× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 666a0a98c1fc443d88e663eacfbdbbcf988e970b0af9e6d1e9eba49bee705ff8
File name: GoogleChromePortable_70.0.3538.102_online.paf.exe
Detection ratio: 1 / 70
Analysis date: 2019-02-07 00:47:14 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Yandex Trojan.Agent!VTVt3VEVH3I 20190208
Acronis 20190208
Ad-Aware 20190208
AegisLab 20190208
AhnLab-V3 20190208
Alibaba 20180921
ALYac 20190208
Antiy-AVL 20190208
Arcabit 20190208
Avast 20190208
Avast-Mobile 20190208
AVG 20190208
Avira (no cloud) 20190208
Babable 20180918
Baidu 20190202
BitDefender 20190208
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190208
Cyren 20190208
DrWeb 20190208
eGambit 20190208
Emsisoft 20190208
Endgame 20181108
ESET-NOD32 20190208
F-Prot 20190208
F-Secure 20190208
Fortinet 20190208
GData 20190208
Ikarus 20190208
Sophos ML 20181128
Jiangmin 20190208
K7AntiVirus 20190208
K7GW 20190208
Kaspersky 20190208
Kingsoft 20190208
Malwarebytes 20190208
MAX 20190208
McAfee 20190208
McAfee-GW-Edition 20190208
Microsoft 20190208
eScan 20190208
NANO-Antivirus 20190208
Palo Alto Networks (Known Signatures) 20190208
Panda 20190208
Qihoo-360 20190208
Rising 20190208
SentinelOne (Static ML) 20190203
Sophos AV 20190208
SUPERAntiSpyware 20190206
Symantec 20190208
Symantec Mobile Insight 20190207
TACHYON 20190208
Tencent 20190208
TheHacker 20190203
TotalDefense 20190206
Trapmine 20190123
TrendMicro 20190208
TrendMicro-HouseCall 20190208
Trustlook 20190208
VBA32 20190208
ViRobot 20190208
Webroot 20190208
Zillya 20190208
ZoneAlarm by Check Point 20190208
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
2007-2017 PortableApps.com, PortableApps.com Installer 3.5.11.0

Product Google Chrome Portable
Original name GoogleChromePortable_70.0.3538.102_online.paf.exe
Internal name Google Chrome Portable
File version 70.0.3538.102
Description Google Chrome Portable
Comments For additional details, visit PortableApps.com
Signature verification Signed file, verified signature
Signing date 8:36 PM 11/10/2018
Signers
[+] Rare Ideas, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 01:00 AM 02/20/2018
Valid to 12:59 AM 02/21/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C0A448B9101F48309A8E5A67C11DB09DA14B54BB
Serial number 00 F0 E1 50 C3 04 DE 35 F2 E9 08 61 85 58 1F 40 53
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] Sectigo (formerly Comodo CA)
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 01:00 AM 01/19/2010
Valid to 12:59 AM 01/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, Unicode, appended, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-30 03:58:43
Entry Point 0x000034A5
Number of sections 5
PE sections
Overlays
MD5 df67be98f6eb41073fc19dca2741f546
File type data
Offset 153600
Size 1511224
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
GetFullPathNameW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
lstrcmpiW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateDialogParamW
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
SetWindowTextW
SetClipboardData
wsprintfW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
GetWindowLongW
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 45
RT_ICON 8
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 56
PE resources
ExifTool file metadata
CodeSize
26112

SubsystemVersion
4.0

Comments
For additional details, visit PortableApps.com

LinkerVersion
6.0

PortableAppscomDownloadFileName
70.0.3538.102_chrome_installer.exe

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
70.0.3538.102

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Google Chrome Portable

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
428544

PortableAppscomDownloadURL
https://dl.google.com/release2/chrome/I78EAR3ztkg_70.0.3538.102/70.0.3538.102_chrome_installer.exe

PortableAppscomFormatVersion
3.5.11

PortableAppscomDownloadKnockURL
${DownloadKnockURL}

EntryPoint
0x34a5

PortableAppscomDownloadName
Google Chrome (Stable)

OriginalFileName
GoogleChromePortable_70.0.3538.102_online.paf.exe

MIMEType
application/octet-stream

LegalCopyright
2007-2017 PortableApps.com, PortableApps.com Installer 3.5.11.0

PEType
PE32

FileVersion
70.0.3538.102

TimeStamp
2018:01:30 04:58:43+01:00

FileType
Win32 EXE

PortableAppscomInstallerVersion
3.5.11.0

InternalName
Google Chrome Portable

ProductVersion
70.0.3538.102

PortableAppscomAppID
GoogleChromePortable

UninitializedDataSize
16384

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

PortableAppscomDownloadMD5
bb814a09c709b2ebd73d2c060794d6a3

CompanyName
PortableApps.com

LegalTrademarks
PortableApps.com is a registered trademark of Rare Ideas, LLC.

ProductName
Google Chrome Portable

ProductVersionNumber
70.0.3538.102

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7e0c359a759f2cb4e3e205a7c11d79b9
SHA1 4a8d07b39df0d84f80dbbb44520b7a6da27afdb2
SHA256 666a0a98c1fc443d88e663eacfbdbbcf988e970b0af9e6d1e9eba49bee705ff8
ssdeep
49152:L9uWpYCHtlw9MXMXwoHnNDpPK/r1tqq6IUKA4Sz:cWpTA1fjPw1AlIUPxz

authentihash b42338be2c69cbd3e837e85b0c413691d31a7c51e3bcb5fdebcfc59b20b50315
imphash 1f23f452093b5c1ff091a2f9fb4fa3e9
File size 1.6 MB ( 1664824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2018-11-11 16:22:14 UTC ( 6 months, 2 weeks ago )
Last submission 2019-04-20 02:36:35 UTC ( 1 month ago )
File names GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
Google Chrome Portable
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
GoogleChromePortable_70.0.3538.102_online.paf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs