chromium.exe

Fuyuan Zhou

The application chromium.exe by Fuyuan Zhou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(ChromiumP)”.
Publisher:
Fuyuan Zhou  (signed and verified)

MD5:
da0fce43b84a01db3cccd84081bb44fb

SHA-1:
d5e1b4e6a973e42ad033f2bbddbe8f46b8dc3727

SHA-256:
ef1f76cebd686476bcb15e4625d5054493b0376c23d8da352433051e2deaad75

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 5:56:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.1.10

File size:
418.9 KB (428,928 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\chromium\chromium.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
7/31/2016 9:00:00 PM

Valid to:
6/21/2017 8:59:59 PM

Subject:
CN=Fuyuan Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
27E9D420E262B14FD8289B7C0BB6D41F

File PE Metadata
Compilation timestamp:
8/1/2016 4:27:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:2QUuJ4aIwDygrnj9PkGXw4mHjeUqvHPjnihPV4AHCtkNvfUQyPBAOKErluFD:7UO49+nJPC4IeLvv7iVV4yC+8NPBEzD

Entry address:
0x29952

Entry point:
87, BC, 50, 00, 00, 84, CF, 92, A9, C7, CF, 6C, 37, 80, 36, 00, E2, 1A, 91, 54, E4, 42, 00, 00, 00, 00, 10, 3C, 3C, 2C, 34, E2, B2, 38, 61, 9F, 8C, 3C, 32, C7, 05, 00, 00, 00, 00, E2, 2D, 73, 69, 1B, 09, 6B, 60, 05, 6E, 67, C0, 4B, E8, 9A, CE, 19, 27, 23, 00, 5E, 8A, 3C, A9, 4D, CC, 8E, 26, 9F, 8D, 90, 96, A8, E8, 75, 99, 2B, CF, 00, 00, 00, 00, 91, A0, 22, 0B, 96, 62, 00, 00, 00, 00, E1, 12, 1C, 3C, 62, 07, 47, 7E, 3C, 3F, 57, EC, 18, E6, A7, CD, 26, 48, 76, 00, 50, A6, 22, E6, 0C, A7, 9A, 45, 91, 88, 29...
 
[+]

Code size:
306.5 KB (313,856 bytes)

Service
Display name:
Protect Service(ChromiumP)

Service name:
ChromiumP

Description:
To ensure your Chromium software integrity. If this service is disabled or stopped, your Chromium software will not be kept integrity check. This service uninstalls itself when there is no Chromium so

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove chromium.exe - Powered by Reason Core Security