ChromePass[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ChromePass.exe
Size

341KB
MD5

01ecf3649dc4a7cbf5bef268d3ae47fe
SHA1

8647ce9f98b6e5c770fb10925178980080f1be2d
SHA256

744e50af5566fa5ab70d4db70d35b3b89d75018e00b6b1e8e6280030482353bc
SHA512

3902df20a30dd281a4057136842479169b9ddeefd68e1adc23e90eddb6c4edc6c9a578450ae11f77a4689f45e5f4f8ae349ab580ff35801f053c058f6cf30cc0
SSDEEP

6144:ai5HmbjC+7XW4s6fqNxLI1Xyxup5UEfZB6ipUcLl9Z5A8Mckw:aiGjlKeqNlzx8Hfhr/vMckw

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ChromePass.exe

Files

ChromePass.exe
.exe windows:4 windows x86 arch:x86

990dab8f5ab4abd17f4aa5b202ce585c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
wcstoul
_wcslwr
wcsrchr
modf
_wcsicmp
_snwprintf
wcsncat
realloc
_gmtime64
isalnum
toupper
atoi
_itow
_memicmp
memmove
strftime
isdigit
malloc
isspace
free
isxdigit
tolower
??3@YAXPAX@Z
??2@YAPAXI@Z
_wtoi
wcschr
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
memcpy
memset
_CIlog

comctl32

CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_ReplaceIcon
CreateToolbarEx

kernel32

ReadProcessMemory
GetCurrentProcess
SetErrorMode
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CopyFileW
LoadResource
FindResourceW
GetSystemDirectoryW
GlobalAlloc
FindNextFileW
OpenProcess
GetModuleHandleA
ExitProcess
GetStartupInfoW
EnumResourceTypesW
GetModuleHandleW
WideCharToMultiByte
SetFilePointer
LeaveCriticalSection
DeleteCriticalSection
GetFileAttributesA
SetEndOfFile
GetCurrentThreadId
GetFileAttributesW
InterlockedIncrement
CloseHandle
ReadFile
QueryPerformanceCounter
DeleteFileW
CreateFileW
GetCurrentProcessId
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
UnlockFile
GetTempPathA
LockFile
GetSystemTime
AreFileApisANSI
GetLastError
GetTickCount
DeleteFileA
GetSystemTimeAsFileTime
WriteFile
LockFileEx
EnterCriticalSection
GetFullPathNameW
InitializeCriticalSection
GetFullPathNameA
CreateFileA
Sleep
GetFileSize
GetVersionExW
LocalAlloc
LocalFree
FreeLibrary
GetProcAddress
SystemTimeToFileTime
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryW
FileTimeToSystemTime
LoadLibraryExW
FindClose
GetWindowsDirectoryW
SizeofResource
FormatMessageW
GlobalLock
LockResource
GetTimeFormatW
GetModuleFileNameW
GetDateFormatW
GetTempFileNameW
FindFirstFileW
GlobalUnlock

user32

GetMessageW
BeginDeferWindowPos
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
EndDeferWindowPos
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
CreateDialogParamW
SendMessageW
GetSysColor
GetDlgItem
ReleaseDC
GetWindowTextW
GetDC
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadCursorW
SetCursor
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
UpdateWindow
GetWindowRect
GetSystemMetrics
TranslateAcceleratorW
RegisterClassW
MessageBoxW
CreateWindowExW
DeferWindowPos
GetDlgItemInt
SendDlgItemMessageW
EndDialog
InvalidateRect
SetDlgItemInt
GetClientRect
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
LoadIconW
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
GetMenuStringW
CloseClipboard
OpenClipboard
GetParent
GetMenuItemCount
GetSubMenu
MoveWindow
GetMenu
GetCursorPos
CheckMenuItem
SetClipboardData
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
GetClassNameW
EnumChildWindows
LoadStringW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
DestroyWindow

gdi32

DeleteObject
SelectObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
SetBkMode
GetStockObject
SetBkColor

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoCreateGuid
CoInitialize
CoUninitialize

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

990dab8f5ab4abd17f4aa5b202ce585c

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 19KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 19KB

.rsrc
Size: 14KB - Virtual size: 14KB