home

chromesetup.exe

Bubegaf

FlashInstall (New Media Holdings Ltd)

The application chromesetup.exe, “Bubegaf Setup ” by FlashInstall (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Cerinisera   (signed by FlashInstall (New Media Holdings Ltd))

Product:
Bubegaf

Description:
Bubegaf Setup

MD5:
91ffe940ce71c3651da5a41c2210b4c9

SHA-1:
1452cba55a66ac69b36efd312e08f35328165245

SHA-256:
874906e86be2c9b8d049b0006f824c6fc1101d7037c11c786c0bb113b915b6c9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 10:33:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.12.11

File size:
1.2 MB (1,224,048 bytes)

Product version:
3.7

Copyright:
Web Program wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\chromesetup.exe

Digital Signature
Signed by:
FlashInstall (New Media Holdings Ltd)

Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 5:24:03 PM

Valid to:
6/26/2017 4:56:08 PM

Subject:
CN=FlashInstall (New Media Holdings Ltd), O=FlashInstall (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112198556124C91F26DF4ED058627D50D2D9

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file chromesetup.exe has been seen being distributed by the following URL.

http://www.ranchsignbundle.com/XRuBwTz YeKc1Zib2NnpG8Z_X8ECmq3pUKq81NdzeKAwsmQEuWDJrx8y1g g14VQBqo56TWmH2LLzcnjO8KVm1xayMOddV2M66qL4CVdPkyxMbPpebN5Aj01VlFjjWxg9EKoJno8uO_hoEsRsdhFbcYnnXVZxYDI6Y1 _6M8MvfvfR419zLH3PNV49UXsi_7k_fVbk3YEiQGubRldhCoyvWnlLasDJZexjdl5_L0OSCnDPF9I3NAJFpv4cjaPI4cZS6PEWBkec72b80V7lF1KZJzikpPCLhrccj1L2vv3pmZMC8kK_JtDkbdODryUV8AZmWA0rVpwljobq0XWmv7RZ6sYy_s2pE 2hR0QhxUJHP4CSl7aqCVZny86UZOHk7kkNZQIuFujpcQo5BqP8x54r4KWtHVsnsV7div4LFPJMNrSc4VfchjuM 83Uq8vfx_ohMxd10cYYedq6r2V9anqAQ8EWfboT5UDSy0vn9rz V25hihY_ZYAf52OsBt866pwxZNpbeOIogsWjC33S7pKoHFaaAZIXu6HDnbpaWHG_TqzLWJbp3Eld5PzDOhqArzASh G f4gF7dI_IY_Ts6wy80HRZ_h5Zg_ca9_Co8J36IL5j9KRsPUtphLbwQLCqa8y8nAPzttkV4yXIzT_KD9V9yFMcIHtJFTJSIVToLXi0CwljK6PGQKfUjaw2PGk7200UE_YHKjcyttCBj3BXfc9rhY4KUmwyhAfTwNrZ8EIjceHLKeShiy3dimBCiEV1iavcWkZczgt8JsunGvk0zmmdtq8ru6gr_fkOarH94_uffJlNMW_BGP7RhRqAXm4rM7QyLAAtQ3NP2TH0Afrc2e9LrY9B8a0kY7IB_eTDKMoC8uwoOYbEbLr8IfVb gGZ532HSNxNlYv 5DYFLLGeTrQvC2n68aw==-CwmAc29mdGdyYXR1aXQuY29tLzQwNAM=

Remove chromesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.