chrome[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

chrome.exe
Size

748KB
MD5

9e1b7a2c939eb536a9ec2f4d97a9a972
SHA1

703ef8d6821fd94e4a0a32beba7e67f971f3b566
SHA256

68ea4426aa7d187149bce1fa626b979acdc2d9887c8284121068a604f5b45a1e
SHA512

1f6ceca5b1f2f094e67810582a86413dde5270e1da58d5d1d460fd63573ef4f54de6a3a541f0333ab382e3be00882a5970756d9c19890212f72999585b584271
SSDEEP

12288:/6UE9nk8JsEHkMI9ZFtU4E/NRQRkkkkkkkkkkkkkkUkkkkkkkkkkkkkkkkkkkkkR:/63njsEEMIHFmdPekkkkkkkkkkkkkkUQ

Score

N/A

Malware Config

Signatures

Files

chrome.exe
.exe windows x86

5ef348bf87cdbadf73fae895f85afaab

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/06/2007, 00:00

Not After

18/06/2010, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:dd:14:c4:69:af:e2:e3:d8:d7:4d:a3:4c:f0:2f:bd:08:6e:eb:26
Signer

Actual PE Digest

6d:dd:14:c4:69:af:e2:e3:d8:d7:4d:a3:4c:f0:2f:bd:08:6e:eb:26

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

22/04/2009, 06:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
FormatMessageW
SetCurrentDirectoryW
WaitForSingleObject
GetExitCodeProcess
GetThreadLocale
GetLocaleInfoW
GetVersionExW
CreateFileW
GetCurrentProcessId
LeaveCriticalSection
FreeLibrary
CreateThread
GetCurrentProcess
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreW
LoadLibraryW
DeleteCriticalSection
GetCurrentThreadId
SetEvent
ResetEvent
SetNamedPipeHandleState
WaitNamedPipeW
WaitForMultipleObjects
WriteFile
TransactNamedPipe
GetModuleHandleW
TerminateProcess
GetTickCount
SetInformationJobObject
SetLastError
CreateEventW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
DuplicateHandle
TerminateJobObject
LocalFree
ResumeThread
InterlockedExchange
InterlockedCompareExchange
SignalObjectAndWait
InterlockedDecrement
InterlockedIncrement
AssignProcessToJobObject
MapViewOfFile
GetThreadContext
WriteProcessMemory
CreateFileMappingW
RegisterWaitForSingleObject
UnregisterWaitEx
CreateJobObjectW
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
CreateNamedPipeW
OpenEventW
CreateMutexW
ReadProcessMemory
VirtualQuery
SuspendThread
GetLongPathNameW
GetFileAttributesW
GetCurrentDirectoryW
lstrlenW
DebugBreak
GetUserDefaultLangID
LoadLibraryExW
HeapSetInformation
GetSystemTimeAsFileTime
ReleaseMutex
SetFilePointer
RaiseException
Sleep
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryW
GetSystemDirectoryW
QueryPerformanceCounter
UnmapViewOfFile
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetACP
GetLocaleInfoA
GetTimeZoneInformation
CreateFileA
ExitThread
UnhandledExceptionFilter
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
ExitProcess
HeapReAlloc
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
LoadLibraryA
VirtualAlloc
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
GetLastError
GetFileAttributesExW
GetModuleFileNameW
SearchPathW
SetEnvironmentVariableW
GetTempPathW
SetUnhandledExceptionFilter
CreateProcessW
GetEnvironmentVariableW
CloseHandle
GetCommandLineW

user32

UnregisterClassA
CloseDesktop
CreateDesktopW
MessageBoxW

advapi32

RevertToSelf
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetThreadToken
SetSecurityInfo
GetSecurityDescriptorSacl
CopySid
CreateWellKnownSid
RegDisablePredefinedCache
EqualSid
DuplicateToken
LookupPrivilegeValueW
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
ConvertSidToStringSidW
SetEntriesInAclW
CreateRestrictedToken
GetTokenInformation

winmm

timeGetTime

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetFolderPathW
CommandLineToArgvW

Exports

Exports

DumpProcess

Sections

.text
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ef348bf87cdbadf73fae895f85afaab

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21Certificate

Extended Key Usages

Key Usages

6d:dd:14:c4:69:af:e2:e3:d8:d7:4d:a3:4c:f0:2f:bd:08:6e:eb:26Signer

Signature Validations

Verification

22/04/2009, 06:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winmm

version

shell32

Exports

Exports

Sections

.text Size: 308KB - Virtual size: 308KB

.rdata Size: 374KB - Virtual size: 374KB

.data Size: 6KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 28KB - Virtual size: 28KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

6d:dd:14:c4:69:af:e2:e3:d8:d7:4d:a3:4c:f0:2f:bd:08:6e:eb:26
Signer

22/04/2009, 06:53
Valid: false

.text
Size: 308KB - Virtual size: 308KB

.rdata
Size: 374KB - Virtual size: 374KB

.data
Size: 6KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 28KB - Virtual size: 28KB