google chrome.exe

RAPIDDOWN

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application google chrome.exe by RAPIDDOWN has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
*Rapiddown*  (signed by RAPIDDOWN)

Description:
Setup Manager

Version:
1.0.0.30

MD5:
a693e2c0b72f73ce18ed12f561eaf64d

SHA-1:
5899c60e7bef76f89345f83661ddd83a20ad78fc

SHA-256:
3192fbf19dec9c20f14dac1424d23224229bbb52bce7b1be84b4fcb4857331fd

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This will bundle various adware such as the Whitesmoke Toolbar and Iminent Toolbar. "These offers will be displayed depending on the user's location as well as the configuration of his/her PC, considered normal to display 2-3 offers. Additionally, the download manager offers the optional installation of a toolbar."

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/26/2024 12:36:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba.RAPIDDOW.Bundler (M)
16.6.23.4

File size:
172.9 KB (177,000 bytes)

Product version:
3.0.26

Copyright:
copyright·©·2013

Original file name:
inst4ll·3x3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\google chrome.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
11/27/2013 1:00:00 AM

Valid to:
12/1/2014 1:00:00 PM

Subject:
CN=RAPIDDOWN, O=RAPIDDOWN, L=Badalona, S=Barcelona, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02E94F6B0DC7BF53B8B6341C02DE4104

File PE Metadata
Compilation timestamp:
12/31/2013 12:25:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:gYfuVGYJYN5XRu39qWq+5EXzBbRDtgTjcFgHnqfqeg8pAwyy3PZYk:DD03EWaV1SbqsaAwyy+k

Entry address:
0x60117

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
100.5 KB (102,912 bytes)

The file google chrome.exe has been seen being distributed by the following URL.

Remove google chrome.exe - Powered by Reason Core Security