home

google_chrome.exe

Google Chrome

Download Manager

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google_chrome.exe, “Google Chrome ” by Download Manager has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the AirInstaller Download Manager installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Download Manager Cert   (signed by Download Manager)

Product:
Google Chrome

Description:
Google Chrome

Version:
2.0.5.8

MD5:
f39e519151d2402836f748d6594ecc35

SHA-1:
676c4d329621367a649424e288ec0dc9de32a2f9

SHA-256:
ca9b83c3946659fb828094d80232d69fdac2dae94247f9f08d102a9e01060cb1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 7:16:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Air Software.Download.Bundler (M)
16.4.3.13

File size:
848.9 KB (869,296 bytes)

Product version:
2.0.5.8

Copyright:
(c) Download Manager Cert

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\google_chrome.exe

Digital Signature
Signed by:
Download Manager

Authority:
VeriSign, Inc.

Valid from:
6/7/2013 8:00:00 PM

Valid to:
6/8/2014 7:59:59 PM

Subject:
CN=Download Manager, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Download Manager, L=Vancouver, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
428E8B7C1AC548D083F4D3A0C5FDAF4C

File PE Metadata
Compilation timestamp:
4/3/2014 4:43:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:4gGScqZthc8IqUhl/82dbtTaLr6TajhONj7uJ0s9hcolBhD+i71b37H2dJsmydV+:35ta0LmTNj7u3oqhZydNEDKvoIc7b6

Entry address:
0x26BC30

Entry point:
60, BE, 00, 80, 5A, 00, 8D, BE, 00, 90, E5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8777

Packer / compiler:
UPX 2.90LZMA

Code size:
784 KB (802,816 bytes)

The file google_chrome.exe has been seen being distributed by the following URL.

http://yes-downloads.com/USA/Chrome/.../download.php

Remove google_chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.