ChromePass[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ChromePass.exe
Size

232KB
MD5

36e91497fee355a45a5cb23a5ea91139
SHA1

05f2c4cc8e2ef0f8e6f3a24ac1d3e315543a62cf
SHA256

c4304f7bb6ef66c0676c6b94d25d3f15404883baa773e94f325d8126908e1677
SHA512

1918f379065a771897da62c3252e1d37b6d300898cd903cf48f1c3b60d9dd440d426d7ab9948ec248861f9db819e4592501636593ceb7a980373e74bc7b43c76
SSDEEP

6144:vpT0A/lgl9vZ2QH7lVVuHrSJ/g1R9oUkx:vpT9gl7Z/g1QUkx

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

ChromePass.exe
.exe windows x86

550f30023107c27802c269535dc454b7

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30-03-2016 00:00

Not After

30-06-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:62:cd:4e:fa:3b:4b:9e:1a:fc:45:da:0a:0f:c3:1e:b4:ea:4b:4b:6a:a5:fc:38:79:f4:89:9d:b5:ab:50:85
Signer

Actual PE Digest

08:62:cd:4e:fa:3b:4b:9e:1a:fc:45:da:0a:0f:c3:1e:b4:ea:4b:4b:6a:a5:fc:38:79:f4:89:9d:b5:ab:50:85

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

27-01-2018 09:24
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

c2:cf:96:fb:0e:d0:4c:03:0b:cf:a7:9a:cf:9b:14:07:4e:88:a9:38
Signer

Actual PE Digest

c2:cf:96:fb:0e:d0:4c:03:0b:cf:a7:9a:cf:9b:14:07:4e:88:a9:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

27-01-2018 09:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

realloc
isalnum
_gmtime64
isxdigit
tolower
_ftol
strcmp
isspace
isdigit
strftime
atoi
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
toupper
_wcmdln
__wgetmainargs
wcstoul
_memicmp
wcsrchr
malloc
wcschr
free
modf
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
_wcsicmp
_purecall
_wcslwr
_itow
exit
wcslen
wcscmp
log
strlen
abs
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

comctl32

CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateStatusWindowW

kernel32

LockFile
UnlockFile
DeleteFileA
QueryPerformanceCounter
GetSystemTime
FlushFileBuffers
GetTempPathA
InterlockedIncrement
LockFileEx
GetFileAttributesA
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CreateFileA
Sleep
GetFullPathNameA
GetFullPathNameW
InitializeCriticalSection
EnumResourceTypesW
OpenProcess
ReadProcessMemory
GetCurrentProcess
GetSystemTimeAsFileTime
EnterCriticalSection
GetModuleHandleA
GetStartupInfoW
SetEndOfFile
GetTickCount
AreFileApisANSI
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
SystemTimeToFileTime
LocalFree
CopyFileW
CreateFileW
CompareFileTime
WriteFile
WideCharToMultiByte
GetProcAddress
FreeLibrary
LoadLibraryW
GetFileSize
GetLastError
LocalAlloc
FileTimeToSystemTime
FindResourceW
GetTempPathW
LoadResource
LoadLibraryExW
FindNextFileW
SizeofResource
FormatMessageW
FindClose
GlobalLock
GetVersionExW
GetWindowsDirectoryW
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
ReadFile
LockResource
SetFilePointer
GetModuleFileNameW
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
SetErrorMode
GetCurrentProcessId
ExitProcess

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
BeginDeferWindowPos
RegisterWindowMessageW
EndDeferWindowPos
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
LoadStringW
EnumChildWindows
DestroyWindow
CreateDialogParamW
DestroyMenu
GetDlgCtrlID
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
EndDialog
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadIconW
LoadImageW
GetWindowLongW
SetWindowLongW
SetFocus
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
CloseClipboard
MoveWindow
GetMenuItemCount
GetParent
CheckMenuItem
GetCursorPos
GetSysColor
GetMenu
GetSubMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetDC
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

550f30023107c27802c269535dc454b7

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

08:62:cd:4e:fa:3b:4b:9e:1a:fc:45:da:0a:0f:c3:1e:b4:ea:4b:4b:6a:a5:fc:38:79:f4:89:9d:b5:ab:50:85Signer

Signature Validations

Verification

27-01-2018 09:24 Valid: true

Chain 1

c2:cf:96:fb:0e:d0:4c:03:0b:cf:a7:9a:cf:9b:14:07:4e:88:a9:38Signer

Signature Validations

Verification

27-01-2018 09:24 Valid: false

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 13KB - Virtual size: 12KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

08:62:cd:4e:fa:3b:4b:9e:1a:fc:45:da:0a:0f:c3:1e:b4:ea:4b:4b:6a:a5:fc:38:79:f4:89:9d:b5:ab:50:85
Signer

27-01-2018 09:24
Valid: true

c2:cf:96:fb:0e:d0:4c:03:0b:cf:a7:9a:cf:9b:14:07:4e:88:a9:38
Signer

27-01-2018 09:24
Valid: false

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 13KB - Virtual size: 12KB