× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10797e09809dd8ecb2f4cce20084d0fa290d7582acead60a4ff925dde5aad211
File name: chrome_exe
Detection ratio: 0 / 66
Analysis date: 2018-10-28 15:26:25 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20181028
AegisLab 20181028
AhnLab-V3 20181028
Alibaba 20180921
Antiy-AVL 20181028
Arcabit 20181028
Avast 20181028
Avast-Mobile 20181028
AVG 20181028
Avira (no cloud) 20181028
Babable 20180918
Baidu 20181026
BitDefender 20181028
Bkav 20181025
CAT-QuickHeal 20181028
ClamAV 20181028
CMC 20181028
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181028
Cyren 20181028
DrWeb 20181028
eGambit 20181028
Emsisoft 20181028
Endgame 20180730
ESET-NOD32 20181028
F-Prot 20181028
F-Secure 20181028
Fortinet 20181028
GData 20181028
Sophos ML 20180717
Jiangmin 20181028
K7AntiVirus 20181028
K7GW 20181025
Kaspersky 20181028
Kingsoft 20181028
Malwarebytes 20181028
MAX 20181028
McAfee 20181028
McAfee-GW-Edition 20181028
Microsoft 20181028
eScan 20181028
NANO-Antivirus 20181028
Palo Alto Networks (Known Signatures) 20181028
Panda 20181028
Qihoo-360 20181028
Rising 20181028
SentinelOne (Static ML) 20181011
Sophos AV 20181028
SUPERAntiSpyware 20181022
Symantec 20181027
Symantec Mobile Insight 20181026
TACHYON 20181028
Tencent 20181028
TheHacker 20181025
TotalDefense 20181028
TrendMicro 20181028
TrendMicro-HouseCall 20181028
Trustlook 20181028
VBA32 20181026
VIPRE 20181028
ViRobot 20181028
Webroot 20181028
Yandex 20181026
Zillya 20181028
ZoneAlarm by Check Point 20181028
Zoner 20181027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2016 Google Inc. All rights reserved.

Product Google Chrome
Original name chrome.exe
Internal name chrome_exe
File version 57.0.2987.133
Description Google Chrome
Signature verification Signed file, verified signature
Signing date 9:47 AM 3/29/2017
Signers
[+] Google Inc
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 12/16/2015
Valid to 12:59 AM 12/17/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5A9272CE76A9415A4A3A5002A2589A049312AA40
Serial number 2A 9C 21 AC AA A6 3A 3C 58 A7 B9 32 2B EE 94 8D
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/2/2017
Valid to 12:59 AM 4/2/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
PE header basic information
Target machine x64
Compilation timestamp 2017-03-29 04:30:18
Entry Point 0x00090F90
Number of sections 8
PE sections
Overlays
MD5 ce1a414f9d36fbaef6c94ab743234bbd
File type data
Offset 1104896
Size 7000
Entropy 7.33
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
GetAce
LookupPrivilegeValueW
GetSecurityInfo
RegDisablePredefinedCache
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
DuplicateToken
RegOpenKeyExW
CreateProcessAsUserW
SystemFunction036
SetTokenInformation
CopySid
GetTokenInformation
DuplicateTokenEx
GetKernelObjectSecurity
SetEntriesInAclW
GetSecurityDescriptorSacl
CreateRestrictedToken
GetLengthSid
ImpersonateNamedPipeClient
ConvertStringSidToSidW
SetSecurityInfo
RegDeleteValueW
RevertToSelf
RegSetValueExW
EqualSid
SetThreadToken
SetKernelObjectSecurity
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
CreateIoCompletionPort
CreateJobObjectW
HeapDestroy
SignalObjectAndWait
ReplaceFileW
IsValidLocale
GetFileAttributesW
SetInformationJobObject
SystemTimeToTzSpecificLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
EnumSystemLocalesW
RtlUnwindEx
UnhandledExceptionFilter
GetFileInformationByHandle
InitializeSListHead
GetThreadContext
TerminateJobObject
SetStdHandle
WideCharToMultiByte
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetStringTypeW
ResumeThread
SetEvent
LocalFree
ConnectNamedPipe
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
QueryDosDeviceW
MoveFileW
SetFileAttributesW
DebugBreak
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
GetUserDefaultLangID
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetThreadLocale
QueryPerformanceFrequency
HeapSetInformation
LoadLibraryExA
QueryFullProcessImageNameW
RtlVirtualUnwind
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
SetEnvironmentVariableW
FormatMessageA
RegisterWaitForSingleObject
GetFullPathNameW
LockFileEx
CreateThread
GetSystemDirectoryW
RtlCaptureStackBackTrace
DisconnectNamedPipe
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetVersion
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
ReadProcessMemory
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
FreeLibrary
CreateRemoteThread
RtlPcToFileHeader
GetWindowsDirectoryW
SetHandleInformation
AcquireSRWLockExclusive
WriteProcessMemory
OpenProcess
GetStartupInfoW
VirtualAllocEx
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
GetTempFileNameW
CreateFileMappingW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
GetComputerNameExW
FindFirstFileW
ReleaseSRWLockExclusive
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
ReadConsoleW
GetFileInformationByHandleEx
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
GetLocaleInfoW
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
GetConsoleCP
FindResourceW
UnregisterWaitEx
AssignProcessToJobObject
GetProcessTimes
SetProcessShutdownParameters
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
WaitNamedPipeW
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
TransactNamedPipe
CreateSemaphoreW
EncodePointer
SuspendThread
Wow64GetThreadContext
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CreateNamedPipeW
RtlCaptureContext
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
GetLongPathNameW
GetProcessHandleCount
GetThreadId
IsValidCodePage
UnmapViewOfFile
GetTempPathW
PostQueuedCompletionStatus
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
GetMappedFileNameW
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetKnownFolderPath
GetWindowThreadProcessId
GetUserObjectInformationW
AllowSetForegroundWindow
FindWindowExW
wsprintfW
CloseDesktop
SendMessageTimeoutW
SetProcessWindowStation
CreateWindowStationW
IsWindow
GetProcessWindowStation
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
timeGetTime
SignalInitializeCrashReporting
GetInstallDetailsPayload
SignalChromeElf
PE exports
Number of PE resources by type
RT_ICON 31
RT_GROUP_ICON 7
GOOGLEUPDATEAPPLICATIONCOMMANDS 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 41
PE resources
Debug information
ExifTool file metadata
CodeSize
742912

SubsystemVersion
5.2

OfficialBuild
1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
57.0.2987.133

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Google Chrome

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
378368

EntryPoint
0x90f90

OriginalFileName
chrome.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016 Google Inc. All rights reserved.

CompanyShortName
Google

FileVersion
57.0.2987.133

TimeStamp
2017:03:29 05:30:18+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
chrome_exe

ProductVersion
57.0.2987.133

UninitializedDataSize
0

OSVersion
5.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Google Inc.

ProductShortName
Chrome

ProductName
Google Chrome

ProductVersionNumber
57.0.2987.133

LastChange
ec33cd0c06881d919ac0de419d829ad914e0be8f-refs/branch-heads/2987@{#887}

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 ec820250bbf2ac99b27dd3a6f3a995eb
SHA1 3f7fe251485042c3e473e8b372fe4936b18135dd
SHA256 10797e09809dd8ecb2f4cce20084d0fa290d7582acead60a4ff925dde5aad211
ssdeep
24576:bkNfxxmDuekYsW8UL0VHI8CiNLAmAUZM3TzjOImwrH:bMeDTkYsLxhRCCr1wTziI5

authentihash 8c87cff1d20a56cc979d4e2a54ca3d5719b879368cd128c77132444f1ee09b4f
imphash 32b5a30b8ed220a6ab442b258518400c
File size 1.1 MB ( 1111896 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2017-03-29 19:28:49 UTC ( 1 year, 8 months ago )
Last submission 2018-05-14 07:59:01 UTC ( 7 months ago )
File names Chrome.exe
Wordchrome.exe
chrome.exe
10797e09809dd8ecb2f4cce20084d0fa290d7582acead60a4ff925dde5aad211.bin
chrome_exe
chrome.exe
chrome.exe
[1]chrome.exe
chrome.exe
chrome.exe
chrome.exe
new_chrome.exe
chrome.exe
chrome.exe
CHROME.EXE
chrome.exe
chrome.exe
ec820250bbf2ac99b27dd3a6f3a995eb
{1997fe36-a14d-42c6-8000-804ab1cf878d}
2.exe
chrome.exe
chrome.exe
chrome.exe
897549690.exe
chrome.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!