× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf50d3ab2ad246318d0b2cc01bfba76af6c9ac5aa41a807521aba1e478c8ccf5
File name: chrome_exe
Detection ratio: 0 / 67
Analysis date: 2017-12-29 11:38:28 UTC ( 11 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20171225
AegisLab 20171229
AhnLab-V3 20171229
Alibaba 20171229
ALYac 20171229
Arcabit 20171229
Avast 20171229
Avast-Mobile 20171229
AVG 20171229
Avira (no cloud) 20171229
AVware 20171229
Baidu 20171227
BitDefender 20171229
Bkav 20171229
CAT-QuickHeal 20171228
ClamAV 20171229
CMC 20171229
Comodo 20171228
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171229
Cyren 20171229
DrWeb 20171229
eGambit 20171229
Emsisoft 20171229
Endgame 20171130
ESET-NOD32 20171229
F-Prot 20171229
F-Secure 20171229
Fortinet 20171229
GData 20171229
Ikarus 20171229
Sophos ML 20170914
Jiangmin 20171229
K7AntiVirus 20171229
K7GW 20171229
Kaspersky 20171229
Kingsoft 20171229
Malwarebytes 20171229
MAX 20171229
McAfee 20171229
McAfee-GW-Edition 20171229
Microsoft 20171229
eScan 20171229
NANO-Antivirus 20171229
nProtect 20171229
Palo Alto Networks (Known Signatures) 20171229
Panda 20171228
Qihoo-360 20171229
Rising 20171229
SentinelOne (Static ML) 20171224
Sophos AV 20171229
SUPERAntiSpyware 20171229
Symantec 20171228
Symantec Mobile Insight 20171228
Tencent 20171229
TheHacker 20171229
TotalDefense 20171229
TrendMicro 20171229
TrendMicro-HouseCall 20171229
Trustlook 20171229
VBA32 20171228
VIPRE 20171229
ViRobot 20171229
Webroot 20171229
WhiteArmor 20171226
Yandex 20171225
Zillya 20171228
ZoneAlarm by Check Point 20171229
Zoner 20171229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2015 Google Inc. All rights reserved.

Product Google Chrome
Original name chrome.exe
Internal name chrome_exe
File version 47.0.2526.106
Description Google Chrome
Signature verification Signed file, verified signature
Signing date 5:35 AM 12/11/2015
Signers
[+] Google Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 1/29/2014
Valid to 12:59 AM 1/30/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FCAC7E666CC54341CA213BECF2EB463F2B62ADB0
Serial number 29 12 C7 0C 9A 2B 8A 3E F6 F6 07 46 62 D6 8B 8D
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2015-12-11 02:40:58
Entry Point 0x0005CF24
Number of sections 7
PE sections
Overlays
MD5 1045a3ae9cafbaf27dafa8352cac6521
File type data
Offset 793088
Size 6472
Entropy 7.31
PE imports
RegCreateKeyExW
RegCloseKey
CopySid
GetAce
LookupPrivilegeValueW
GetSecurityInfo
RegDisablePredefinedCache
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
GetKernelObjectSecurity
DuplicateToken
RegOpenKeyExW
CreateProcessAsUserW
SystemFunction036
SetTokenInformation
ConvertSidToStringSidW
GetTokenInformation
DuplicateTokenEx
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
GetSecurityDescriptorSacl
CreateRestrictedToken
GetLengthSid
ConvertStringSidToSidW
SetSecurityInfo
SetEntriesInAclW
RevertToSelf
RegSetValueExW
EqualSid
SetThreadToken
SetKernelObjectSecurity
GetStdHandle
GetDriveTypeW
WaitForSingleObject
CreateIoCompletionPort
SetEndOfFile
CreateJobObjectW
DebugBreak
GetHandleInformation
GetFileAttributesW
SetInformationJobObject
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
RtlUnwindEx
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
GetTimeZoneInformation
OutputDebugStringW
TlsGetValue
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
SignalObjectAndWait
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
RtlAddFunctionTable
QueryPerformanceFrequency
HeapSetInformation
LoadLibraryExA
RtlVirtualUnwind
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
TerminateJobObject
SetFilePointerEx
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
SetNamedPipeHandleState
CreateSemaphoreW
CreateMutexW
IsProcessorFeaturePresent
GetSystemInfo
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQueryEx
ReadConsoleW
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
FreeLibrary
CreateRemoteThread
RtlPcToFileHeader
GetWindowsDirectoryW
SetHandleInformation
WriteProcessMemory
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
CreateFileMappingW
CompareStringW
WaitNamedPipeW
ExpandEnvironmentStringsW
RtlLookupFunctionEntry
ResetEvent
GetComputerNameExW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
SetEvent
GetTempPathW
CreateEventW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
VirtualAllocEx
CreateNamedPipeW
GetConsoleCP
UnregisterWaitEx
AssignProcessToJobObject
GetProcessTimes
SetProcessShutdownParameters
GetEnvironmentStringsW
RtlDeleteFunctionTable
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
RegisterWaitForSingleObject
Sleep
EncodePointer
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
GetProcessHandleCount
IsValidCodePage
UnmapViewOfFile
FindResourceW
PostQueuedCompletionStatus
VirtualFree
TransactNamedPipe
VirtualAlloc
GetWindowThreadProcessId
GetUserObjectInformationW
AllowSetForegroundWindow
wsprintfW
CharUpperW
IsWindow
CloseDesktop
FindWindowExW
SetProcessWindowStation
CreateWindowStationW
SendMessageTimeoutW
MessageBoxW
GetProcessWindowStation
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CreateEnvironmentBlock
GetProfileType
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeGetTime
WTSQuerySessionInformationW
WTSFreeMemory
SignalChromeElf
CreateFileW
PE exports
Number of PE resources by type
RT_ICON 31
RT_GROUP_ICON 7
GOOGLEUPDATEAPPLICATIONCOMMANDS 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 41
PE resources
Debug information
ExifTool file metadata
CodeSize
496640

SubsystemVersion
5.2

OfficialBuild
1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
47.0.2526.106

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Google Chrome

CharacterSet
Unicode

InitializedDataSize
314368

EntryPoint
0x5cf24

OriginalFileName
chrome.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Google Inc. All rights reserved.

CompanyShortName
Google

FileVersion
47.0.2526.106

TimeStamp
2015:12:11 03:40:58+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
chrome_exe

ProductVersion
47.0.2526.106

UninitializedDataSize
0

OSVersion
5.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Google Inc.

ProductShortName
Chrome

ProductName
Google Chrome

ProductVersionNumber
47.0.2526.106

LastChange
19b9e1a5713f4b9ae324bd59bbe16ca6eb91d0e0-refs/branch-heads/2526@{#532}

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 bc49c6d6dc13f0aeedc12264b7c9d4be
SHA1 08415647c21db09aec79acb14304f73b018e206f
SHA256 bf50d3ab2ad246318d0b2cc01bfba76af6c9ac5aa41a807521aba1e478c8ccf5
ssdeep
12288:OFCFOX8/KCU1zmFst58oQ8krBiyjZab3857oNXWfvfImqv/z:v3Kh1TH8oQ8k9iE9574XWfnImw/z

authentihash 97d86fdda02a178192dd95aaa2dde3b39b7100c92ef03ed34cb8a438943fb6eb
imphash 4a04ced0d071fd1201ec6e4de583f8d3
File size 780.8 KB ( 799560 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2015-12-15 21:18:44 UTC ( 2 years, 12 months ago )
Last submission 2017-02-20 17:00:48 UTC ( 1 year, 9 months ago )
File names chrome_exe
c28052.tmpscan
[3]chrome.exe
[1]chrome.exe
new_chrome.exe
chrome.exe
chrome.exe
chrome.exe
filename
49085.tmpscan
855eb.tmpscan
chrome.exe
chrome.exe
82e7eb5efddceabc3eb05988773322ed_chrome.exe.safe
chrome.exe
chrome.exe
vt-upload-pN9THx
chrome.exe
chrome.exe
chrome.exe
chrome.exe
chrome.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!