google chrome.exe

DarwenDLM Downloader

Superb Alpha (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application google chrome.exe by Superb Alpha (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Superb Alpha (Fried Cookie Ltd.)  (signed and verified)

Product:
DarwenDLM Downloader

Version:
1.0.5.53112

MD5:
ce7a2c5bd805f36ac2475d2c361852ef

SHA-1:
ee928e519ba92f7949deb8a8e589fce7330fdafe

SHA-256:
528d86e924aa9de1f32731690ea88c51356a9bb357c06abfbabf28380e4a91cd

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 4:27:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.2.27.3

File size:
1.1 MB (1,176,024 bytes)

Product version:
1.0.5.53112

Original file name:
ClickOnceSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\google chrome.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 1:00:57 PM

Valid to:
6/22/2016 4:48:43 PM

Subject:
CN=Superb Alpha (Fried Cookie Ltd.), O=Superb Alpha (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217F30BAAF40AF8D13BE6DB4153600593E

File PE Metadata
Compilation timestamp:
2/23/2016 12:21:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:L2KFgeCz+fqwhZBYfH7NLRsksYTqFTG+hsazNvFsms9B9:LrmHzDwhZAZLdCTGisazNvFsz9f

Entry address:
0x11742E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,136,128 bytes)

The file google chrome.exe has been seen being distributed by the following 2 URLs.

Remove google chrome.exe - Powered by Reason Core Security