player-chrome.exe

WARP INSTALL

The software uses the Optimum Installer/Fusion Installer (Adknowledge) to download and install an offer stack of adware including toolbars, coupon extensions and various unwanted utilities. This installer is just a stub to present offers and download the expected software. The application player-chrome.exe, “Fusion Install ” by WARP INSTALL has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Fusion Install   (signed by WARP INSTALL)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
3175dd025117dfd5fdb53d34fc277eca

SHA-1:
a4304bc201ab4450b96376214d8077d5ec260bc5

SHA-256:
28f7895b4fa520ac2dbd06798fa83615591553bb84a60ebe328f5dcca3f66f88

Scanner detections:
33 / 68

Status:
Adware

Explanation:
This setup/installer bundles various adware components (toolbars, shopping extensions, utility offers).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 2:34:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.OptimumInstaller.3
363

AhnLab V3 Security
2014.10.12

Avira AntiVirus
Adware/iBryte.bxoq
7.11.177.172

avast!
Win32:PUP-gen [PUP]
2014.9-160207

AVG
Adware Generic_s
2017.0.2841

Bitdefender
Gen:Variant.Application.Bundler.OptimumInstaller.3
1.0.20.190

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-6860
0.98/19501

Comodo Security
Application.Win32.IBryte.S
19774

Dr.Web
Trojan.iBryte.522
9.0.1.038

Emsisoft Anti-Malware
8.16.02.07.07

ESET NOD32
Win32/AdWare.iBryte.V.gen application
10.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.13751
2/7/2016

F-Prot
W32/A-512ed8f8
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2016-07-02_1

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13642

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.698

Malwarebytes
v2016.02.07.07

MicroWorld eScan
Gen:Variant.Application.Bundler.OptimumInstaller.3
17.0.0.114

NANO AntiVirus
Trojan.Win32.Agent.cwajlu
0.28.2.62483

Norman
Gen:Variant.Application.Bundler.OptimumInstaller.3
11.20160207

Panda Antivirus
Trj/Genetic.gen
16.02.07.07

Quick Heal
Adware.iBryte.DK4
2.16.14.00

Reason Heuristics
PUP.Adknowledge.WARPINSTALL.Installer (M)
16.2.7.7

Rising Antivirus
PE:Malware.iBryte!6.14B5
23.00.65.16205

Sophos
PUA 'iBryte Optimum Installer'
5.14

Total Defense
Win32/Tnega.XABfAXD
37.1.62.1

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

Zillya! Antivirus
Downloader.Agent.Win32.185523
2.0.0.1951

File size:
216.3 KB (221,472 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\player-chrome.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=WARP INSTALL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WARP INSTALL, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
52A35E3AC3B67E8CD7BB42D490658BBA

File PE Metadata
Compilation timestamp:
3/4/2014 4:44:40 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:dtEcZ9oIAJiqD2xNKDVF3jAO/Xuc7UKKQsc7+aM56ipr9U:fxZqD7hEO/uhgsc7+aHipr9U

Entry address:
0xD46B

Entry point:
E8, CC, 47, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, A4, 82, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 5C, 80, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.3924

Code size:
152.5 KB (156,160 bytes)

The file player-chrome.exe has been seen being distributed by the following URL.

Remove player-chrome.exe - Powered by Reason Core Security