chromeupdate_tsa37onof.exe

Suzhou Puluosi Info Tech Co., Ltd.

The application chromeupdate_tsa37onof.exe by Suzhou Puluosi Info Tech Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dde.de.saeaserviceabouthome.com.
Publisher:
Suzhou Puluosi Info Tech Co., Ltd.  (signed and verified)

MD5:
6843aec157e80dc56f2a019cabe89c75

SHA-1:
59aaa1ef727832636a239d362859844053d7b095

SHA-256:
ffae6bf70099bcc5a8fb362fcaf7aab95288ba6f9c4697e19b8dacc0ee530dcf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/28/2024 10:39:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.JiangsuCN.SuzhouPu.Installer (M)
16.6.14.5

File size:
809.1 KB (828,472 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\chromeupdate_tsa37onof.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
12/11/2014 2:10:41 PM

Valid to:
12/11/2015 2:10:41 PM

Subject:
CN="Suzhou Puluosi Info Tech Co., Ltd.", O="Suzhou Puluosi Info Tech Co., Ltd.", L=Suzhou, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
1684E2745B76062361689E5BC4E611CB

File PE Metadata
Compilation timestamp:
2/25/2012 12:49:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:KEhB9KLSLuYfldGSlzU4EuXNaFJL7UoWxM3i7o14QWTeUgzKTCHhDuNN:K+B9KuLztsStjNBhTMQbihD2

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.8173

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file chromeupdate_tsa37onof.exe has been seen being distributed by the following URL.

Remove chromeupdate_tsa37onof.exe - Powered by Reason Core Security