chrome-delta_2.2.3.0_cn.exe

The application chrome-delta_2.2.3.0_cn.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. The file has been seen being downloaded from 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com. While running, it connects to the Internet address NY1WV3561 on port 80 using the HTTP protocol.
MD5:
ba58a9ddbe7eff4f16f5014af04a9f3d

SHA-1:
48904eed624f8feed126fc1e2b3983331f4f8453

SHA-256:
e14ee5b4e76a5dd66c61ef024f101c9fe48c2bb1a5ecacffb66895eaec1c5f29

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 12:32:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.36279
232

AegisLab AV Signature
Uds.Dangerousobject.Multi!c
2.1.4+

Arcabit
Trojan.Mikey.D8DB7
1.0.0.740

avast!
Win32:Malware-gen
2014.9-160617

AVG
Generic37
2017.0.2710

Bitdefender
Gen:Variant.Mikey.36279
1.0.20.845

Emsisoft Anti-Malware
Gen:Variant.Mikey.36279
8.16.06.17.06

ESET NOD32
Win32/Toolbar.Montiera.G potentially unwanted (variant)
10.13657

Fortinet FortiGate
Riskware/Montiera
6/17/2016

F-Secure
Gen:Variant.Mikey.36279
11.2016-17-06_6

G Data
Gen:Variant.Mikey.36279
16.6.25

IKARUS anti.virus
AdWare.Win32.Montiera
t3scan.2.1.6.0

K7 AntiVirus
Adware
13.2219947

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.44

McAfee
Artemis!BA58A9DDBE7E
5600.6366

MicroWorld eScan
Gen:Variant.Mikey.36279
17.0.0.507

Qihoo 360 Security
Win32/Trojan.dff
1.0.0.1120

Quick Heal
Downloader.Montiera.017039
6.16.14.00

VIPRE Antivirus
Trojan.Win32.Generic
50154

File size:
856 KB (876,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\chrome-delta_2.2.3.0_cn.exe

File PE Metadata
Compilation timestamp:
6/9/2016 5:27:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:yzyPyk/OzBm/f1aBkei6G9kn+plgZ9/dKGiX8EOb7Afolf7H+mlfMDOYv0BKXFMb:zd/um/fckovAqgq

Entry address:
0x60F0

Entry point:
56, EB, 03, 90, 90, 90, 90, 8B, 35, 7C, D0, 44, 00, 6A, 00, FF, D6, 50, E8, 99, FF, FF, FF, 83, C4, 04, 68, 7C, F1, 45, 00, 6A, 00, FF, D6, 50, FF, 15, 78, D0, 44, 00, 5E, 85, C0, 74, 02, FF, E0, 33, C0, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 41, 04, 2B, 01, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 8B, F1, 83, 7E, 04, 00, 57, 75, 10, 8B, 06, 8B, 4E, 08, 03, C8, 3B, C1, 76, 02, 8B, C1, 80, 78, 01, 4B, 0F, 94, C1, 88, 08, 84, C9, 74, 51, 8B, 06, 8B, 40, 02, 89, 45, FC, 40...
 
[+]

Entropy:
7.0692

Code size:
302.5 KB (309,760 bytes)

Scheduled Task
Task name:
Delta Chrome Toolbar Updater

Trigger:
Time


The file chrome-delta_2.2.3.0_cn.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to NY1WV3438  (204.145.82.24:80)

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

TCP (HTTP):
Connects to 131.subnet180-250-66.speedy.telkom.net.id  (180.250.66.131:80)

Remove chrome-delta_2.2.3.0_cn.exe - Powered by Reason Core Security