chrome.exe

Google Chrome

Google Inc

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GoogleChromeAutoLaunch_EE0E85543B1990E5E61A6663EAD29973’. This is installed with multiple programs including Google Chrome App Launcher and Google Chrome. The file has been seen being downloaded from s6312.chomikuj.pl and multiple other hosts.
Publisher:
Google Inc.  (signed by Google Inc)

Product:
Google Chrome

Version:
29.0.1547.76

MD5:
e7148bb584830e51afd414ce9aeae74c

SHA-1:
2af32f0da869053427bedda7e286ddee8b9651b8

SHA-256:
d0f1b98ed2d2a501dda060dee1ff61f45a66e622fe1fd3cf31c7c97b17180467

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/27/2024 7:45:11 PM UTC  (today)

File size:
810 KB (829,392 bytes)

Product version:
29.0.1547.76

Copyright:
Copyright 2012 Google Inc. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\chrome\application\chrome.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/13/2011 7:00:00 PM

Valid to:
11/13/2014 6:59:59 PM

Subject:
CN=Google Inc, OU=Digital ID Class 3 - Java Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09E28B26DB593EC4E73286B66499C370

File PE Metadata
Compilation timestamp:
9/16/2013 8:35:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:gapbq3nucoTxKiKqzHqlEe/5oSvtun0UjLCYOwvvyjM2ez2qVUfo5xksiYOmSI5o:gapbOhU0VYOwvvyjGr5xLOmHNKPbH

Entry address:
0x43870

Entry point:
E8, 82, 8D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 30, 02, 46, 00, 57, FF, 35, 34, F3, 48, 00, FF, D6, FF, 35, 30, F3, 48, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, D8, 8D, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 30, 48, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Entropy:
6.4419

Code size:
376.5 KB (385,536 bytes)

3 Shell Open Commands
Open type:
ftp

Command:
"C:\users\{user}\appdata\local\google\chrome\application\chrome.exe" -- "%1"

Open type:
http

Command:
"C:\users\{user}\appdata\local\google\chrome\application\chrome.exe" -- "%1"

Open type:
https

Command:
"C:\users\{user}\appdata\local\google\chrome\application\chrome.exe" -- "%1"


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\users\{user}\appdata\local\google\chrome\application\chrome.exe" --no-startup-window


The file chrome.exe has been discovered within the following programs.

Frame do Google Chrome  by Google Inc
Publisher's description - “Google Chrome Frame is an open source plug-in that seamlessly brings Google Chrome's open web technologies and speedy JavaScript engine to Internet Explorer. Google Chrome Frame is a free plug-in for Internet Explorer.”
developers.google.com/chrome/chrome-frame
7% remove it
Google Chrome  by Google Inc
Google Chrome is a free web browser developed by Google that uses the WebKit layout engine. It is designed to be secure, fast, simple and stable. Chrome supports plug-ins with the Netscape Plugin Application Programming Interface (NPAPI).
www.google.com/chrome
6% remove it
Publisher's description - “The Chrome App Launcher is the hub of all your Chrome apps and with it you have quick access to all of your apps from the desktop. When you install an app from the Chrome Web Store, you'll get an option to get the App Launcher.”
www.google.com
12% remove it
Google Chrome Frame  by Google Inc
Publisher's description - “Google Chrome Frame is a free plug-in for Internet Explorer. Some advanced web apps use Google Chrome Frame to provide you with additional features and better performance. Sites that utilize Google Chrome Frame become more responsive.”
www.google.com/chromeframe
12% remove it
Google Chrome Frame  by Google Inc
www.google.com/chromeframe?
6% remove it
 
Powered by Should I Remove It?

The file chrome.exe has been seen being distributed by the following 12 URLs.

http://s6312.chomikuj.pl/File.aspx?e=A6-a2eCSFsJo4VQ4-4vp4pE7j7X21jOEk4ImEDtXq_yTDC0CadeyrjTAlE-13_0qo7Cfm8EI5j6LKTipzvIaAGj8xLtM9NtNeHVi7ruu3tVvsVLYCQVT5gz_Q6HnSusrmJmhZK2DuSveAu9rPXdiDQ&pv=2

https://doc-04-6c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0qq7tj51d65qfucu8puo5h8ckl50fjce/1475820000000/05971251047536836230/.../0BzYmGGJh3GFlUW51WlhqYXpzUkE?e=download

http://s6005.chomikuj.pl/File.aspx?e=A6-a2eCSFsJo4VQ4-4vp4pE7j7X21jOEk4ImEDtXq_yZe3qvspBdrNSxvn9ScfvpZL67hBo82YTFkQknPnELxJWr29wxPWXSd1WYhSLBctRONc1adaB91cGbWmnlTlA_WPJvuIddsB5Yn5hdqbeKhA&pv=2

http://s6005.chomikuj.pl/File.aspx?e=A6-a2eCSFsJo4VQ4-4vp4pE7j7X21jOEk4ImEDtXq_zFqAl8VCx5C3sEfWt1QHZWuGEJVve8DZtvkchuYpscVG01hpHxcnPJli19KgKYY4iaKJvLtDIUdP29Fb7dQ-GBe17PBKFp8YpkZDFzHZKlCg&pv=2

http://s6005.chomikuj.pl/File.aspx?e=A6-a2eCSFsJo4VQ4-4vp4pE7j7X21jOEk4ImEDtXq_xMD2T_2oKOakstgOcZQJNZ1WGxS7eSbxMn78864109LP4MPWt6lVn1DP7R18P--zdA4a1ZsnSpKcEkm9KtsDBcIeqdOUjJnDBNG6epkgI8dQ&pv=2

http://s6005.chomikuj.pl/File.aspx?e=A6-a2eCSFsJo4VQ4-4vp4pE7j7X21jOEk4ImEDtXq_yAmxiB_qCuDkZ121dbLjyYEVZy11Y6Zf69S54aQ7VG2sRxghLrL8NzHiTXYBHWC2Jnx8jbXcnZ2mULXusjNbVK6LE4vIqdWBdILKDnPsi_Eg&pv=2