home

google-chrome-install.exe

Installer

The application google-chrome-install.exe, “Setup Application” has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Installer

Product:
Installer

Description:
Setup Application

Version:
2.0.0.0

MD5:
7067bdbe85699613c85d658ac37cd2b4

SHA-1:
b7e9b748733ca0c8ec64c8402fa34bf7b2be64ef

SHA-256:
67616c846f3083154a22ffcab4f633605ee75672da108592fce3d6e5c2a26e55

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/12/2025 10:36:11 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Adware.W32.Hebogo!c
2.1.4+

Agnitum Outpost
PUA.Hebogo
7.1.1

Baidu Antivirus
Adware.Win32.Hebogo
4.0.3.16130

IKARUS anti.virus
Trojan.Win32.Scar
t3scan.2.0.3.0

Kaspersky
not-a-virus:AdWare.Win32.Hebogo
14.0.0.737

Malwarebytes
PUP.Optional.Surf
v2016.01.30.01

McAfee
Artemis!7067BDBE8569
5600.6504

NANO AntiVirus
Riskware.Win32.Hebogo.dynjyk
1.0.14.5798

nProtect
Trojan-Clicker/W32.Hebogo.2225573
16.01.26.01

Reason Heuristics
PUP.InstallCore.Bundler (M)
16.1.30.13

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
46780

Zillya! Antivirus
Adware.Hebogo.Win32.562
2.0.0.2632

File size:
2.1 MB (2,225,573 bytes)

Product version:
2.0.0.0

Copyright:
Installer

Trademarks:
Installer

Original file name:
suf80_launch.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\google-chrome-install.exe

File PE Metadata
Compilation timestamp:
11/6/2009 8:53:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:xgCh1LGumhuW+RySm9mlxETVE+cTDj5suZ6EEhrSLVG7d8:SCPSjglxEJE+cbnZ6zRi

Entry address:
0x3079

Entry point:
E8, FB, 2E, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Code size:
32 KB (32,768 bytes)

The file google-chrome-install.exe has been seen being distributed by the following URL.

http://admin.interdescargas.com/download/chr-fr-mic/fr/.../Google-Chrome-install.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove google-chrome-install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.