home

chromesetup.exe

Sosa

Agile Install (New Media Holdings Ltd.)

The application chromesetup.exe, “Sosa Setup ” by Agile Install (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Agile Install (New Media Holdings Ltd.)  (signed and verified)

Product:
Sosa

Description:
Sosa Setup

Version:
1.8.4.4

MD5:
50115e1e27815a9cf92c52f89e336ae2

SHA-1:
08aa9f111b9221a4b734e74951db9d5022fe29fa

SHA-256:
20421e828048297d1309715fa6642fecad396155a5787dfb841bcef1b7161cbc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/28/2024 11:55:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.9.28.10

File size:
990.3 KB (1,014,080 bytes)

Product version:
4.7.7

Copyright:
File Internet Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\chromesetup.exe

Digital Signature
Signed by:
Agile Install (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 7:08:20 AM

Valid to:
10/30/2016 11:39:05 AM

Subject:
CN=Agile Install (New Media Holdings Ltd.), O=Agile Install (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E708A02FF07CE5E25618BCF50F6A6CAE

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:wCiw6GBBVnfzqWgga1QHNvyp+YXRi22brujr+Fk6xcJ4oBWYS:wrZG/Vnfz/uoyQKRi22bK/+FnxJH

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9133

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file chromesetup.exe has been seen being distributed by the following URL.

http://www.currentvaultschuckle.com/8zipqyhMk5ivDWL9qZdVkDgWjctdlQIVybMIg8uZ_qOJHGExMr65AjKqspinAUqgjARHMbvaTIILntDyqiRcCVNPknwC1d5tYHmrIIwQ2kIl_nyblYTYA7Phi7CQ8ycP1zrmjffRHxtpbsizhMXClU3VYvin0kKPn5nLBnj 6dBFLtA2g Rk9v6esGfgRPS fnuiz26ads5oAItwUW2_PzFViWNPXixI9eXY0u7 IXeI8GPNY1aLezjfsry3prHkvSYkoDN_L3h5MBsbkghYH9Z4WUD5oGD1IHo7Q6jVuo0_o8PD6BOZebS5hynXeoH erQ2qF HtS0fHxYpUgulNMaz79SQkWB f 4HdSIZBCZNhTiTHgWchOHazIEeqJdRc6DPaUMUHZBuuPbSHVUJAqt412CNt 5Rx4ky9JgYYCZ5RZU6vWHM_BLCuJzhw12hYcV80LN30_0hwY404ZFvDZYRl6s04k0K4m0KysTrfaAyt4zOyQyDJr5Nk0DqlByBH7cm3BbBseljebiwodDLs9tXrUX44cXT05Btt9S_jo8BN_WpHnwsdQ2rK5gyT3Pzxv8jZ8SEEKLUKz1m5jCQdaFAE hKx_SOiVIt6p4oSkiQZStE OeaW 4Ka33GTkKOTamx6iQspV_eTTA7Z o1vNoB5iEuxU51CHXNE ATchNM8ineGau5MhVEecLaAdSIW96D9YlHjl5kn17B1Xke5FG3QetOg==-GwgBAGRzLqciC5Stsnz hRrxAz09YK6ytCwKsKzv4il9u57_zigR Zfo_sUW8_t9Hwnvd1o7imZ9NxN7seZ Pyt4BBWh8rVDG5U2JBrURKMKxOUsiOpkk1E8W4QqgsTF7It1yVtdc4JcJxKMySS4YEhUddAYkqulACwK0DacpHiQ6HUFFRVITNzN6928X6AiB4nN_X42x8BS3M4gjeRhnoIJEr_WSO0yQMW

Remove chromesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.