home

chrome_updater.exe

TODO:

Verified Setup

This is the InstallMetrix bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application chrome_updater.exe by Verified Setup has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the InstallMetrix Software installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
TODO: <Company name>  (signed by Verified Setup)

Product:
TODO: <Product name>

Description:
Chrome_Updater

Version:
1.0.0.1

MD5:
1a972bce4ae5a1cb2503bed543489533

SHA-1:
978bb4692715557d623f9c920efdfb3a5deb5861

SHA-256:
3a2ca3013ebe497e78c059db6ec22cac8d5e18a4712d2e2868c7526e12044cdb

Scanner detections:
15 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
1/13/2025 8:46:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallMetrix
7.1.1

Avira AntiVirus
Adware/InstallMonster.deih.4
7.11.181.10

avast!
Win32:Adware-gen [Adw]
141023-1

AVG
Generic5.CHSX.dropper
2015.0.3311

Clam AntiVirus
Win.Adware.Installmonster-8
0.98/21411

ESET NOD32
Win32/AdWare.InstallMetrix
8.10616

F-Prot
W32/A-5b646058
v6.4.7.1.166

IKARUS anti.virus
PUA.InstallMetrix
t3scan.1.7.8.0

K7 AntiVirus
Adware
13.185.13789

Kaspersky
not-a-virus:AdWare.Win32.InstallMonster
14.0.0.3051

NANO AntiVirus
Riskware.Win32.InstallMonster.dgppyq
0.28.2.62841

Reason Heuristics
PUP.VerifiedSetup.O
14.10.24.16

Vba32 AntiVirus
AdWare.InstallMonster
3.12.26.3

VIPRE Antivirus
InstallMetrix
34218

Zillya! Antivirus
Adware.InstallMonster.Win32.32
2.0.0.1966

File size:
2 MB (2,066,560 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallMetrix Software

Language:
English (United States)

Common path:
C:\users\{user}\downloads\chrome_updater.exe

Digital Signature
Signed by:
Verified Setup

Authority:
COMODO CA Limited

Valid from:
8/18/2014 8:00:00 PM

Valid to:
8/19/2015 7:59:59 PM

Subject:
CN=Verified Setup, O=Verified Setup, STREET="660 4th Street, Suite #427", L=San Francisco, S=California, PostalCode=94107, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F60AADAAF866F752AE9DB242F68CDFF0

File PE Metadata
Compilation timestamp:
10/4/2014 4:01:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:LMwKBmF54Fm3uTeLMBW1wZvMxPcOe5HF2:LM9+5Km3RwZEiOe5M

Entry address:
0x17AE

Entry point:
E8, 3C, 14, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 38, 9C, 40, 00, 89, 0D, 34, 9C, 40, 00, 89, 15, 30, 9C, 40, 00, 89, 1D, 2C, 9C, 40, 00, 89, 35, 28, 9C, 40, 00, 89, 3D, 24, 9C, 40, 00, 66, 8C, 15, 50, 9C, 40, 00, 66, 8C, 0D, 44, 9C, 40, 00, 66, 8C, 1D, 20, 9C, 40, 00, 66, 8C, 05, 1C, 9C, 40, 00, 66, 8C, 25, 18, 9C, 40, 00, 66, 8C, 2D, 14, 9C, 40, 00, 9C, 8F, 05, 48, 9C, 40, 00, 8B, 45, 00, A3, 3C, 9C, 40, 00, 8B, 45, 04, A3, 40, 9C, 40, 00, 8D, 45, 08, A3, 4C, 9C, 40...
 
[+]

Entropy:
7.7842  (probably packed)

Code size:
18.5 KB (18,944 bytes)

The file chrome_updater.exe has been seen being distributed by the following URL.

http://safeserver-1.com/download_gate.php?cid=1363&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=ebay&subid5=ublp3_NoAdIds_NoKWs

Remove chrome_updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.