» player-chrome.exe
Overview
Analysis
File Details
Downloads (1)

player-chrome.exe

File Monarch

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Fusion Install ” by File Monarch has been detected as adware by 41 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

player-chrome.exe

Publisher:

Fusion Install (signed by File Monarch)

Product:

Fusion Install

Description:

Fusion Install

Version:

2.4.8.1

MD5:

23d17b22efd8adf21f73915dea93fce2

SHA-1:

0d6a4b81aca60bfa81b5eabc40da9d51f4d230cb

SHA-256:

a60d63bed0fc8eeb9d5bdac7efcef96cc57074df71cc9db5d5e6ef91211a99f2

Scanner detections:

41 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/28/2024 4:47:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.439479

376

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.IBryte

2014.08.20

Avira AntiVirus

Adware/iBryte.bxop

7.11.167.238

avast!

Win32:PUP-gen [PUP]

2014.9-160124

AVG

Adware AdPlugin

2017.0.2854

Baidu Antivirus

Trojan.Win32.Clikug

4.0.3.16124

Bitdefender

Gen:Variant.Kazy.439479

1.0.20.120

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Ibryte-592

0.98/19086

Comodo Security

Application.Win32.AgentCV.HWYE

19325

Dr.Web

Trojan.DownLoader11.31388

9.0.1.024

Emsisoft Anti-Malware

Gen:Variant.Kazy.439479

8.16.01.24.12

ESET NOD32

Win32/AdWare.iBryte.BD (variant)

10.10320

Fortinet FortiGate

W32/Malware_fam.NB

1/24/2016

F-Prot

W32/A-c255719d

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy

11.2016-24-01_1

G Data

Gen:Variant.Kazy.439479

16.1.24

IKARUS anti.virus

Trojan-Clicker.BFNI

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.183.13319

Kaspersky

not-a-virus:AdWare.Win32.iBryte

14.0.0.767

Malwarebytes

PUP.Optional.iBryte

v2016.01.24.12

McAfee

Artemis!0FF2B0F7AD04

5600.6510

Microsoft Security Essentials

TrojanClicker:Win32/Clikug.A

1.10401

MicroWorld eScan

Gen:Variant.Kazy.439479

17.0.0.72

NANO AntiVirus

Trojan.Win32.Adpeak.cumkpw

0.28.0.59826

Norman

Gen:Variant.Kazy.466534

11.20160124

nProtect

Trojan.GenericKD.1618449

14.04.10.01

Panda Antivirus

Trj/Genetic.gen

16.01.24.12

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Quick Heal

TrojanDownloader.Badur.A5

1.16.14.00

Reason Heuristics

PUP.Adknowledge.FileMonarch.Bundler (M)

16.1.24.12

Rising Antivirus

PE:Malware.iBryte!6.192B

23.00.65.16122

Sophos

iBryte Optimum Installer

4.98

SUPERAntiSpyware

PUP.OptimumInstaller/Variant

9366

Total Defense

Win32/Tnega.IQAFGOD

37.0.11237

Trend Micro House Call

TROJ_CLIKUG.A

7.2.24

Trend Micro

TROJ_CLIKUG.A

10.465.24

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4778314

32210

Zillya! Antivirus

Adware.iBryte.Win32.854

2.0.0.1790

File size:

261.4 KB (267,640 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\player-chrome.exe

Digital Signature

Signed by:

File Monarch

Authority:

COMODO CA Limited

Valid from:

3/17/2014 5:00:00 PM

Valid to:

3/18/2015 4:59:59 PM

Subject:

CN=File Monarch, O=File Monarch, STREET="4600 Madison Ave., FL 10", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E65C750985B066CBB7B485ACF86E58B1

File PE Metadata

Compilation timestamp:

9/7/2014 2:00:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:1uMSi/X+2EffuOMvmEDke4HJViL/z37Fj7N1B39wGslnlDE:1uX2DEfYTDkbJqL3J7HgGsPDE

Entry address:

0x14EFF

Entry point:

E8, BE, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, 54, 71, 41, 00, 68, 69, 4F, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, C0, 41, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, AA, 4A, 41, 00... 
[+]

Entropy:

7.1566

Code size:

86.5 KB (88,576 bytes)

The file player-chrome.exe has been seen being distributed by the following URL.

http://download0812endpoint.com/track/install?gluid=gyaEYiQh4MLIikqJpf02aAjEj91 Xfm 9R3c6S6ErL9XhUVg7P/2iFwDcuS2kfCFePKqYvr1J567mbYGdgH41sud95Xbzu RrnJ7vax7xNVRai1o0AbI4uynNdAL5Zjaytvt44vZzuoMLHpzNZm4Z6PeN FyjULAzCqyG7RkrxOJ2icaBeFi8Nd9tDVIpm/iYOQdBUmWPD/LdAJ5GXDOSyM1DiUvCvtSZfKxPmrq9He24LllAmTVgSleUlTuoLnA6bdb0GqCieX66l/gq8nwnBDS/WMxRp7/OpFg/emGU8z7qGE 7p7TEQ==&_alc=1&_cb=1&dlink=http://yourinstaller.com/o/.../Player-Chrome.exe

Remove player-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.