home

chromesetup.exe

Saripig

Alpha Setup (New Media Holdings Ltd)

The application chromesetup.exe, “Saripig Setup ” by Alpha Setup (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Podan   (signed by Alpha Setup (New Media Holdings Ltd))

Product:
Saripig

Description:
Saripig Setup

Version:
4.3.2.6

MD5:
f4125251e2fc48b8d9822620624dc4e2

SHA-1:
04de90c54ab6d2394d0b65f25a782d697ac745bc

SHA-256:
ad06fb5b9092b2873b9157c75e058cdfc991f9e4eb9b446bf2cee276fdd07c90

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/13/2025 11:16:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.16.11

File size:
941.8 KB (964,432 bytes)

Product version:
4.0

Copyright:
Stub Prog

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\chromesetup.exe

Digital Signature
Signed by:
Alpha Setup (New Media Holdings Ltd)

Authority:
GlobalSign nv-sa

Valid from:
3/14/2016 11:42:12 AM

Valid to:
6/20/2017 3:30:00 AM

Subject:
CN=Alpha Setup (New Media Holdings Ltd), O=Alpha Setup (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CA3CC937380392A4260C535FA2D1F15E

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9060

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file chromesetup.exe has been seen being distributed by the following URL.

http://www.ranchsignbundle.com/0CNstzHPS53Qsal Yj_ gs2lIy6_qy53yiPdB_Ikx5YrkCmlu2jDnGmemgwNQ1ZXolu1bupzPPoTQDBrZItQXaF75WNP6Cvi7SMdzVSjhJJnCS5yYB0Qrp1_YE3KAXixhL8JvuY1LuwUYakI7YO3_UjwZvG1vuBX3VYqSdtz0sfn79s hPnBHgvbleUUeQJxfC_on2VOgqOuAzMf1c09zsIk8KV9g5VODL_OlTLDCZgSAau07HUzjsmlvM5iA8lHYPkpOaIqgZ4kOlXRPKjIJpeoIaoDAHi3TSIPqc_UVaM8HWnaAoo06xJ5h75OA3mm86yRhx9rgemeIWYaNxD0UEftCd17aN8dQrdb65vuMDxUnk9RZjWcsCKHv161qnc PieZsOKMpS7ns5ItNcsPX26jisSIP_B02L9OY0oiBWCxv1xzeROCzlBpMSw5zcPQVpD4RxBuNvt8bNxb492rmvqeu30SsNW3BYbWVOiwMH_TkXjmPs89uzsIRfr197YxrSzNq6lnP4EtSiKVKkmkoKFtsqsH erc4GyiEep5iTP4ul05yrC5J_HSrGdy89iB5oIEIsp3-iwSAMTcyLjE3LjAuMQM=

Remove chromesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.