C9, 74, 51, 8B, 06, 8B, 40, 02, 89, 45, FC, 40... 
[+]

Entropy:

7.0692

Code size:

302.5 KB (309,760 bytes)

Scheduled Task

Task name:

Delta Chrome Toolbar Updater

Trigger:

Time

The file chrome-delta_2.2.3.0_cn.exe has been seen being distributed by the following URL.

http://49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com/chrome-delta_2.2.3.0_cn.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to NY1WV3438 (204.145.82.24:80)

TCP (HTTP):

Connects to ny1wv3280.xglobe.net (204.145.82.20:80)

TCP (HTTP):

Connects to NY1WV3561 (204.145.82.26:80)

TCP (HTTP):

Connects to 131.subnet180-250-66.speedy.telkom.net.id (180.250.66.131:80)

Remove chrome-delta_2.2.3.0_cn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.