× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c70b8cbb2ac962b343535454e4f2bcb3e48d83a04792c64bc768d59b3c1bf403
File name: Rc7.exe
Detection ratio: 0 / 60
Analysis date: 2017-04-15 08:35:27 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware 20170415
AegisLab 20170414
AhnLab-V3 20170414
Alibaba 20170415
ALYac 20170415
Antiy-AVL 20170415
Arcabit 20170415
Avast 20170415
AVG 20170415
Avira (no cloud) 20170415
AVware 20170410
Baidu 20170414
BitDefender 20170415
Bkav 20170415
CAT-QuickHeal 20170415
ClamAV 20170415
CMC 20170415
Comodo 20170415
CrowdStrike Falcon (ML) 20170130
Cyren 20170415
DrWeb 20170415
Emsisoft 20170415
Endgame 20170413
ESET-NOD32 20170415
F-Prot 20170415
F-Secure 20170415
Fortinet 20170415
GData 20170415
Ikarus 20170415
Sophos ML 20170413
Jiangmin 20170415
K7AntiVirus 20170415
K7GW 20170415
Kaspersky 20170415
Kingsoft 20170415
Malwarebytes 20170415
McAfee 20170415
McAfee-GW-Edition 20170415
Microsoft 20170415
eScan 20170415
NANO-Antivirus 20170415
nProtect 20170415
Palo Alto Networks (Known Signatures) 20170415
Panda 20170415
Qihoo-360 20170415
Rising 20170415
SentinelOne (Static ML) 20170330
Sophos AV 20170415
SUPERAntiSpyware 20170415
Symantec 20170414
Tencent 20170415
TheHacker 20170412
TrendMicro 20170415
TrendMicro-HouseCall 20170415
Trustlook 20170415
VBA32 20170414
VIPRE 20170415
ViRobot 20170415
Webroot 20170415
WhiteArmor 20170409
Yandex 20170414
ZoneAlarm by Check Point 20170415
Zoner 20170415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2016 Google Inc. All rights reserved.

Product Google Chrome
Original name chrome.exe
Internal name chrome_exe
File version 56.0.2924.87
Description Google Chrome
Signature verification Signed file, verified signature
Signing date 10:01 AM 2/1/2017
Signers
[+] Google Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 12:00 AM 12/16/2015
Valid to 11:59 PM 12/16/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5A9272CE76A9415A4A3A5002A2589A049312AA40
Serial number 2A 9C 21 AC AA A6 3A 3C 58 A7 B9 32 2B EE 94 8D
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G1
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 12:00 AM 01/12/2016
Valid to 11:59 PM 04/11/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 87CECC250809894434D4BE53CE840F6F9DBD4B06
Serial number 54 F3 7D A1 71 67 51 BC 6A 8D 0A D2 74 B2 8B 13
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 01/12/2016
Valid to 11:59 PM 01/11/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 04/02/2008
Valid to 11:59 PM 12/01/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-01 05:10:37
Entry Point 0x0006C070
Number of sections 7
PE sections
Overlays
MD5 35bc59f105aa3a91f2f0534048d6a751
File type data
Offset 938496
Size 7000
Entropy 7.32
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
SetEntriesInAclW
GetAce
LookupPrivilegeValueW
GetSecurityInfo
RegDisablePredefinedCache
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
GetKernelObjectSecurity
DuplicateToken
RegOpenKeyExW
CreateProcessAsUserW
SystemFunction036
SetTokenInformation
CopySid
GetTokenInformation
DuplicateTokenEx
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorSacl
CreateRestrictedToken
GetLengthSid
ImpersonateNamedPipeClient
ConvertStringSidToSidW
SetSecurityInfo
RegDeleteValueW
RevertToSelf
RegSetValueExW
EqualSid
SetThreadToken
SetKernelObjectSecurity
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
CreateIoCompletionPort
CreateJobObjectW
SignalObjectAndWait
ReplaceFileW
IsValidLocale
GetFileAttributesW
SetInformationJobObject
SystemTimeToTzSpecificLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
EnumSystemLocalesW
UnhandledExceptionFilter
GetFileInformationByHandle
InitializeSListHead
GetThreadContext
TerminateJobObject
SetStdHandle
WideCharToMultiByte
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetStringTypeW
ResumeThread
SetEvent
LocalFree
ConnectNamedPipe
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
QueryDosDeviceW
MoveFileW
SetFileAttributesW
DebugBreak
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
GetUserDefaultLangID
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetThreadLocale
QueryPerformanceFrequency
HeapSetInformation
LoadLibraryExA
QueryFullProcessImageNameW
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
SetEnvironmentVariableW
FormatMessageA
RegisterWaitForSingleObject
GetFullPathNameW
LockFileEx
CreateThread
GetSystemDirectoryW
RtlCaptureStackBackTrace
DisconnectNamedPipe
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetVersion
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
CreateRemoteThread
GetWindowsDirectoryW
SetHandleInformation
AcquireSRWLockExclusive
WriteProcessMemory
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
GetProcessHeap
CreateFileMappingW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
GetComputerNameExW
FindFirstFileW
ReleaseSRWLockExclusive
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
ReadConsoleW
GetFileInformationByHandleEx
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
GetLocaleInfoW
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
GetConsoleCP
UnregisterWaitEx
AssignProcessToJobObject
GetProcessTimes
SetProcessShutdownParameters
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
WaitNamedPipeW
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
TransactNamedPipe
CreateSemaphoreW
EncodePointer
SuspendThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CreateNamedPipeW
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
GetLongPathNameW
GetProcessHandleCount
GetThreadId
IsValidCodePage
UnmapViewOfFile
FindResourceW
PostQueuedCompletionStatus
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
GetMappedFileNameW
UuidCreate
SHGetKnownFolderPath
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
GetWindowThreadProcessId
GetUserObjectInformationW
AllowSetForegroundWindow
FindWindowExW
CloseDesktop
SendMessageTimeoutW
SetProcessWindowStation
CreateWindowStationW
IsWindow
GetProcessWindowStation
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
timeGetTime
WTSQuerySessionInformationW
WTSFreeMemory
SignalInitializeCrashReporting
GetInstallDetailsPayload
SignalChromeElf
PE exports
Number of PE resources by type
RT_ICON 31
RT_GROUP_ICON 7
GOOGLEUPDATEAPPLICATIONCOMMANDS 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 41
PE resources
Debug information
ExifTool file metadata
CodeSize
578560

SubsystemVersion
5.1

OfficialBuild
1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
56.0.2924.87

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Google Chrome

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
369664

EntryPoint
0x6c070

OriginalFileName
chrome.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016 Google Inc. All rights reserved.

CompanyShortName
Google

FileVersion
56.0.2924.87

TimeStamp
2017:02:01 06:10:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chrome_exe

ProductVersion
56.0.2924.87

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Google Inc.

ProductShortName
Chrome

ProductName
Google Chrome

ProductVersionNumber
56.0.2924.87

LastChange
0e9a9a6f3676ae439b78cd9b3f62b4193c3ac7d5-refs/branch-heads/2924@{#895}

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 38372aa4cc9fbd0eb7a26fc7b5f24562
SHA1 a38bc7506fc264f7d91e5c33715e32060af9da51
SHA256 c70b8cbb2ac962b343535454e4f2bcb3e48d83a04792c64bc768d59b3c1bf403
ssdeep
24576:L9YmOssB47M6Offew3BIvFLFl2SsImwQWa:JYmEsMLuw3BINFl2SsIRa

authentihash 35a602c6dcc8fac6efec51364715eb1dfef5f9af7c34285edb0aebbfa3508164
imphash f01710e6cbea0436214f992e6ee8ec26
File size 923.3 KB ( 945496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe via-tor signed overlay

VirusTotal metadata
First submission 2017-02-01 23:41:12 UTC ( 2 years, 2 months ago )
Last submission 2019-03-14 22:42:49 UTC ( 1 month, 1 week ago )
File names bb893a4c-a399-ac4d-8cad-2cf30717598e_1d2b204bc6bb9ac
863131c3-9b53-3635-a39f-de4cd26b6af5_1d2b28e521be271
eb7da914-b628-bd8d-8476-7ba2da5e6690_1d2b28d4ae78371
chrome_exe
0f7aa896-fa25-063c-d3f2-536fad56474e_1d2b24d54e770fc
60851.tmpscan
10edcfee-e0b2-d72f-549c-f9b307337cbe_1d2b2d2d997357d
596c488e-beac-1070-7280-f50efb192c22_1d2b28d54f89201
new_chrome.exe
7c466b6e-62a4-8158-101f-355b11379fd4_1d2b2bd0b38eac2
ea1ffece-2071-69f3-a32c-e4f3dd481483_1d2b253b1ed787c
old_chrome.exe
e86632f4-fe1b-e37a-f514-56a82482b912_1d2b28d36bb7b41
9037ccb3-01b8-e2f8-3a27-9ab8ffe249f6_1d2b2789c7d1590
6c836299-368a-a881-3331-44bc61701d5e_1d2b26248068782
77c10041-d788-ed26-0941-51fe676e6116_1d2b2844a6968e1
84788f25-7ed2-e723-44fd-3d5d2f2782b5_1d2b208a780f88c
{df0e1195-d531-442a-bc2d-936825f7d07a}.tmp
c6ff43d4-8d64-76fd-7811-a42cacd87682_1d2b200449f129c
eb3ebda7-6a1a-b3dc-93e3-4128380f9c2a_1d2b2003a3f20bc
0a060052-273e-5a16-6308-a8694c58741b_1d2b200c1c5ccac
36af8c57-886d-8e7d-ec4a-3c9c340c63b6_1d2b200cc2ac79c
ad1fbf79-a8a1-4cb7-7357-32d39b34bc64_1d2b233c11d286c
dd7a06ea-48ab-83f2-ef50-f9a1ce03b3f8_1d2b28469e456d1
5877367d-d763-45e0-3144-f7fccee9b407_1d2b297bbe87431
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!