home

googlechromesetup.exe

Web Program App

Top Scale (New Media Holdings Ltd.)

The application googlechromesetup.exe, “Web Program App Setup ” by Top Scale (New Media Holdings) has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Installer Software   (signed by Top Scale (New Media Holdings Ltd.))

Product:
Web Program App

Description:
Web Program App Setup

Version:
5.7.3.4

MD5:
1a910217c116bb246867d5b245b24ab9

SHA-1:
9e5831e5d2ccb7be3c2439cbf3e407a7851638bd

SHA-256:
862c9555f8d28862da35e5cd259fa18ae060fb12b565f3364b419a1205d7583f

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/6/2024 4:32:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.diur
8.3.2.2

avast!
Win32:Malware-gen
2014.9-160107

AVG
InstallCore
2017.0.2872

Bkav FE
W32.HfsAdware
1.3.0.7237

Comodo Security
Application.Win32.InstallCore.DQR
23252

Dr.Web
Trojan.InstallCore.576
9.0.1.07

ESET NOD32
Win32/InstallCore.ACP.gen potentially unwanted (variant)
10.12269

G Data
Win32.Application.InstallCore.EG
16.1.25

K7 AntiVirus
Unwanted-Program
13.210.17253

Malwarebytes
PUP.Optional.InstallCore
v2016.01.07.10

Reason Heuristics
PUP.NewMedia.Installer.Installer (M)
16.1.7.10

Sophos
Generic PUA NP (PUA)
4.98

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
InstallCore
43834

File size:
798.1 KB (817,240 bytes)

Product version:
2.1.3

Copyright:
Software

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\googlechromesetup.exe

Digital Signature
Signed by:
Top Scale (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
2/11/2015 10:31:05 PM

Valid to:
2/12/2016 10:31:05 PM

Subject:
CN=Top Scale (New Media Holdings Ltd.), O=Top Scale (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FF0C79830A7B12BE4E698038C29DAF9A

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:OEXEsk5pVQGFku31tLLhQy3HpMktV8NToM:OgWHBFkuFtBQyXp0V

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9214

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file googlechromesetup.exe has been seen being distributed by the following 4 URLs.

http://cdn.mediafhsignslaboratory.com/c?x=YyJnDIWS25BYny1LoG2x0ya/CvkyxGGUvgW ntqAkNA=&c=r8LtAwTRxaYdVjGbqluHPsXEjDBAi7QOqr8QrF6UwWFLmyaHxfXcyZDQk93BMHcYg4DeLcxp/D1AeuuJ eyiz/ 0wS k4AkrOGO9f4yPwRMJI88s683S9SUJysQgtoc1gl9jo3JikV8fiPT7JAPm818kbRhJUNQ7VqqBZg3x Lc=&downloadAs=GoogleChromeSetup.exe&fallback_url=http://allmyapps.com/binary/570/.../direct-download?token=90c4f1d505d730885cc98010575156fddefdb54b

http://d.mediafhsignslaboratory.com/c?x= d8Mgypj2GOBK2MrT4qV9BxaEWVS8BHV22vT npDCQg=&c=eFEdcc3TTCcB7X/dXZkYh8PQDgoLEDYMINx/y6HaSClmqj7N1buUyhtRwIU1Jcd3J12wBkrVQYdhG2EiAux EViy0ry3ez6/mJfHs80D XuADV7 JVeAvWis9OhgqPkxyMcURAtg/GdBSOhLcjh0ur23MqCwIUwAa9LipveJsbQ=&downloadAs=GoogleChromeSetup.exe&fallback_url=http://allmyapps.com/binary/570/.../direct-download?token=90c4f1d505d730885cc98010575156fddefdb54b

http://www.mediafhchuckleapplication.com/c?x=NTIGbmRsqpQYGBy6/bODTLmFberY4RnJHVWiKGkfQAo=&c=1DJ6Hyu Xufou1ckox9HIS9TA7Os7jDKNmAvs9zw3KZa1BggTsx8BOBPfhk8rHLW9wi BEWmmy6OjDryaQ0aKKgZ6IEyVPeLRLa8h3DaIYLXmq5GfcAsqDxg9YlVQd9aMLkcbWMk5UcoMs7eCrLFrvADe1 QpKRbgVC0BRaro/0=&downloadAs=GoogleChromeSetup.exe&fallback_url=http://allmyapps.com/binary/570/.../direct-download?token=90c4f1d505d730885cc98010575156fddefdb54b

http://cdn.mediafhsignslaboratory.com/c?x=hPg7qmL f h9N1vegWV3uL1kstuVXjiUUlw/vJ7LNYI=&c=kQ/qlhhUucKLw9SarSmgUMD8ZiFUzpuHA3Ixc7XzmbtULexF8V0qsCG9m1Z9tG33FAIiPyrLjWuHiWK1L1zJKHJ4pAsW 8UQPU2WsLA14hE9FI2MJlI3xRoQSUIgRFBN7t 5wbVNMIiDap1vhDXaR5z36/Q8O3 L8trd8u zfhM=&downloadAs=GoogleChromeSetup.exe&fallback_url=http://allmyapps.com/binary/570/.../direct-download?token=90c4f1d505d730885cc98010575156fddefdb54b

Remove googlechromesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.