× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382
File name: webbrowserpassview3.exe
Detection ratio: 26 / 54
Analysis date: 2016-02-02 23:32:48 UTC ( 6 days, 6 hours ago )
Antivirus Result Update
AVG Tool.QL 20160203
Ad-Aware Gen:Application.Heur.nq0@beOSiUkO 20160203
AegisLab Gen.Application.Heur!c 20160202
Agnitum Riskware.PSWTool! 20160202
Antiy-AVL Trojan[PSWTool:not-a-virus]/Win32.NetPass 20160202
Arcabit Application.Heur.E152A9 20160203
Avast Win32:GenMaliciousA-GKG [PUP] 20160202
Baidu-International Hacktool.Win32.Keyfinder.34 20160202
BitDefender Gen:Application.Heur.nq0@beOSiUkO 20160203
DrWeb Tool.ChromePass.1 20160203
ESET-NOD32 Win32/PSWTool.ChromePass.A potentially unsafe 20160202
F-Secure Gen:Application.Heur.nq0@beOSiUkO 20160202
GData Gen:Application.Heur.nq0@beOSiUkO 20160202
Jiangmin PSWTool.ChromePass.a 20160203
Malwarebytes PUP.Optional.ChromePasswordTool 20160203
McAfee Tool-PassView 20160203
McAfee-GW-Edition BehavesLike.Win32.HToolPWSFFox.dh 20160202
MicroWorld-eScan Gen:Application.Heur.nq0@beOSiUkO 20160203
Microsoft HackTool:Win32/ChromePass 20160203
NANO-Antivirus Trojan.Win32.Ool.vpzjp 20160202
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160202
Symantec PasswordRevealer 20160202
VBA32 TrojanPSW.Multi 20160202
VIPRE Trojan.Win32.Generic!BT 20160203
ViRobot Trojan.Win32.S.Agent.219136.X[h] 20160203
Zillya Tool.NetPass.Win32.1320 20160202
ALYac 20160203
AhnLab-V3 20160202
Alibaba 20160202
Avira 20160203
Bkav 20160202
ByteHero 20160203
CAT-QuickHeal 20160202
ClamAV 20160202
Comodo 20160202
Cyren 20160203
Emsisoft 20160203
F-Prot 20160129
Fortinet 20160202
Ikarus 20160202
K7AntiVirus 20160203
K7GW 20160202
Kaspersky 20160203
Panda 20160202
Qihoo-360 20160203
SUPERAntiSpyware 20160202
Sophos 20160203
Tencent 20160203
TheHacker 20160202
TotalDefense 20160202
TrendMicro 20160203
TrendMicro-HouseCall 20160203
Zoner 20160202
nProtect 20160201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008 - 2012 Nir Sofer

Product ChromePass
Original name ChromePass.exe
Internal name ChromePass
File version 1.22
Description ChromePass
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-05 08:32:12
Link date 9:32 AM 5/5/2012
Entry Point 0x0002AE90
Number of sections 4
PE sections
PE imports
CryptDeriveKey
CryptReleaseContext
RegCloseKey
CryptGetHashParam
RegOpenKeyExW
CryptAcquireContextW
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
CreateToolbarEx
CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
SetBkMode
SetBkColor
DeleteObject
SetTextColor
AreFileApisANSI
GetLastError
CopyFileW
EnterCriticalSection
GetSystemTime
FileTimeToSystemTime
GetFileAttributesA
EnumResourceNamesW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
SystemTimeToFileTime
GlobalUnlock
FlushFileBuffers
GetFileAttributesW
LockFile
DeleteCriticalSection
GetCurrentProcess
UnlockFile
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
FindNextFileW
LocalAlloc
OpenProcess
LockResource
SetFilePointer
DeleteFileA
GetWindowsDirectoryW
GetDateFormatW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
GetModuleFileNameW
GetTimeFormatW
GetTempPathA
SetEndOfFile
LockFileEx
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
ReadFile
GetCurrentProcessId
WriteFile
CloseHandle
GetSystemTimeAsFileTime
EnumResourceTypesW
FindFirstFileW
GetModuleHandleW
GlobalLock
SetErrorMode
GetFullPathNameA
LocalFree
FormatMessageW
GetTempPathW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
FindClose
Sleep
GetFullPathNameW
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetFileSize
LeaveCriticalSection
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SetFocus
RegisterWindowMessageW
GetParent
UpdateWindow
DrawTextExW
EndDialog
GetMessageW
DeferWindowPos
ModifyMenuW
GetDlgCtrlID
DestroyMenu
EnumChildWindows
PostQuitMessage
ShowWindow
LoadMenuW
SetWindowPos
GetSysColorBrush
BeginDeferWindowPos
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
EnableWindow
SetMenu
MoveWindow
DialogBoxParamW
MapWindowPoints
ChildWindowFromPoint
TranslateMessage
GetDlgItemTextW
PostMessageW
GetSysColor
GetDlgItemInt
SetDlgItemTextW
DispatchMessageW
EndDeferWindowPos
ReleaseDC
GetMenuStringW
CheckMenuItem
SendMessageW
SetClipboardData
RegisterClassW
SendDlgItemMessageW
GetSystemMetrics
GetWindowPlacement
EmptyClipboard
DestroyWindow
GetClientRect
GetCursorPos
GetDlgItem
DefWindowProcW
GetDC
InvalidateRect
CreateDialogParamW
GetSubMenu
OpenClipboard
LoadImageW
GetClassNameW
TrackPopupMenu
LoadStringW
IsDialogMessageW
GetMenuItemCount
GetMenuItemInfoW
SetWindowTextW
GetWindowTextW
EnableMenuItem
SetDlgItemInt
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
TranslateAcceleratorW
SetCursor
FindTextW
GetSaveFileNameW
_purecall
__wgetmainargs
malloc
__p__fmode
_ftol
wcstoul
memset
wcschr
__dllonexit
_wcslwr
_controlfp
toupper
isdigit
isxdigit
strlen
_memicmp
_cexit
_c_exit
wcscpy
log
isalnum
??2@YAPAXI@Z
__p__commode
_onexit
wcslen
wcscmp
abs
exit
_XcptFilter
_itow
wcsncat
__setusermatherr
isspace
_wcmdln
_except_handler3
_wcsicmp
tolower
_adjust_fdiv
memcmp
??3@YAXPAX@Z
free
wcscat
atoi
realloc
memcpy
_gmtime64
_snwprintf
wcsrchr
modf
_initterm
_exit
strcmp
strftime
__set_app_type
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_STRING 5
RT_BITMAP 3
RT_ICON 2
RT_MENU 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
HEBREW DEFAULT 11
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
44544

EntryPoint
0x2ae90

OriginalFileName
ChromePass.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008 - 2012 Nir Sofer

FileVersion
1.22

TimeStamp
2012:05:05 09:32:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChromePass

ProductVersion
1.22

FileDescription
ChromePass

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
173568

ProductName
ChromePass

ProductVersionNumber
1.2.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 7b641e136f446860c48a3a870523249f
SHA1 f55465c1581b8cc1a012d3b7d8504c55e8e66e1c
SHA256 4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382
ssdeep
3072:MqAceXnK1+cDhMoz0tK14S23JAzZz67uM5/CR7HVmvEuXb1/ef5iJ3l3kyY7Za:M/jchMoStJqzk4R7EvEuXJ/Oi9l3kc

authentihash b5c8920bff5da3d08942b019f41ff387e865dfb2713f9c19f90cea4ab368a24e
imphash d8199d1ceb9095a2f8fb9efefd4d6df1
File size 214.0 KB ( 219136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2012-05-06 06:45:12 UTC ( 3 years, 9 months ago )
Last submission 2016-02-02 23:32:48 UTC ( 6 days, 6 hours ago )
File names vt-upload-0TFD3
c
ChromePass
7b641e136f446860c48a3a870523249f
GoogleChrome.exe
ChromePass.exe
cwinsdok.exe
mmmm.exe
1416839
CP.txt
webbrowserpassview3.exe
output.1416839.txt
WebBrowserPassView3.exe
vt-upload-8MKg_
chromepass.exe
C.exe
smona_4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382.bin
65CFD8C300D9755358830323143CEF002F0536A6.exe
People.doc
7.exe
file-3944029_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!