» chrome_updater.exe
Overview
Analysis
File Details
Downloads (1)

chrome_updater.exe

TODO:

Verified Setup

This is the InstallMetrix bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application chrome_updater.exe by Verified Setup has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the InstallMetrix Software installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

chrome_updater.exe

Publisher:

TODO: <Company name> (signed by Verified Setup)

Product:

TODO: <Product name>

Description:

Chrome_Updater

Version:

1.0.0.1

MD5:

d3b04cc5c247e0e9bb0a80a55557fc77

SHA-1:

3a4fbd47bee4dd2081ed613b98f8ee967400207c

SHA-256:

7f03a684061381f59534ed7bb3e8002d741a933f87cfe00f2c86caead59d87fc

Scanner detections:

28 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

1/13/2025 8:39:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Downloader.VR

444

Agnitum Outpost

PUA.InstallMetrix

7.1.1

AhnLab V3 Security

PUP/Win32.InstallMonster

2015.05.04

Avira AntiVirus

Adware/InstallMonster.deih.20

7.11.180.66

avast!

Win32:Rootkit-gen [Rtk]

2014.9-151117

AVG

Generic

2016.0.2922

Bitdefender

Application.Generic.1023677

1.0.20.1605

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Installmonster-9

0.98/21411

Comodo Security

ApplicUnwnt.Win32.InstallMetrix.A

21986

Dr.Web

Trojan.Amonetize.7

9.0.1.0321

Emsisoft Anti-Malware

Application.Downloader.VR

8.15.11.17.10

ESET NOD32

Win32/AdWare.InstallMetrix (variant)

9.10598

F-Prot

W32/A-215008ab

v6.4.7.1.166

F-Secure

Riskware.Application.Downloader.VR

11.2015-17-11_3

G Data

Application.Generic.1023677

15.11.24

IKARUS anti.virus

PUA.InstallMetrix

t3scan.1.7.8.0

K7 AntiVirus

Adware

13.185.13789

Kaspersky

not-a-virus:AdWare.Win32.InstallMonster

14.0.0.1105

MicroWorld eScan

Application.Downloader.VR

16.0.0.963

NANO AntiVirus

Riskware.Win32.InstallMonster.dhazif

0.28.6.62995

Norman

Application.Generic.1023677

11.20151117

nProtect

Trojan-Clicker/W32.InstallMonster.2066560

15.01.23.01

Panda Antivirus

Trj/Genetic.gen

15.11.17.10

Reason Heuristics

PUP.InstallMetrix.VerifiedSetup (M)

15.11.17.22

Vba32 AntiVirus

AdWare.InstallMonster

3.12.26.3

VIPRE Antivirus

Threat.4150696

34232

Zillya! Antivirus

Adware.InstallMonster.Win32.32

2.0.0.1966

File size:

2 MB (2,066,560 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallMetrix Software

Language:

English (United States)

Common path:

C:\users\{user}\downloads\chrome_updater.exe

Digital Signature

Signed by:

Verified Setup

Authority:

COMODO CA Limited

Valid from:

8/18/2014 7:00:00 PM

Valid to:

8/19/2015 6:59:59 PM

Subject:

CN=Verified Setup, O=Verified Setup, STREET="660 4th Street, Suite #427", L=San Francisco, S=California, PostalCode=94107, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F60AADAAF866F752AE9DB242F68CDFF0

File PE Metadata

Compilation timestamp:

10/4/2014 3:01:24 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:LMwKBmF54Fm3uTeLMBW1wZvMxPcOe5HFB:LM9+5Km3RwZEiOe5r

Entry address:

0x17AE

Entry point:

E8, 3C, 14, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 38, 9C, 40, 00, 89, 0D, 34, 9C, 40, 00, 89, 15, 30, 9C, 40, 00, 89, 1D, 2C, 9C, 40, 00, 89, 35, 28, 9C, 40, 00, 89, 3D, 24, 9C, 40, 00, 66, 8C, 15, 50, 9C, 40, 00, 66, 8C, 0D, 44, 9C, 40, 00, 66, 8C, 1D, 20, 9C, 40, 00, 66, 8C, 05, 1C, 9C, 40, 00, 66, 8C, 25, 18, 9C, 40, 00, 66, 8C, 2D, 14, 9C, 40, 00, 9C, 8F, 05, 48, 9C, 40, 00, 8B, 45, 00, A3, 3C, 9C, 40, 00, 8B, 45, 04, A3, 40, 9C, 40, 00, 8D, 45, 08, A3, 4C, 9C, 40... 
[+]

Entropy:

7.7842 (probably packed)

Code size:

18.5 KB (18,944 bytes)

The file chrome_updater.exe has been seen being distributed by the following URL.

http://safeserver-1.com/download_gate.php?cid=1363&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=actr_jcl&subid4=horoscope&subid5=ublp6_Google Chrome_NoAdIds_NoKWs

Remove chrome_updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.