home

chromium_browser7.13.exe

Chromium

Fuyuan Zhou

The application chromium_browser7.13.exe, “Chromium Installer” by Fuyuan Zhou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It runs as a separate (within the context of its own process) windows Service named “Install Service(ChromiumDL)”. It is also typically executed from the user's temporary directory.
Publisher:
Fuyuan Zhou  (signed and verified)

Product:
Chromium

Description:
Chromium Installer

Version:
1.0.0.1

MD5:
f11d3b40e546b653a7ccad630eb688f3

SHA-1:
469ec89fe26d9b456b387f5d3b3a999e606e1a4b

SHA-256:
c8141723a33652867e15899030ade8e62d35f8179c3979eea65ed15a0f40b937

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 3:42:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.17.10

File size:
371.9 KB (380,800 bytes)

Product version:
51.0.2704.68

Copyright:
Copyright (C) 2016 Chromium Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\618b4d91_stp\chromium_browser7.13.exe

Digital Signature
Signed by:
Fuyuan Zhou

Authority:
thawte, Inc.

Valid from:
7/10/2016 9:00:00 PM

Valid to:
6/21/2017 8:59:59 PM

Subject:
CN=Fuyuan Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
21E4E205D19BCF68E4675D7F8F39A764

File PE Metadata
Compilation timestamp:
7/13/2016 6:02:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:02PHcQCWcF+cIRSLUBudN/Vndt4ikY2VGkTRy9xKdmBvUmtfqkjLdzbHQ:02P8QE+7RSIi3cnFsxKd/yNQ

Entry address:
0x24850

Entry point:
9C, 0E, 72, 00, 00, 8B, F4, A6, 85, B8, BA, 47, 88, 6A, 3E, 00, CE, 2F, 80, 3C, F3, 4A, 00, 00, 00, 00, 23, 18, 1A, 3C, 2F, D3, 9F, 1A, 14, 90, B7, D3, 37, B7, 76, AF, 86, B0, 27, BF, BA, 9D, 86, B1, A0, B8, BA, 9D, FF, 15, 96, 74, 88, 90, 9C, 14, 82, B8, BA, 90, 9D, 91, 85, B8, BA, 32, 10, A7, 4F, 00, 00, 00, 00, D5, 3E, 63, 49, 49, 10, 7C, 76, 14, 13, 35, FD, 70, F1, AF, E4, DE, 05, 1D, 00, 74, 80, 32, 8B, 2D, 86, 80, 45, 9E, 8B, A7, 85, B8, C8, 27, 80, 3C, D9, 00, 00, 00, 00, AA, B9, 17, 21, 9D, 41, 00...
 
[+]

Code size:
262.5 KB (268,800 bytes)

Service
Display name:
Install Service(ChromiumDL)

Service name:
ChromiumDL

Description:
To ensure browser softwareinstallation is completed.This service uninstallsitself after browsersoftware installed.

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove chromium_browser7.13.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.