google chrome setup.exe

Freemium GmbH

The application google chrome setup.exe by Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Freemium GmbH  (signed and verified)

MD5:
7b6ae9a98c03fd10bcdf49e04ea44de3

SHA-1:
a91d0c1f8c6cda40831a495e2b4f6a83e785c325

SHA-256:
ca5085e2d13154914b2570e4b3a305dd899d8e805ec3495c8ee6593060486cc8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 5:21:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus (M)
17.3.15.12

File size:
546.8 KB (559,888 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\downloads\google chrome setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/12/2016 2:00:00 AM

Valid to:
4/13/2017 1:59:59 AM

Subject:
CN=Freemium GmbH, O=Freemium GmbH, STREET=Schwedter Straße 9a, L=Berlin, S=Berlin, PostalCode=10119, C=DE

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DC9861432499069FCA228F29B47F6118

File PE Metadata
Compilation timestamp:
4/28/2016 6:01:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x14D0C

Entry point:
E8, 74, 7A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 38, 75, 45, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B4, 71, 45, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, A2, 47, 00, 89, 0D, B4, A2, 47, 00, 89, 15, B0, A2, 47, 00, 89, 1D, AC, A2, 47, 00, 89, 35, A8, A2, 47, 00, 89, 3D...
 
[+]

Code size:
344 KB (352,256 bytes)

Remove google chrome setup.exe - Powered by Reason Core Security