chromesetup.exe

Bubegaf

FlashInstall (New Media Holdings Ltd)

The application chromesetup.exe, “Bubegaf Setup ” by FlashInstall (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Cerinisera   (signed by FlashInstall (New Media Holdings Ltd))

Product:
Bubegaf

Description:
Bubegaf Setup

MD5:
29f07988b93aa8819a61103a8c036b29

SHA-1:
75ea2f9d19722f2a6abb7bef68031562cd58a264

SHA-256:
72c128e6eca8b3af442612d418be290644d526978a15cd304314576ecec22ee2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 6:13:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.14.5

File size:
1.2 MB (1,224,048 bytes)

Product version:
3.7

Copyright:
Web Program wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\chromesetup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Subject:
CN=FlashInstall (New Media Holdings Ltd), O=FlashInstall (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112198556124C91F26DF4ED058627D50D2D9

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file chromesetup.exe has been seen being distributed by the following URL.

http://www.ranchsignbundle.com/gYxmDKr ziMIHbD0RbPM0MwKZw_pEoufm1bb3OmUb ak8MzIbDZ_MwMbW8GSU gc1NoPlD3Qgh4FuqPe Hmb lVW9YVq_cgzjPV7IYhcbH Tg_tQ7Ejpou8mlmIuae324VLcTP5FoRHKmKQykxFBytVk9_ZkCIJ9wlKa06Kp31xCHPp_1SzhBJ MqiSORQXrEzfeecBL5x32k1ssbddc6lnYaC04qnNJ0hqp5NmCODm3uVEY111kVytt8wvZ9eAWfOZZeGy_Pd4iTb25qSt7P28y_qfE7MvckrcgbTytPFj0sJ6vKeScdM44zIvEKrySxzr4KjBzbECwoBMdGHPtSFDkRrLdHzSEruFNEVZXJB DakxpNsEX4S2RP8ekwClMA0V_cYTJElOcFXm6QTSP8PVqxqvDuvPni t1SwOXRaDCa5VBsjHLYko_cWInyiPBpM2msSOc7hFSn9GrrX2TLSN4CpPA4wtSlWe6PxNjGs15JIv_JxCFfF9jbvuclXhJIVyCIaK65FqjM1avA1FjLVtLvrC3M o2K2N4CpHSI2PO3ld0fp_CexV0OE3IjFLcZAP5nYFajg0jp3UDsIw 9 YvARZ9FHMmAJrDSiKxwHI5KEBdjVRhBiQ2BHE_rle_Lgmy kv4MiiDEeY5LeIV6j6OlsNHo9H8eWC6apIv96F9DN8dQkYoVxYzyAZAzGFHDQfHT5J8QQzor4u78V52npXB0hXEaFdh92xVC8JzTeBg115h4wsuGDznFurkkHfRj5Ez97Lo3kPJI_E9ZmuyP7DwhKTDV0RkWQDUyDHUZ9CxhNwcN rZvvxhBEgV W_6sM4DjaxJsnVx8GqzOFR5TBqI0Jrj vmyRseYiU3t6bSTyXjx5Z1jfiEmuGvfsbggemF6ixXuvFuO276qCRpreK5dpmCBw==-GxUAAMRjbF7DPAblGlKTTkYpbCur9TVXEAQ=

Remove chromesetup.exe - Powered by Reason Core Security