× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abca78e9e323c83dda09afba29a2cd76846871546959541bff51eb4afa1ac499
File name: ChromePass.exe
Detection ratio: 22 / 43
Analysis date: 2011-08-08 20:01:24 UTC ( 7 years, 8 months ago ) View latest
Antivirus Result Update
AntiVir APPL/Agent.130048.1 20110808
Antiy-AVL PSWTool/Win32.NetPass.gen 20110808
Avast5 Win32:PSWtool-E [PUP] 20110808
AVG HackTool.PJA 20110808
BitDefender Gen:Application.Heur.hmKfb8qWL1kO 20110808
Comodo UnclassifiedMalware 20110808
DrWeb Tool.PassView.469 20110808
Emsisoft Gen.Application.Heur!IK 20110808
eSafe Win32.GenApplication 20110808
F-Secure Gen:Application.Heur.hmKfb8qWL1kO 20110808
Fortinet HackerTool/PassView 20110808
GData Gen:Application.Heur.hmKfb8qWL1kO 20110808
Ikarus Gen.Application.Heur 20110808
Kaspersky not-a-virus:PSWTool.Win32.NetPass.amv 20110808
McAfee Artemis!CB271441FA19 20110808
McAfee-GW-Edition Artemis!CB271441FA19 20110808
NOD32 a variant of Win32/PSWTool.ChromePass.A 20110808
Norman W32/Suspicious_Gen2.NQNYK 20110808
nProtect Gen:Application.Heur.hmKfb8qWL1kO 20110808
PCTools Trojan.Gen 20110808
Symantec Trojan.Gen.2 20110808
VIPRE Nirsoft Password Recovery 20110808
AhnLab-V3 20110808
Avast 20110808
CAT-QuickHeal 20110808
ClamAV 20110808
Commtouch 20110808
eTrust-Vet 20110808
F-Prot 20110808
Jiangmin 20110808
K7AntiVirus 20110802
Microsoft 20110808
Panda 20110808
Prevx 20110808
Rising 20110808
Sophos AV 20110808
SUPERAntiSpyware 20110808
TheHacker 20110807
TrendMicro 20110808
TrendMicro-HouseCall 20110808
VBA32 20110808
ViRobot 20110808
VirusBuster 20110808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008 - 2011 Nir Sofer

Product ChromePass
Original name ChromePass.exe
Internal name ChromePass
File version 1.21
Description ChromePass
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-20 21:47:47
Entry Point 0x0003BCC0
Number of sections 3
PE sections
PE imports
RegCloseKey
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SHGetMalloc
FindTextW
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_STRING 5
RT_BITMAP 3
RT_ICON 2
RT_MENU 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
HEBREW DEFAULT 11
PE resources
ExifTool file metadata
UninitializedDataSize
118784

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ChromePass

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x3bcc0

OriginalFileName
ChromePass.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008 - 2011 Nir Sofer

FileVersion
1.21

TimeStamp
2011:07:20 14:47:47-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChromePass

ProductVersion
1.21

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
122880

ProductName
ChromePass

ProductVersionNumber
1.2.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 cb271441fa19ac163ecf380c8ebb3109
SHA1 2746ec2f9b03c814cb6dcdf98cd34e5581322239
SHA256 abca78e9e323c83dda09afba29a2cd76846871546959541bff51eb4afa1ac499
ssdeep
3072:6agzIyK7evSGkFFam+eis+np3Dq/snVXQnm:6agzIyinLORpO/GVX

authentihash 2062eaee4255e60341ce2905c0ffa762e1e4936b77f0c9450e3b0a308502b27d
imphash 45d37ba159eb25aaa66bbfb07e7f6842
File size 127.0 KB ( 130048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (31.0%)
Win32 EXE Yoda's Crypter (30.4%)
Microsoft Visual C++ compiled executable (generic) (18.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-07-21 06:16:17 UTC ( 7 years, 9 months ago )
Last submission 2018-05-17 15:48:57 UTC ( 11 months, 1 week ago )
File names 47b59b6ff87f327547088e09a5a3504e_chromepass.exe.safe
chromepass.exe
"ChromePass.exe"
abca78e9e323c83dda09afba29a2cd76846871546959541bff51eb4afa1ac499
ChromePass
cb271441fa19ac163ecf380c8ebb3109
smona_abca78e9e323c83dda09afba29a2cd76846871546959541bff51eb4afa1ac499.bin
nir.exe
chromepass.exe
ChromePass.exe
smona132796734212004117476
chrome.exe
ChromePass.exe
1.exe
smona132795604440210024888
sibiligo‮gpj.exe
CP.exe
smona132796052293324320479
PassChrome.exe
file-2935716_exe
javin(EN).exe
25692791 MD5 cb271441fa19ac163ecf380c8ebb3109.lst
ChromePass.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.