» player-chrome.exe
Overview
Analysis
File Details
Downloads (1)

player-chrome.exe

File Monarch

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Fusion Install ” by File Monarch has been detected as adware by 41 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

player-chrome.exe

Publisher:

Fusion Install (signed by File Monarch)

Product:

Fusion Install

Description:

Fusion Install

Version:

2.4.8.1

MD5:

0ca21b4061df394992e7d159a28f3884

SHA-1:

aea67bbd00ca5bf6e4fc3f059f743e838330d102

SHA-256:

709e46c03a25abce093c2c589e62e621cf11be1a8bfa6b7552c13f5c9bce0bd6

Scanner detections:

41 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/14/2024 9:06:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.466534

388

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.IBryte

2014.08.20

Avira AntiVirus

Adware/iBryte.bxop

7.11.167.238

avast!

Win32:PUP-gen [PUP]

2014.9-160112

AVG

Adware AdPlugin

2017.0.2866

Baidu Antivirus

Trojan.Win32.Clikug

4.0.3.16112

Bitdefender

Trojan.GenericKD.1618449

1.0.20.60

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Ibryte-592

0.98/19086

Comodo Security

Application.Win32.AgentCV.HWYE

19470

Dr.Web

Trojan.DownLoader11.31388

9.0.1.012

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.466534

8.16.01.12.01

ESET NOD32

Win32/AdWare.iBryte.BL application

10.7.0.302.0

Fortinet FortiGate

W32/Malware_fam.NB

1/12/2016

F-Prot

W32/A-c255719d

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.466534

11.2016-12-01_3

G Data

Win32.Adware.Ibryte

16.1.24

IKARUS anti.virus

Trojan-Clicker.BFNI

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.183.13319

Kaspersky

not-a-virus:AdWare.Win32.iBryte

14.0.0.827

Malwarebytes

PUP.Optional.iBryte

v2016.01.12.01

McAfee

Artemis!0FF2B0F7AD04

5600.6522

Microsoft Security Essentials

TrojanClicker:Win32/Clikug.A

1.10401

MicroWorld eScan

Trojan.GenericKD.1618449

17.0.0.36

NANO AntiVirus

Trojan.Win32.Adpeak.cumkpw

0.28.0.59826

Norman

Gen:Variant.Kazy.466534

11.20160112

nProtect

Trojan.GenericKD.1618449

14.04.10.01

Panda Antivirus

Trj/Genetic.gen

16.01.12.01

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Quick Heal

TrojanDownloader.Badur.A5

1.16.14.00

Reason Heuristics

PUP.Adknowledge.FileMonarch.Bundler (M)

16.1.12.13

Rising Antivirus

PE:Malware.iBryte!6.192B

23.00.65.16110

Sophos

Virus 'Mal/Inject-CEE'

SUPERAntiSpyware

PUP.OptimumInstaller/Variant

9390

Total Defense

Win32/Tnega.IQAFGOD

37.0.11237

Trend Micro House Call

TROJ_CLIKUG.A

7.2.12

Trend Micro

TROJ_CLIKUG.A

10.465.12

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4798837

32938

Zillya! Antivirus

Adware.iBryte.Win32.854

2.0.0.1790

File size:

261.4 KB (267,640 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\player-chrome.exe

Digital Signature

Signed by:

File Monarch

Authority:

COMODO CA Limited

Valid from:

3/17/2014 5:00:00 PM

Valid to:

3/18/2015 4:59:59 PM

Subject:

CN=File Monarch, O=File Monarch, STREET="4600 Madison Ave., FL 10", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E65C750985B066CBB7B485ACF86E58B1

File PE Metadata

Compilation timestamp:

9/7/2014 2:00:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:TuMSi/X+2EffuOMvmEDke4HJViL/z37Fj7N1B39wGslDJ:TuX2DEfYTDkbJqL3J7HgGspJ

Entry address:

0x14EFF

Entry point:

E8, BE, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, 54, 71, 41, 00, 68, 69, 4F, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, C0, 41, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, AA, 4A, 41, 00... 
[+]

Entropy:

7.1561

Code size:

86.5 KB (88,576 bytes)

The file player-chrome.exe has been seen being distributed by the following URL.

http://download1401bucket.com/track/install?gluid=gyaEYiQh4MIYSem0qAaTwdewsALD yqydce5mNHIieBdm5WFh3qkqg5vuEUoIMS2rLiseqwCytoraM2uoSLlyrzzKWrXLJuEmPL1bJ6mBORWmMXjD/BqZfKWSZ8pLXy0LDtA6lk1R4YllCYMy0JNKSYg1m7QpQYm0uDd4jHxC5OkJ8y30k9nUCK2KlHbQXffOMGpfFTPWFsmk/SN18rPZrYs/004ZZqGhIDFcVkNjExIVCeouaFKgA7RM Gi8d3JInFhWymYGzdnAfOTQ/wk5Pm/XRJ8P1e4T5k5Mp0bH864eCRS4lwGOTEVld 3SSjLDqATNA7CdgqbEX/9v85gbxgyw5r3PvDEGrQKgQp9rIa/uyEgoouq3xzDKP3neyTkUhiC2zooy FXQznuXKz79T5Z9wxGbmMgY9YRuB/0Rv2c6By9XONmiFZoi KnBIkgT/w8iK6fqktuEJmrSrF3RjMv7MiC6WDVbnUj/DfUFQQJ7aVTkLrOFhnjIiSlHmcX&_alc=1&_cb=1&dlink=http://yourinstaller.com/o/.../Player-Chrome.exe

Remove player-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.