home

google-chrome.exe

Ultra Setup Manager

Husren SA

The application google-chrome.exe by Husren SA has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from offersrepo.com and multiple other hosts.
Publisher:
TIK  (signed by Husren SA)

Product:
Ultra Setup Manager

Version:
3.5.34.765

MD5:
7fece2c18ec8133ffd8bb325c511e40d

SHA-1:
f1e8b0d389a067d04b6a3107ed2ec8f7e755103c

SHA-256:
e8286c7e7ac83fcd20370712c69c64d0bd677065e9044fb78ac466a71480af83

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:25:16 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Colooader.137144
8.3.1.6

AVG
Downloader
2016.0.3062

Baidu Antivirus
Adware.MSIL.Colooader
4.0.3.15630

ESET NOD32
MSIL/Adware.Colooader (variant)
9.11866

McAfee
Artemis!7FECE2C18EC8
5600.6718

File size:
134 KB (137,192 bytes)

Product version:
3.5.34.765

Copyright:
Copyright © 2015

Trademarks:
TIK

Original file name:
i3KC.exe

File type:
Executable application (Win64 EXE)

Digital Signature
Signed by:
Husren SA

Authority:
COMODO CA Limited

Valid from:
6/11/2015 9:00:00 PM

Valid to:
6/11/2016 8:59:59 PM

Subject:
CN=Husren SA, OU=602, O=Husren SA, STREET=Colonia 810 esc502, L=Montevideo, S=Montevideo, PostalCode=11000, C=UY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13D29ADB2F499B625116D9BBF3D8B83F

File PE Metadata
Compilation timestamp:
6/29/2015 3:06:14 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:WreqgJ8rTWReOmMe2HLEErXAfqLvpJkv2ZJt01rPUkwqoJnWch:lReOFe2HYGlJtir5c

Entry address:
0x1C0AA

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
104.5 KB (107,008 bytes)

The file google-chrome.exe has been seen being distributed by the following 5 URLs.

http://offersrepo.com/download.php?__tc=1435629762693&downloadName=atube-catcher.exe

http://offersrepo.com/downloads2.php?__tc=1435722396702&signature=qualityscorei3&downloadName=google-chrome.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=avast-2014-free.exe

http://offersrepo.com/downloads2.php?__tc=1435705274188&signature=qualityscorei3&downloadName=google-chrome.exe

http://offersrepo.com/downloads2.php?signature=qualityscorei3&downloadName=adobe-photoshop-free.exe

Remove google-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.