home

chromesetup.exe

mfc Application

The executable chromesetup.exe, “mfc MFC Application” has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from google.pl.
Product:
mfc Application

Description:
mfc MFC Application

Version:
1, 0, 0, 1

MD5:
a78e50b78b6bb9598e0960db0d439deb

SHA-1:
5cd55eb02cb3f41378f8c9b7e03e22a594fb746f

SHA-256:
97c1f1590ef5ff1e4cc245b9c6009fb9d486f758de9176de40ce1c7e5c048d7d

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/27/2024 5:03:45 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality-GR
160126-1

AVG
Win32/Sality
2015.0.4477

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NDR virus
7.0.302.0

F-Prot
W32/Virut.AI!Generic
4.6.5.141

Kaspersky
Trojan-Ransom.Win32.Blocker
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Norman
Win32.Sality.4
03.02.2016 07:38:05

Sophos
Virus 'Mal/Sality-E'
5.23

VIPRE Antivirus
Threat.4819585
46946

File size:
212 KB (217,088 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2013

Original file name:
mfc.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\chromesetup.exe

File PE Metadata
Compilation timestamp:
2/14/2014 10:54:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:T0WPeyeSiNzPJrAOPFQTdsZGzptRDEbFUizcDztgGz8P+e1ZH7VSc28w9W4G8:QaZtifrP/GzpDDEpUAyztC+eUlA4G8

Entry address:
0x262F

Entry point:
0F, C9, F7, DF, FF, C5, C7, C2, FF, 1B, 21, D8, B5, 86, C6, C5, 38, 0F, C9, 39, F5, 47, 89, D7, 8D, 2D, 33, 8E, 00, 00, FF, CF, 0F, CF, 8B, CD, 8B, EE, 81, E9, E5, 36, 00, 00, FF, C7, 51, 81, DD, 9D, 41, 48, F1, 0F, AF, FE, FF, CF, 85, C9, 03, ED, 0F, AF, EA, 5E, 8D, 3D, 22, FC, 9B, A0, FF, CF, 8D, 16, B1, F8, 08, F9, 8B, DA, F7, C0, 18, E7, F8, 0B, 81, C3, 0A, 01, 00, 00, 84, E8, 0F, CD, C6, C2, 1F, 8B, FA, 85, EF, 8D, 05, 00, 00, 00, 00, 38, DA, 0F, CF, 05, 00, 00, 00, 00, BF, D5, E1, 1C, 30, FF, C1, 8D...
 
[+]

Code size:
8 KB (8,192 bytes)

The file chromesetup.exe has been seen being distributed by the following URL.

http://google.pl/ChromeSetup.exe

Remove chromesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.