× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5bebf8be469f65eba5d5d6f978e8a4dcd9aa05adb4f15612197719e2db2bb8c6
File name: old_chrome.exe
Detection ratio: 1 / 62
Analysis date: 2017-06-21 01:34:05 UTC ( 8 months ago )
Antivirus Result Update
ClamAV Win.Worm.Chir-1792 20170620
Ad-Aware 20170620
AegisLab 20170620
AhnLab-V3 20170620
Alibaba 20170620
ALYac 20170620
Antiy-AVL 20170621
Arcabit 20170621
Avast 20170621
AVG 20170621
Avira (no cloud) 20170620
AVware 20170621
Baidu 20170620
BitDefender 20170621
Bkav None
CAT-QuickHeal 20170620
CMC 20170619
Comodo 20170620
CrowdStrike Falcon (ML) 20170420
Cyren 20170620
DrWeb 20170620
Emsisoft 20170620
Endgame 20170615
ESET-NOD32 20170620
F-Prot 20170621
F-Secure 20170620
Fortinet 20170620
GData 20170621
Ikarus 20170620
Sophos ML 20170607
Jiangmin 20170621
K7AntiVirus 20170620
K7GW 20170620
Kaspersky 20170621
Kingsoft 20170621
Malwarebytes 20170620
McAfee 20170621
McAfee-GW-Edition 20170621
Microsoft 20170621
eScan 20170620
NANO-Antivirus 20170620
nProtect 20170620
Palo Alto Networks (Known Signatures) 20170621
Panda 20170620
Qihoo-360 20170621
Rising None
SentinelOne (Static ML) 20170516
Sophos AV 20170620
SUPERAntiSpyware 20170621
Symantec 20170620
Symantec Mobile Insight 20170621
Tencent 20170621
TheHacker 20170618
TotalDefense 20170620
TrendMicro 20170621
TrendMicro-HouseCall 20170621
Trustlook 20170621
VBA32 20170620
VIPRE 20170621
ViRobot 20170620
Webroot 20170621
WhiteArmor 20170616
Yandex 20170620
Zillya 20170619
ZoneAlarm by Check Point 20170620
Zoner 20170621
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2012 Google Inc. All rights reserved.

Product Google Chrome
Original name chrome.exe
Internal name chrome_exe
File version 26.0.1410.43
Description Google Chrome
Signature verification Signed file, verified signature
Signing date 11:50 PM 3/21/2013
Signers
[+] Google Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 11/14/2011
Valid to 12:59 AM 11/14/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 06C92BEC3BBF32068CB9208563D004169448EE21
Serial number 09 E2 8B 26 DB 59 3E C4 E7 32 86 B6 64 99 C3 70
[+] VeriSign Class 3 Code Signing 2010 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 9/30/2010
Valid to 12:59 AM 1/2/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 14FCF0BB187D563B568EEA5FC888A53D288698D6
Serial number 4D 62 90 E5 8C 54 F0 F1 EB 17 34 1A 13 10 E6 A4
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-21 20:34:36
Entry Point 0x00082AE0
Number of sections 6
PE sections
Overlays
MD5 40e22d097d0f098e551910d753e871a6
File type data
Offset 1306624
Size 6096
Entropy 7.30
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
TraceEvent
GetLengthSid
LookupPrivilegeValueW
GetSecurityInfo
RegDisablePredefinedCache
RegisterTraceGuidsW
RegQueryValueExW
SetSecurityDescriptorDacl
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
DuplicateToken
RegOpenKeyExW
SetFileSecurityW
SetTokenInformation
CopySid
GetTokenInformation
DuplicateTokenEx
UnregisterTraceGuids
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CreateRestrictedToken
GetTraceEnableFlags
ConvertStringSidToSidW
GetTraceEnableLevel
CreateProcessAsUserW
RegDeleteValueW
RevertToSelf
RegSetValueExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
InitializeSecurityDescriptor
EqualSid
SetThreadToken
GetTraceLoggerHandle
GetStdHandle
GetDriveTypeW
ReleaseMutex
WaitForSingleObject
CreateIoCompletionPort
CreateJobObjectW
SignalObjectAndWait
GetFileAttributesW
SetInformationJobObject
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
LoadLibraryExW
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetProcAddress
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
TlsGetValue
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
DebugBreak
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetEnvironmentVariableA
GetUserDefaultLangID
OpenEventW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
QueryPerformanceFrequency
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
TerminateJobObject
RegisterWaitForSingleObject
InterlockedExchangeAdd
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
SetNamedPipeHandleState
CreateSemaphoreW
GetModuleHandleA
CreateMutexW
IsProcessorFeaturePresent
GetSystemInfo
SetHandleInformation
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapCreate
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
CreateRemoteThread
GetWindowsDirectoryW
TzSpecificLocalTimeToSystemTime
WriteProcessMemory
OpenProcess
RtlCaptureStackBackTrace
GetStartupInfoW
ReadProcessMemory
WaitForMultipleObjects
VirtualProtectEx
GetProcessHeap
CreateFileMappingW
AssignProcessToJobObject
WaitNamedPipeW
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
ResetEvent
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
CreateNamedPipeW
GetConsoleCP
FindResourceW
UnregisterWaitEx
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
Sleep
InterlockedCompareExchange
EncodePointer
SuspendThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
GetProcessHandleCount
IsValidCodePage
UnmapViewOfFile
GetTempPathW
PostQueuedCompletionStatus
VirtualFree
TransactNamedPipe
VirtualAlloc
GetOEMCP
PathFileExistsW
PathRemoveFileSpecW
GetUserObjectInformationW
CharUpperW
CloseDesktop
SetProcessWindowStation
CreateWindowStationW
MessageBoxW
GetProcessWindowStation
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CreateEnvironmentBlock
GetProfileType
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeGetTime
WTSQueryUserToken
PE exports
Number of PE resources by type
RT_ICON 43
RT_GROUP_ICON 6
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 51
PE resources
Debug information
ExifTool file metadata
ProductShortName
Chrome

SubsystemVersion
5.1

OfficialBuild
1

InitializedDataSize
653824

ImageVersion
0.0

ProductName
Google Chrome

FileVersionNumber
26.0.1410.43

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
chrome.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

CompanyShortName
Google

FileVersion
26.0.1410.43

TimeStamp
2013:03:21 21:34:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chrome_exe

ProductVersion
26.0.1410.43

FileDescription
Google Chrome

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2012 Google Inc. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Google Inc.

CodeSize
651776

FileSubtype
0

ProductVersionNumber
26.0.1410.43

LastChange
189671

EntryPoint
0x82ae0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 b0bf698030db6561393ae753c6d3f936
SHA1 f426a353e1a2b16cee21912960b88b1da6a194b5
SHA256 5bebf8be469f65eba5d5d6f978e8a4dcd9aa05adb4f15612197719e2db2bb8c6
ssdeep
24576:+XBYaCuOwv3yWaDOX0C8qL/5mfTKQTgJOToKPkwEH:cY8Owv3yWaDOX0NqL/8+lOToKPtEH

authentihash 25e03584698ac8cc2c28350eaafa3a429407280969b7dcc918066b67e2f7a38d
imphash 4f4ce8b90669b5293443750b36bac64d
File size 1.3 MB ( 1312720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-03-26 20:55:39 UTC ( 4 years, 11 months ago )
Last submission 2017-06-21 01:34:05 UTC ( 8 months ago )
File names chrome.exe
vt-upload-QYcAJo
chrome.exe
b0bf698030db6561393ae753c6d3f936
file-5312402_exe
chrome_exe
chrome.exe
chrome.exe
0c8ff9abfa32005b7f76830f2197629f_chrome.exe.safe
chrome.exe
chrm.exe
chrome.exe
chrome.exe_00000000000474424759
CHROME.EXE
old_chrome.exe
Google Chrome.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!