PatchMyPC: Chrome setup unknown to VirusTotal

Discussion in 'other software & services' started by Oddo, Jan 29, 2018.

  1. Oddo

    Oddo Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    14
    Location:
    Schweden
    Hi,
    I use patchmypc and I experience regularly that the chrome updates do not appear on virustotal, which is usually a clear malware indicator. E.g. the latest version (XX.119) from PatchMyPC has SHA1 2930041fb94bb5b48dc83840b70972261909d222 - you do not find it on the web. Strange thing. Nevertheless, it is signed. This happens only with Chrome setup files on PatchMyPc. If I download the setup directly from Google, it has a different hash and I can find it on VT, too. Any explanations?

    Thanks
    Oddo

    ps: you can find the setup on VT now because I just uploaded it. But I was the first one (check first submission date and compare it to release date: 5 days difference. Completely strange for such a mass file like chrome setup...)

    edit:
    In case someone is interested in the file, I uploaded it here: https://ufile.io/msb76
     
    Last edited: Jan 29, 2018
  2. lofac

    lofac Registered Member

    Joined:
    Jan 18, 2018
    Posts:
    125
    Location:
    .
    I'm not sure how PatchMyPC handles chrome updates, but could it be that it doesn't trigger the chrome self-update but rather download a version from their server?, OR does the chrome self-update generates unique executable (not the same setup file you get from official page, since it is an online installer thus it's merely a downloader? OR it could be just that the setup exe is one thing and the update exe is another? I mean, the setup exe itself probably doesn't get updated on every release, again, since it acts like an installer (Just giving an idea that you may investigate upon)

    To confirm on this, I remember using a very old (like 1 year old) chrome online installer, used it on a machine and it always downloaded the latest version of chrome.

    Also, I believe if it was attempted to modify the executable it should alter signing cert. (although this could be bypassed but chances are very little!)

    Your best bet is to contact PatchMyPC and see their reply on this matter, I'd like to know why too.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.