× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a5a4d52609f82f829a17a5cebc203b41a460f314acfdc97aa644ed57bfa4057
File name: ChromeSetup-32bit.exe
Detection ratio: 0 / 59
Analysis date: 2017-07-12 04:17:31 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170712
AegisLab 20170712
AhnLab-V3 20170711
Alibaba 20170712
ALYac 20170712
Antiy-AVL 20170712
Arcabit 20170712
Avira (no cloud) 20170711
AVware 20170712
Baidu 20170710
BitDefender 20170712
CAT-QuickHeal 20170711
ClamAV 20170712
Comodo 20170712
CrowdStrike Falcon (ML) 20170420
Cylance 20170712
Cyren 20170712
DrWeb 20170712
Emsisoft 20170712
Endgame 20170706
ESET-NOD32 20170712
F-Prot 20170712
F-Secure 20170712
Fortinet 20170629
GData 20170712
Ikarus 20170711
Sophos ML 20170607
Jiangmin 20170712
K7AntiVirus 20170712
K7GW 20170711
Kingsoft 20170712
Malwarebytes 20170712
MAX 20170712
McAfee 20170712
McAfee-GW-Edition 20170712
Microsoft 20170712
eScan 20170712
NANO-Antivirus 20170712
nProtect 20170712
Palo Alto Networks (Known Signatures) 20170712
Panda 20170711
Qihoo-360 20170712
Rising 20170712
SentinelOne (Static ML) 20170516
Sophos AV 20170711
SUPERAntiSpyware 20170711
Symantec 20170712
Symantec Mobile Insight 20170712
Tencent 20170712
TheHacker 20170709
TotalDefense 20170711
TrendMicro 20170712
TrendMicro-HouseCall 20170712
Trustlook 20170712
VBA32 20170711
VIPRE 20170712
ViRobot 20170712
Webroot 20170712
WhiteArmor 20170706
Yandex 20170710
Zillya 20170711
ZoneAlarm by Check Point 20170712
Zoner 20170712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2007-2010 Google Inc.

Product Google Update
Original name GoogleUpdateSetup.exe
Internal name Google Update Setup
File version 1.3.33.5
Description Google Update Setup
Signature verification Signed file, verified signature
Signing date 2:39 AM 4/22/2017
Signers
[+] Google Inc
Status Valid
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 11/29/2016
Valid to 12:59 AM 11/22/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 1A6AC0549A4A44264DEB6FF003391DA2F285B19F
Serial number 14 F8 FD D1 67 F9 24 02 B1 57 0B 5D C4 95 C8 15
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-22 01:31:06
Entry Point 0x00004E56
Number of sections 6
PE sections
Overlays
MD5 ca44e1048d2095b7d96907502f11e331
File type data
Offset 1111040
Size 19288
Entropy 5.29
PE imports
GetStdHandle
WaitForSingleObject
HeapDestroy
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
LoadResource
FindClose
TlsGetValue
SetLastError
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
VerSetConditionMask
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
RemoveDirectoryW
FindFirstFileExA
FindNextFileA
GetTempPathW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
FindResourceW
CreateProcessW
GetOEMCP
SHGetFolderPathW
Ord(680)
PathQuoteSpacesW
PathAppendW
CharLowerBuffW
MessageBoxW
CoInitializeEx
CoUninitialize
Number of PE resources by type
RT_STRING 47
RT_ICON 6
B 1
GOOGLEUPDATE 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 3
HEBREW DEFAULT 1
SWEDISH 1
TELUGU DEFAULT 1
VIETNAMESE DEFAULT 1
ESTONIAN DEFAULT 1
TAMIL DEFAULT 1
FRENCH 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
GUJARATI DEFAULT 1
DUTCH 1
MARATHI DEFAULT 1
ITALIAN 1
URDU PAKISTAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
KANNADA DEFAULT 1
FARSI DEFAULT 1
PORTUGUESE BRAZILIAN 1
HINDI DEFAULT 1
TURKISH DEFAULT 1
KOREAN 1
MALAY MALAYSIA 1
CZECH DEFAULT 1
HUNGARIAN DEFAULT 1
LITHUANIAN 1
GERMAN 1
ICELANDIC DEFAULT 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SWAHILI DEFAULT 1
SLOVAK DEFAULT 1
BENGALI DEFAULT 1
GREEK DEFAULT 1
UKRAINIAN DEFAULT 1
LATVIAN DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ARABIC SAUDI ARABIA 1
ROMANIAN 1
RUSSIAN 1
MALAYALAM DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
1025536

ImageVersion
0.0

ProductName
Google Update

FileVersionNumber
1.3.33.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
GoogleUpdateSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.3.33.5

LanguageId
en

TimeStamp
2017:04:22 02:31:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Google Update Setup

ProductVersion
1.3.33.5

FileDescription
Google Update Setup

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2007-2010 Google Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Google Inc.

CodeSize
84480

FileSubtype
0

ProductVersionNumber
1.3.33.5

EntryPoint
0x4e56

ObjectFileType
Executable application

File identification
MD5 3a741222e1cfff0668f6352912bf4811
SHA1 85d946642c3d909eea3ba4354958199203051ad0
SHA256 1a5a4d52609f82f829a17a5cebc203b41a460f314acfdc97aa644ed57bfa4057
ssdeep
24576:8Ej5jDN2+fvw1wh/jSaRjJFS1t/1nCXD8FTI9nZTDReeEYAiBBBay:8iRDN2+HBNRj/inCXDIshZTDRLB7ay

authentihash 545fb11225400a97c91994481683e38c62257e75858bef99ce399c959825e96e
imphash 1f7c03adda267bb2a26e5b9e7a1df3f6
File size 1.1 MB ( 1130328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-07-12 04:17:31 UTC ( 1 year, 7 months ago )
Last submission 2017-07-12 04:17:31 UTC ( 1 year, 7 months ago )
File names Google Update Setup
GoogleUpdateSetup.exe
ChromeSetup-32bit.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
UDP communications