× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382
File name: dome.exe
Detection ratio: 25 / 55
Analysis date: 2016-05-05 20:31:05 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
AVG Tool.QL 20160505
AVware Trojan.Win32.Generic!BT 20160505
Ad-Aware Gen:Application.Heur.nq0@beOSiUkO 20160505
Antiy-AVL Trojan[PSWTool:not-a-virus]/Win32.NetPass 20160505
Avast Win32:GenMaliciousA-GKG [PUP] 20160505
Baidu-International Hacktool.Win32.Keyfinder.34 20160505
BitDefender Gen:Application.Heur.nq0@beOSiUkO 20160505
DrWeb Tool.ChromePass.1 20160505
ESET-NOD32 Win32/PSWTool.ChromePass.A potentially unsafe 20160505
F-Secure Gen:Application.Heur.nq0@beOSiUkO 20160505
GData Gen:Application.Heur.nq0@beOSiUkO 20160505
Jiangmin PSWTool.ChromePass.a 20160505
Malwarebytes PUP.Optional.ChromePasswordTool 20160505
McAfee Tool-PassView 20160505
McAfee-GW-Edition Tool-PassView 20160505
eScan Gen:Application.Heur.nq0@beOSiUkO 20160505
Microsoft HackTool:Win32/ChromePass 20160505
NANO-Antivirus Trojan.Win32.Ool.vpzjp 20160505
Rising Trjoan.Generic-OYJ8a9AfP2J (Cloud) 20160505
Symantec PasswordRevealer 20160505
VBA32 TrojanPSW.Multi 20160505
VIPRE Trojan.Win32.Generic!BT 20160505
ViRobot Trojan.Win32.S.Agent.219136.X[h] 20160505
Yandex Riskware.PSWTool! 20160502
Zillya Tool.NetPass.Win32.1320 20160505
ALYac 20160505
AegisLab 20160505
AhnLab-V3 20160505
Alibaba 20160505
Arcabit 20160505
Avira (no cloud) 20160505
Baidu 20160505
CAT-QuickHeal 20160505
CMC 20160504
ClamAV 20160504
Comodo 20160505
Cyren 20160505
Emsisoft 20160503
F-Prot 20160505
Fortinet 20160505
Ikarus 20160505
K7AntiVirus 20160505
K7GW 20160505
Kaspersky 20160505
Kingsoft 20160505
Panda 20160505
Qihoo-360 20160505
SUPERAntiSpyware 20160505
Sophos 20160505
Tencent 20160505
TheHacker 20160505
TrendMicro 20160505
TrendMicro-HouseCall 20160505
Zoner 20160505
nProtect 20160504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008 - 2012 Nir Sofer

Product ChromePass
Original name ChromePass.exe
Internal name ChromePass
File version 1.22
Description ChromePass
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-05 08:32:12
Entry Point 0x0002AE90
Number of sections 4
PE sections
PE imports
CryptDeriveKey
CryptReleaseContext
RegCloseKey
CryptGetHashParam
RegOpenKeyExW
CryptAcquireContextW
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
CreateToolbarEx
CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
SetBkMode
SetBkColor
DeleteObject
SetTextColor
AreFileApisANSI
GetLastError
CopyFileW
EnterCriticalSection
GetSystemTime
FileTimeToSystemTime
GetFileAttributesA
EnumResourceNamesW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
SystemTimeToFileTime
GlobalUnlock
FlushFileBuffers
GetFileAttributesW
LockFile
DeleteCriticalSection
GetCurrentProcess
UnlockFile
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
FindNextFileW
LocalAlloc
OpenProcess
LockResource
SetFilePointer
DeleteFileA
GetWindowsDirectoryW
GetDateFormatW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
GetModuleFileNameW
GetTimeFormatW
GetTempPathA
SetEndOfFile
LockFileEx
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
ReadFile
GetCurrentProcessId
WriteFile
CloseHandle
GetSystemTimeAsFileTime
EnumResourceTypesW
FindFirstFileW
GetModuleHandleW
GlobalLock
SetErrorMode
GetFullPathNameA
LocalFree
FormatMessageW
GetTempPathW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
FindClose
Sleep
GetFullPathNameW
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetFileSize
LeaveCriticalSection
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SetFocus
RegisterWindowMessageW
GetParent
UpdateWindow
DrawTextExW
EndDialog
GetMessageW
DeferWindowPos
ModifyMenuW
GetDlgCtrlID
DestroyMenu
EnumChildWindows
PostQuitMessage
ShowWindow
LoadMenuW
SetWindowPos
GetSysColorBrush
BeginDeferWindowPos
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
EnableWindow
SetMenu
MoveWindow
DialogBoxParamW
MapWindowPoints
ChildWindowFromPoint
TranslateMessage
GetDlgItemTextW
PostMessageW
GetSysColor
GetDlgItemInt
SetDlgItemTextW
DispatchMessageW
EndDeferWindowPos
ReleaseDC
GetMenuStringW
CheckMenuItem
SendMessageW
SetClipboardData
RegisterClassW
SendDlgItemMessageW
GetSystemMetrics
GetWindowPlacement
EmptyClipboard
DestroyWindow
GetClientRect
GetCursorPos
GetDlgItem
DefWindowProcW
GetDC
InvalidateRect
CreateDialogParamW
GetSubMenu
OpenClipboard
LoadImageW
GetClassNameW
TrackPopupMenu
LoadStringW
IsDialogMessageW
GetMenuItemCount
GetMenuItemInfoW
SetWindowTextW
GetWindowTextW
EnableMenuItem
SetDlgItemInt
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
TranslateAcceleratorW
SetCursor
FindTextW
GetSaveFileNameW
_purecall
__wgetmainargs
malloc
__p__fmode
_ftol
wcstoul
memset
wcschr
__dllonexit
_wcslwr
_controlfp
toupper
isdigit
isxdigit
strlen
_memicmp
_cexit
_c_exit
wcscpy
log
isalnum
??2@YAPAXI@Z
__p__commode
_onexit
wcslen
wcscmp
abs
exit
_XcptFilter
_itow
wcsncat
__setusermatherr
isspace
_wcmdln
_except_handler3
_wcsicmp
tolower
_adjust_fdiv
memcmp
??3@YAXPAX@Z
free
wcscat
atoi
realloc
memcpy
_gmtime64
_snwprintf
wcsrchr
modf
_initterm
_exit
strcmp
strftime
__set_app_type
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_STRING 5
RT_BITMAP 3
RT_ICON 2
RT_MENU 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
HEBREW DEFAULT 11
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
44544

ImageVersion
0.0

ProductName
ChromePass

FileVersionNumber
1.2.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
ChromePass.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.22

TimeStamp
2012:05:05 09:32:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChromePass

ProductVersion
1.22

FileDescription
ChromePass

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2008 - 2012 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
173568

FileSubtype
0

ProductVersionNumber
1.2.2.0

EntryPoint
0x2ae90

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 7b641e136f446860c48a3a870523249f
SHA1 f55465c1581b8cc1a012d3b7d8504c55e8e66e1c
SHA256 4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382
ssdeep
3072:MqAceXnK1+cDhMoz0tK14S23JAzZz67uM5/CR7HVmvEuXb1/ef5iJ3l3kyY7Za:M/jchMoStJqzk4R7EvEuXJ/Oi9l3kc

authentihash b5c8920bff5da3d08942b019f41ff387e865dfb2713f9c19f90cea4ab368a24e
imphash d8199d1ceb9095a2f8fb9efefd4d6df1
File size 214.0 KB ( 219136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2012-05-06 06:45:12 UTC ( 4 years, 2 months ago )
Last submission 2016-05-05 20:31:05 UTC ( 2 months, 2 weeks ago )
File names GoogleChrome.exe
CP.txt
webbrowserpassview3.exe
output.1416839.txt
ChromePass
People.doc
mmmm.exe
smona_4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382.bin
WebBrowserPassView3.exe
vt-upload-8MKg_
chromepass.exe
cwinsdok.exe
ChromePass.exe
1.exe
payload.exe
7b641e136f446860c48a3a870523249f
vt-upload-0TFD3
c
65CFD8C300D9755358830323143CEF002F0536A6.exe
1416839
dome.exe
C.exe
7.exe
file-3944029_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!