G:\CS\chrome-stats-workspace\apps\extension-installer\target\x86_64-pc-windows-msvc\release\deps\chrome_stats.pdb
Static task
static1
Behavioral task
behavioral1
Sample
chrome-stats.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
chrome-stats.exe
Resource
win10v2004-20240802-en
General
-
Target
chrome-stats.exe
-
Size
3.0MB
-
MD5
1747d85fc9e973827ee155e1ab4922f2
-
SHA1
97e467527dd5f73a57495260466d07be455b9098
-
SHA256
a340c089e61263752f54d88bdac07f3deb72077b3f8f8cc68dfec802919937e4
-
SHA512
8efcb2a4504f98565899f4be05d163e481e37fa9fc5266dcb06cd96462bc4ef1cd53b6732de380117fe33c40c7a354df1af3aedb4ef0cb15794d0fcba040d976
-
SSDEEP
49152:Nmcll+Bd2si2MOvkCYYXsh1DXJ3laNvo7vwmCi:1sJh6XHvwmd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource chrome-stats.exe
Files
-
chrome-stats.exe.exe windows:6 windows x64 arch:x64
55d144f55f601d04e2ed83a8093f5471
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
advapi32
RegQueryValueExW
SystemFunction036
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
kernel32
TlsSetValue
GetSystemTimeAsFileTime
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
SetHandleInformation
GetCurrentProcessId
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
ReleaseMutex
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
GetFinalPathNameByHandleW
GetConsoleMode
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
CreateThread
TlsGetValue
user32
MessageBoxW
ws2_32
getsockopt
shutdown
recv
send
WSASend
getsockname
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
getpeername
ioctlsocket
connect
bind
WSASocketW
closesocket
secur32
ApplyControlToken
EncryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleA
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
crypt32
CertFreeCertificateChain
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateStore
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
bcrypt
BCryptGenRandom
vcruntime140
__C_specific_handler
memcmp
memcpy
__current_exception
__CxxFrameHandler3
__current_exception_context
memset
_CxxThrowException
memmove
api-ms-win-crt-math-l1-1-0
pow
__setusermatherr
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
_initialize_narrow_environment
_c_exit
_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
_initialize_onexit_table
_register_onexit_function
__p___argv
_cexit
_crt_atexit
_register_thread_local_exe_atexit_callback
terminate
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 998KB - Virtual size: 998KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ