home

chromesetup.exe

Petas

Sambamedia llc

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application chromesetup.exe, “Petas Setup ” by Sambamedia llc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Sambamedia llc  (signed and verified)

Product:
Petas

Description:
Petas Setup

MD5:
d54967fd5f6c0c84bedbe2e01162425e

SHA-1:
d4ed5899f1f0e9355a7279a8bec353fcbdc06568

SHA-256:
9a3e4753e49498c7bea0c826d98d3307c8dbf4e0f5860026041d56ad4492a40e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/26/2024 8:47:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.13.9

File size:
935.2 KB (957,640 bytes)

Product version:
4.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\chromesetup.exe

Digital Signature
Signed by:
Sambamedia llc

Authority:
thawte, Inc.

Valid from:
12/20/2015 6:00:00 PM

Valid to:
1/19/2017 5:59:59 PM

Subject:
CN=Sambamedia llc, O=Sambamedia llc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
08AF0B7DB5193EDC6FFE31467E46AA55

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9326

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file chromesetup.exe has been seen being distributed by the following URL.

http://www.ranchsignbundle.com/_rUPse22VW WnHC6Na1DhJf8yuDz_BMkzd16HfqA2wTcZSRfUt5Yg2wm_vOOYVFe59 kloqgbXUMQTpn1thykK55o8DDx1t1YLzbjDPludWdkD8ZKXjwYEBMvMSfHBR6UWZ8MAeJrHxK1pnuKPEeCh0N5mkfjQ59jKaYKE5SlGyYC5FjEoOj 8WlfDyglSrVoOizxRLQd56_RD_4dzu4t2I6qaUyN3FrVPvtJDGD8muOPrkFrEjwagziZLXmEIGumSkmEv6bWRpLpxcrgR9jL7 u4NR27rs3s_Y1B8E2NFxGgiNdmebywIwHmCcm1g2jVTV4Kmbxwdf1SV30DiBQKaCHOUND5CfL31xOCZnvKOhqom4cn5ehJgt241OOOQMwG9fHjaK9U4Ju2MzfsucF_6dW96DIMc1WgBT7aB5shu1PP4Cgrt tZ8pXfMYwohhgmR9MuYIbmPJ11ROVFyCdEi6BsInWXXWg6 mT0uMiUYqHqaRjGddzauUiGJDDRR_ZxmhvWLxlLx3etX_ FJJ81E6nXH7tMwHNy1zxlXQ_TP9pvfCALJvVpvC2Kzr2KPKH_X7ph6Q0 rD5f4jo4TQq0swjriJzl7RV4r2kfiHH 7Jm82l5m_rAgWB PLI8Gtq93w2cI6LtZkV4aI0niC8yX6y7jXSHSnVPqTKxfNyyO2Xi wHJk_BI7cLQXhPeDRSnJ6rM8lzmIFih0LeHIrZYzUj8niUjfmTvV WfyZG6HhQcfnrQGgio5Zh kDCCH6NGPazZx4rsDadRi12MbuqgdFIKAH9fL8CRABfjaKyktIXYTLhUwoM=-CwiAZmlsZXpvb21zLmNvbS80MDQD

Remove chromesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.