× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382
File name: ChromePass.exe
Detection ratio: 22 / 50
Analysis date: 2014-04-12 19:57:45 UTC ( 1 week, 4 days ago )
Antivirus Result Update
AVG Tool.QL 20140412
Ad-Aware Gen:Application.Heur.nq0@beOSiUkO 20140412
Agnitum Riskware.PSWTool! 20140412
Antiy-AVL Trojan[PSWTool:not-a-virus]/Win32.NetPass 20140412
Avast Win32:PSWtool-AI [PUP] 20140412
Baidu-International Hacktool.Win32.Keyfinder.34 20140412
BitDefender Gen:Application.Heur.nq0@beOSiUkO 20140412
Bkav W32.Clodc34.Trojan.1b11 20140412
DrWeb Tool.ChromePass.1 20140412
ESET-NOD32 Win32/PSWTool.ChromePass.A 20140412
F-Secure Gen:Application.Heur.nq0@beOSiUkO 20140412
GData Gen:Application.Heur.nq0@beOSiUkO 20140412
Jiangmin PSWTool.ChromePass.a 20140412
Malwarebytes PUP.ChromePasswordTool 20140412
McAfee Tool-PassView 20140412
McAfee-GW-Edition Tool-PassView 20140412
MicroWorld-eScan Gen:Application.Heur.nq0@beOSiUkO 20140412
NANO-Antivirus Trojan.Win32.Ool.vpzjp 20140412
Rising PE:Trojan.Win32.Generic.134F0823!323946531 20140412
Symantec PasswordRevealer 20140412
VBA32 TrojanPSW.Multi 20140411
VIPRE Trojan.Win32.Generic!BT 20140412
AegisLab 20140412
AhnLab-V3 20140412
AntiVir 20140412
ByteHero 20140412
CAT-QuickHeal 20140412
CMC 20140411
ClamAV 20140412
Commtouch 20140412
Comodo 20140412
Emsisoft 20140412
F-Prot 20140412
Fortinet 20140412
Ikarus 20140412
K7AntiVirus 20140411
K7GW 20140411
Kaspersky 20140412
Kingsoft 20140412
Microsoft 20140412
Norman 20140412
Panda 20140412
Qihoo-360 20140411
SUPERAntiSpyware 20140412
Sophos 20140412
TheHacker 20140411
TotalDefense 20140412
TrendMicro 20140412
TrendMicro-HouseCall 20140412
ViRobot 20140412
nProtect 20140411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 2008 - 2012 Nir Sofer

Publisher NirSoft
Product ChromePass
Original name ChromePass.exe
Internal name ChromePass
File version 1.22
Description ChromePass
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-05 08:32:12
Link date 9:32 AM 5/5/2012
Entry Point 0x0002AE90
Number of sections 4
PE sections
PE imports
CryptDeriveKey
CryptReleaseContext
RegCloseKey
CryptGetHashParam
RegOpenKeyExW
CryptAcquireContextW
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
CreateToolbarEx
CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
SetBkMode
SetBkColor
DeleteObject
SetTextColor
AreFileApisANSI
GetLastError
CopyFileW
EnterCriticalSection
GetSystemTime
FileTimeToSystemTime
GetFileAttributesA
EnumResourceNamesW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
SystemTimeToFileTime
GlobalUnlock
FlushFileBuffers
GetFileAttributesW
LockFile
DeleteCriticalSection
GetCurrentProcess
UnlockFile
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
FindNextFileW
LocalAlloc
OpenProcess
LockResource
SetFilePointer
DeleteFileA
GetWindowsDirectoryW
GetDateFormatW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
GetModuleFileNameW
GetTimeFormatW
GetTempPathA
SetEndOfFile
LockFileEx
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
ReadFile
GetCurrentProcessId
WriteFile
CloseHandle
GetSystemTimeAsFileTime
EnumResourceTypesW
FindFirstFileW
GetModuleHandleW
GlobalLock
SetErrorMode
GetFullPathNameA
LocalFree
FormatMessageW
GetTempPathW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
FindClose
Sleep
GetFullPathNameW
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetFileSize
LeaveCriticalSection
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SetFocus
RegisterWindowMessageW
GetParent
UpdateWindow
DrawTextExW
EndDialog
GetMessageW
DeferWindowPos
ModifyMenuW
GetDlgCtrlID
DestroyMenu
EnumChildWindows
PostQuitMessage
ShowWindow
LoadMenuW
SetWindowPos
GetSysColorBrush
BeginDeferWindowPos
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
EnableWindow
SetMenu
MoveWindow
DialogBoxParamW
MapWindowPoints
ChildWindowFromPoint
TranslateMessage
GetDlgItemTextW
PostMessageW
GetSysColor
GetDlgItemInt
SetDlgItemTextW
DispatchMessageW
EndDeferWindowPos
ReleaseDC
GetMenuStringW
CheckMenuItem
SendMessageW
SetClipboardData
RegisterClassW
SendDlgItemMessageW
GetSystemMetrics
GetWindowPlacement
EmptyClipboard
DestroyWindow
GetClientRect
GetCursorPos
GetDlgItem
DefWindowProcW
GetDC
InvalidateRect
CreateDialogParamW
GetSubMenu
OpenClipboard
LoadImageW
GetClassNameW
TrackPopupMenu
LoadStringW
IsDialogMessageW
GetMenuItemCount
GetMenuItemInfoW
SetWindowTextW
GetWindowTextW
EnableMenuItem
SetDlgItemInt
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
TranslateAcceleratorW
SetCursor
FindTextW
GetSaveFileNameW
_purecall
__wgetmainargs
malloc
__p__fmode
_ftol
wcstoul
memset
wcschr
__dllonexit
_wcslwr
_controlfp
toupper
isdigit
isxdigit
strlen
_memicmp
_cexit
_c_exit
wcscpy
log
isalnum
??2@YAPAXI@Z
__p__commode
_onexit
wcslen
wcscmp
abs
exit
_XcptFilter
_itow
wcsncat
__setusermatherr
isspace
_wcmdln
_except_handler3
_wcsicmp
tolower
_adjust_fdiv
memcmp
??3@YAXPAX@Z
free
wcscat
atoi
realloc
memcpy
_gmtime64
_snwprintf
wcsrchr
modf
_initterm
_exit
strcmp
strftime
__set_app_type
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_STRING 5
RT_BITMAP 3
RT_ICON 2
RT_MENU 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
HEBREW DEFAULT 11
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
44544

ImageVersion
0.0

ProductName
ChromePass

FileVersionNumber
1.2.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
ChromePass.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.22

TimeStamp
2012:05:05 09:32:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChromePass

FileAccessDate
2014:04:12 20:58:48+01:00

ProductVersion
1.22

FileDescription
ChromePass

OSVersion
4.0

FileCreateDate
2014:04:12 20:58:48+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2008 - 2012 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
173568

FileSubtype
0

ProductVersionNumber
1.2.2.0

EntryPoint
0x2ae90

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 7b641e136f446860c48a3a870523249f
SHA1 f55465c1581b8cc1a012d3b7d8504c55e8e66e1c
SHA256 4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382
ssdeep
3072:MqAceXnK1+cDhMoz0tK14S23JAzZz67uM5/CR7HVmvEuXb1/ef5iJ3l3kyY7Za:M/jchMoStJqzk4R7EvEuXJ/Oi9l3kc

imphash d8199d1ceb9095a2f8fb9efefd4d6df1
File size 214.0 KB ( 219136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe mz via-tor

VirusTotal metadata
First submission 2012-05-06 06:45:12 UTC ( 1 year, 11 months ago )
Last submission 2014-04-12 19:57:45 UTC ( 1 week, 4 days ago )
File names vt-upload-0TFD3
c
ChromePass
7b641e136f446860c48a3a870523249f
GoogleChrome.exe
ChromePass.exe
chromepass.exe
cwinsdok.exe
mmmm.exe
1416839
output.1416839.txt
WebBrowserPassView3.exe
vt-upload-8MKg_
CP.txt
C.exe
smona_4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382.bin
People.doc
65CFD8C300D9755358830323143CEF002F0536A6.exe
file-3944029_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!