chrome-setup.exe

Chrome Installer

Savvy

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application chrome-setup.exe, “Deploy Chrome along with various offers” by Savvy has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adlogica Downloader installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Savvy  (signed and verified)

Product:
Chrome Installer

Description:
Deploy Chrome along with various offers

Version:
23

MD5:
2e93ff39ec1ee43343a72f233ad7bb31

SHA-1:
deb8f035aefcd7ae2b1b17fbc74189ce49736d72

SHA-256:
43ceb25c337054f467eefa87002ba08e8a2078aafa081087f5aec7f730f8dfae

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/16/2024 4:35:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adlogica.Savvy.Bundler (M)
16.5.31.10

File size:
1.2 MB (1,274,216 bytes)

Product version:
23

Copyright:
©BrowsersInfo

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/12/2013 5:00:00 PM

Valid to:
8/13/2014 4:59:59 PM

Subject:
CN=Savvy, O=Savvy, STREET=96 Jessie st, STREET=4th floor, L=SAN FRANCISCO, S=California, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
397CE208945051D16EBC051D5ED4B1EC

File PE Metadata
Compilation timestamp:
7/20/2013 2:12:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:9M7YKmIr51DH4awRTPMuW5Ql3KKM5po/Y/XXngoty0IETeiGQ6k6Tvma:96zLUj3Kp0/KngoYfXnTH

Entry address:
0x1053F0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 14, 31, 50, 00, E8, E4, 21, F0, FF, 8B, 0D, 64, F5, 50, 00, 8B, 09, B2, 01, A1, DC, 2C, 4C, 00, E8, 28, 96, F5, FF, 8B, 15, 58, F6, 50, 00, 89, 02, A1, 64, F5, 50, 00, 8B, 00, E8, 2C, 2E, F6, FF, A1, 64, F5, 50, 00, 8B, 00, B2, 01, E8, C6, 4C, F6, FF, 8B, 0D, 4C, F3, 50, 00, A1, 64, F5, 50, 00, 8B, 00, 8B, 15, 48, 72, 4F, 00, E8, 1E, 2E, F6, FF, A1, 64, F5, 50, 00, 8B, 00, E8, 4A, 2F, F6, FF, E8, 39, FB, EF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6445

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,064,448 bytes)

Remove chrome-setup.exe - Powered by Reason Core Security