google_chrome.exe

Internet

Silver Setup (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application google_chrome.exe, “Internet Setup ” by Silver Setup (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Silver Setup (Fried Cookie Ltd.)  (signed and verified)

Product:
Internet

Description:
Internet Setup

Version:
1.2.3.8

MD5:
d9845fcaf84f3f870d251b5b900df337

SHA-1:
03ec2db7e9ed2c9650fa26ff5a085d8318b4edd5

SHA-256:
9924c542c759efe81a7448937d844fd071381609f99bf2caf388079479e2f0e2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/28/2024 2:46:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
16.2.4.10

File size:
963.4 KB (986,472 bytes)

Product version:
3.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\google_chrome.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 6:43:58 PM

Valid to:
7/24/2016 8:03:54 PM

Subject:
CN=Silver Setup (Fried Cookie Ltd.), O=Silver Setup (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112140334915ED026A82D6160FD4F0BAD4D4

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:gevQdNB1+F3tA5IWFJVxYRDRGkvUM0R/JZNs3:gRPB1+dtAJYRDRrvBC/JZw

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9302

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file google_chrome.exe has been seen being distributed by the following 50 URLs.

http://www.newsignsuniverse.com/.../5nmathj8D6&downloadAs=Google Chrome.exe

http://www.repositorycurrentflash.com/c?x=cdGvMy/hX6dKPxo/9YMAOESfjRupR7m8wokCvLIChQk=&c=uUv0UQ4id0eCvUFQQzQrZPcrx0LvN1AEV/clEOnAtA6X8Yxh8tM ObRVp3w/.../rqJzTQMN lSAEXVyTuaXRMicPQn&downloadAs=Google Chrome.exe

http://www.downloadbundledownload.com/c?x=IZS //n W8uPp f5ZrGplB5O6i575Z6QZO1VUmicNMI=&c=Xw6xX2ZGTymw0gU463enFUzSG acReMJ3qClLECs0VZaB6Lxh59zSAvaOtfxAeFGiy1o2i66w T30MfQMl4iMVw vof4mS r9GT7pecw9Br0u3q7nW1ZFJ1y4LhIFqS1&downloadAs=Google Chrome.exe

http://www.vaultsapptown.com/c?x=/TZy7DjrbcAAlIkBmt529V7QlBE6P2BRYXfNfXnMwew=&c=ETMzaQK0jqhA7Co3gVp/ylaQKvAE7tDfe67Rez5jNki3jkh8x60sb/iJN5etLO 2GzdyUOxZQV7kn50wun3lnycma/zsVhl4ZcV/doStGWhFSJOV/.../RC8dEQUOF&downloadAs=Google Chrome.exe

http://www.vaultsapptown.com/c?x=k8Ll94szSReJcIWXSMJAUJzpDtSfajtUVv66G1TLHtE=&c=ECi1rXqiuyGDFFtomW9LIUNO9OwvA/.../DGACq2WGLtAAvYjsmFt71TYIkGDt1 fwsX83a56wHfCip54L7VnGyCQfHefGHV07EA&downloadAs=Google Chrome.exe

http://www.vaultsapptown.com/c?x=FUs/.../402YCKm4Pcye4oqWDkamTzAvwvAwlR&downloadAs=Google Chrome.exe

http://www.repositoryhostinggrab.com/c?x=meW SMCAeFD6H/hrq0uJ TcW1A2UZky85jIUO/eW2zc=&c=f8AKzMJ5MGDy4DtJXdLImbaVA9CJHU2SXmh67 VOf4dh57DU1u5tCpdimk5sDTGyv1/0UMJmPR6Z5GzoMBe8jlDZNrfjvnRPGzfidlGL7/.../t&downloadAs=Google Chrome.exe

Latest 30 of 772 download URLs

Remove google_chrome.exe - Powered by Reason Core Security