googlechromesetup.exe

Web Program App

Top Scale (New Media Holdings Ltd.)

The application googlechromesetup.exe, “Web Program App Setup ” by Top Scale (New Media Holdings) has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Installer Software   (signed by Top Scale (New Media Holdings Ltd.))

Product:
Web Program App

Description:
Web Program App Setup

Version:
5.7.3.4

MD5:
1a910217c116bb246867d5b245b24ab9

SHA-1:
9e5831e5d2ccb7be3c2439cbf3e407a7851638bd

SHA-256:
862c9555f8d28862da35e5cd259fa18ae060fb12b565f3364b419a1205d7583f

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 8:40:20 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.diur
8.3.2.2

avast!
Win32:Malware-gen
2014.9-160107

AVG
InstallCore
2017.0.2872

Bkav FE
W32.HfsAdware
1.3.0.7237

Comodo Security
Application.Win32.InstallCore.DQR
23252

Dr.Web
Trojan.InstallCore.576
9.0.1.07

ESET NOD32
Win32/InstallCore.ACP.gen potentially unwanted (variant)
10.12269

G Data
Win32.Application.InstallCore.EG
16.1.25

K7 AntiVirus
Unwanted-Program
13.210.17253

Malwarebytes
v2016.01.07.10

Reason Heuristics
PUP.NewMedia.Installer.Installer (M)
16.1.7.10

Sophos
Generic PUA NP (PUA)
4.98

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
InstallCore
43834

File size:
798.1 KB (817,240 bytes)

Product version:
2.1.3

Copyright:
Software

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\googlechromesetup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/11/2015 10:31:05 PM

Valid to:
2/12/2016 10:31:05 PM

Subject:
CN=Top Scale (New Media Holdings Ltd.), O=Top Scale (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FF0C79830A7B12BE4E698038C29DAF9A

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:OEXEsk5pVQGFku31tLLhQy3HpMktV8NToM:OgWHBFkuFtBQyXp0V

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9214

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file googlechromesetup.exe has been seen being distributed by the following 4 URLs.

Remove googlechromesetup.exe - Powered by Reason Core Security