» chromesetup.exe
Overview
Analysis
File Details

chromesetup.exe

Norassie LTD

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application chromesetup.exe by Norassie has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

chromesetup.exe

Publisher:

Google Chrome Setup (signed by Norassie LTD)

Product:

Google Chrome Setup

Version:

42.0.23.2

MD5:

0e9c3b3641f02caa1bb597f6a7ed3974

SHA-1:

98c17fc26e853b4d0436c63dd7b3b1daf6557c69

SHA-256:

fae3888035137c96b2835c0462911c6e15f825a2583776b5e3bbc203ac05cad6

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/26/2024 12:34:40 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

16.10.21.9

File size:

737.9 KB (755,568 bytes)

Product version:

42.0.23

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

English (United States)

Common path:

C:\users\{user}\downloads\chromesetup.exe

Digital Signature

Signed by:

Norassie LTD

Authority:

COMODO CA Limited

Valid from:

1/27/2015 7:00:00 PM

Valid to:

1/28/2016 6:59:59 PM

Subject:

CN=Norassie LTD, O=Norassie LTD, STREET="Tenancy 10, Marina House", L=Mahe, S=Mahe, PostalCode=1403, C=SC

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B3E3E3FC0BBFD6D5BC245C26F53737AC

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:P6h+VWrX6gS5jDga4K+vjw61djcSYxfFAf3tjugq3yEs:P6Eg/4juE6L90fFAPtDHEs

Entry address:

0x89C54

Entry point:

55, 8B, EC, 83, C4, F0, B8, 0C, 99, 48, 00, E8, B0, C8, F7, FF, E8, 3F, FC, FF, FF, 84, C0, 74, 18, 6A, 00, 68, CC, 9C, 48, 00, 68, CC, 9C, 48, 00, 6A, 00, E8, 84, D2, F7, FF, E8, EF, A4, F7, FF, A1, F4, C3, 48, 00, 8B, 00, E8, 47, C0, FC, FF, A1, F4, C3, 48, 00, 8B, 00, BA, F4, 9C, 48, 00, E8, 36, BC, FC, FF, 8B, 0D, 90, C5, 48, 00, A1, F4, C3, 48, 00, 8B, 00, 8B, 15, 50, 82, 48, 00, E8, 36, C0, FC, FF, A1, F4, C3, 48, 00, 8B, 00, E8, AA, C0, FC, FF, E8, A9, A4, F7, FF, 00, 49, 6E, 73, 74, 61, 6C, 6C, 65... 
[+]

Entropy:

6.7564

Developed / compiled with:

Microsoft Visual C++

Code size:

547.5 KB (560,640 bytes)

Remove chromesetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.