home

player-chrome.exe

Liquidbuild

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application player-chrome.exe, “Fusion Install ” by Liquidbuild has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Fusion Install   (signed by Liquidbuild)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
bb72676c78f73a1d4726da8ee1cf7184

SHA-1:
b7878af913b9e8a90f6d593774c05e0c845656c2

SHA-256:
121ec106c2c9acb464e0e8993682de07de18f099ffa5ca5818aac5a0a58e243a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 9:26:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
17.3.13.1

File size:
110.4 KB (113,016 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\player-chrome.exe

Digital Signature
Signed by:
Liquidbuild

Authority:
COMODO CA Limited

Valid from:
7/15/2014 9:00:00 PM

Valid to:
7/16/2015 8:59:59 PM

Subject:
CN=Liquidbuild, O=Liquidbuild, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008FC3C0F7127DA5163CC077AE5035B2ED

File PE Metadata
Compilation timestamp:
10/23/2014 1:35:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xF0EF

Entry point:
E8, BE, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, 60, 11, 41, 00, 68, 59, F1, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, 80, 41, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, A0, EC, 40, 00...
 
[+]

Code size:
63.5 KB (65,024 bytes)

Remove player-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.