× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bbb45a9784a0b83f077d6a9d4a7e89d07ddd79a9f8b5d605aad3ab0855d9655
File name: nov19mailmarketing.pw_bot.exe
Detection ratio: 8 / 54
Analysis date: 2015-11-19 01:57:24 UTC ( 1 year, 10 months ago )
Antivirus Result Update
AVG Crypt_r.ALV 20151119
Cyren W32/Agent.XL.gen!Eldorado 20151119
DrWeb BackDoor.IRC.NgrBot.42 20151119
ESET-NOD32 a variant of Win32/Kryptik.EFKJ 20151119
F-Prot W32/Agent.XL.gen!Eldorado 20151119
Panda Trj/Genetic.gen 20151118
Qihoo-360 QVM10.1.Malware.Gen 20151119
VBA32 Heur.Malware-Cryptor.Ngrbot 20151118
AegisLab 20151118
Yandex 20151118
AhnLab-V3 20151118
Alibaba 20151118
ALYac 20151119
Antiy-AVL 20151119
Arcabit 20151119
Avast 20151119
Avira (no cloud) 20151119
AVware 20151118
Baidu-International 20151118
BitDefender 20151119
Bkav 20151118
ByteHero 20151119
CAT-QuickHeal 20151118
ClamAV 20151118
CMC 20151118
Comodo 20151119
Emsisoft 20151119
F-Secure 20151119
Fortinet 20151119
GData 20151119
Ikarus 20151119
Jiangmin 20151118
K7AntiVirus 20151118
K7GW 20151118
Kaspersky 20151119
Malwarebytes 20151119
McAfee 20151119
McAfee-GW-Edition 20151119
Microsoft 20151118
eScan 20151119
NANO-Antivirus 20151119
nProtect 20151118
Rising 20151117
Sophos AV 20151119
SUPERAntiSpyware 20151118
Symantec 20151118
Tencent 20151119
TheHacker 20151118
TrendMicro 20151119
TrendMicro-HouseCall 20151119
VIPRE 20151119
ViRobot 20151118
Zillya 20151118
Zoner 20151118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2011 - 2015 Nir Sofer

Product ChromeCookiesView
Original name ChromeCookiesView.exe
Internal name ChromeCookiesView
File version 1.20
Description ChromeCookiesView
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-19 01:40:00
Entry Point 0x00023E62
Number of sections 5
PE sections
Overlays
MD5 e40b2f78102b7490d2787d3504e0a306
File type data
Offset 692224
Size 1806
Entropy 7.86
PE imports
RegOpenKeyA
GetOpenFileNameW
SetViewportExtEx
PlayEnhMetaFile
UpdateColors
DeleteDC
GetBoundsRect
GetMapMode
GetGraphicsMode
GetICMProfileA
GetWinMetaFileBits
FillRgn
GetStretchBltMode
GetEnhMetaFileHeader
PtVisible
CreateFontA
PatBlt
SetTextAlign
GetPolyFillMode
SetBoundsRect
DeleteMetaFile
GetTextFaceA
LockFileEx
GetLastError
GetWriteWatch
HeapFree
GetStdHandle
EnterCriticalSection
GetNamedPipeInfo
SetHandleCount
GetModuleFileNameW
GetOEMCP
GetThreadTimes
InitializeCriticalSectionAndSpinCount
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetPriorityClass
FileTimeToDosDateTime
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
CancelDeviceWakeupRequest
LockResource
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetStringTypeA
CreateFileMappingW
LCMapStringW
DosDateTimeToFileTime
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
MulDiv
GetSystemTimeAsFileTime
LocalShrink
FindNextFileA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
IsDebuggerPresent
TerminateProcess
GlobalFlags
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
LocalUnlock
SetLastError
LeaveCriticalSection
SHGetFolderPathW
DragQueryFileW
DragAcceptFiles
ShellExecuteW
ExtractIconExW
CommandLineToArgvW
RedrawWindow
GetForegroundWindow
SetMenuItemBitmaps
SetMenuDefaultItem
GetMessagePos
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
PeekMessageA
CharUpperBuffW
SendMessageW
SetActiveWindow
GetDC
ChangeClipboardChain
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClipCursor
GetMenu
GetClientRect
DefWindowProcW
DrawTextW
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadImageW
GetActiveWindow
OpenClipboard
MapVirtualKeyExW
CopyAcceleratorTableW
DestroyWindow
GetParent
UpdateWindow
EqualRect
GetWindowTextW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
TranslateMDISysAccel
EnableWindow
CharUpperW
GetClipboardFormatNameW
LoadIconW
IsWindowEnabled
GetWindow
RegisterClassW
GetIconInfo
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
IsIconic
InvertRect
GetSubMenu
CreateMenu
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
GetSysColorBrush
EnumDesktopWindows
CreateWindowExW
TabbedTextOutW
GetWindowLongW
PtInRect
IsChild
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefMDIChildProcW
MapVirtualKeyW
ArrangeIconicWindows
SendDlgItemMessageA
IsCharAlphaNumericW
EnableMenuItem
GetWindowRect
InflateRect
SetCapture
DrawIcon
DrawTextExW
GetMessageExtraInfo
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
CheckDlgButton
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
GetAsyncKeyState
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
GetSystemMenu
NotifyWinEvent
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
IntersectRect
EndDialog
HideCaret
FindWindowW
GetCapture
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
DefFrameProcW
UnhookWindowsHookEx
MoveWindow
MessageBoxA
CascadeWindows
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
CopyImage
UpdateLayeredWindow
GetProcessDefaultLayout
TrackMouseEvent
DestroyIcon
IsWindowVisible
WinHelpW
TileWindows
GetDesktopWindow
SystemParametersInfoW
MonitorFromWindow
FrameRect
InvalidateRect
GetUserObjectSecurity
CallWindowProcW
GetClassNameW
DefDlgProcA
ModifyMenuW
IsRectEmpty
GetFocus
CloseClipboard
GetDlgItemTextW
ReplyMessage
SetCursor
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
UnDecorateSymbolName
CoTaskMemFree
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
508416

ImageVersion
0.0

ProductName
ChromeCookiesView

FileVersionNumber
1.2.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
ChromeCookiesView.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2

TimeStamp
2015:11:19 02:40:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChromeCookiesView

ProductVersion
1.2

FileDescription
ChromeCookiesView

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2011 - 2015 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
182784

FileSubtype
0

ProductVersionNumber
1.2.0.0

EntryPoint
0x23e62

ObjectFileType
Executable application

File identification
MD5 d0c2e2a48459ea52cc0e42e15c995ee2
SHA1 65f6d02a84118165e4dfa7476805a92214c48bbe
SHA256 6bbb45a9784a0b83f077d6a9d4a7e89d07ddd79a9f8b5d605aad3ab0855d9655
ssdeep
12288:6rgjOOjOTFgu6TNr+zLOm3PGUgGFGSHWcZ/9tw/LfGv2lpqSDHV:wgjOOjGFgu6JavOm3PGUgpTiwDTphHV

authentihash 682f4e53d97bee07b9c7c5c2d59936e59a7fa6eced676747345076ef9e2858e6
imphash c817ed1d94679a46f400ab45142b415f
File size 677.8 KB ( 694030 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-19 01:49:03 UTC ( 1 year, 10 months ago )
Last submission 2015-11-19 01:57:24 UTC ( 1 year, 10 months ago )
File names nov19mailmarketing.pw_bot.exe
ChromeCookiesView.exe
ChromeCookiesView
bot.exe
newdev.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs