× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d18fa7e12d3e18684f762046ed5692e689f8877e536f1624052c11619c0a9ecb
File name: 866086c22e7134d45798e7f440f9d05318f6311e
Detection ratio: 2 / 56
Analysis date: 2014-11-29 00:35:01 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Zbot.A.1436 20141128
ESET-NOD32 Win32/Spy.Zbot.ACB 20141128
Ad-Aware 20141129
AegisLab 20141129
Yandex 20141128
AhnLab-V3 20141128
ALYac 20141128
Antiy-AVL 20141128
Avast 20141128
AVG 20141128
AVware 20141121
Baidu-International 20141128
BitDefender 20141128
Bkav 20141127
ByteHero 20141129
CAT-QuickHeal 20141128
ClamAV 20141128
CMC 20141127
Comodo 20141128
Cyren 20141128
DrWeb 20141128
Emsisoft 20141128
F-Prot 20141128
F-Secure 20141128
Fortinet 20141128
GData 20141128
Ikarus 20141129
Jiangmin 20141127
K7AntiVirus 20141128
K7GW 20141128
Kaspersky 20141129
Kingsoft 20141129
Malwarebytes 20141129
McAfee 20141129
McAfee-GW-Edition 20141129
Microsoft 20141129
eScan 20141129
NANO-Antivirus 20141128
Norman 20141128
nProtect 20141128
Panda 20141128
Qihoo-360 20141129
Rising 20141126
Sophos AV 20141128
SUPERAntiSpyware 20141128
Symantec 20141129
Tencent 20141129
TheHacker 20141124
TotalDefense 20141129
TrendMicro 20141129
TrendMicro-HouseCall 20141129
VBA32 20141128
VIPRE 20141129
ViRobot 20141128
Zillya 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009-2013, Comodo Security Solutions, Inc.

Publisher Comodo
Product Comodo Dragon
Original name chrome.exe
Internal name chrome_exe
File version 3.3.1.0
Description Comodo Dragon
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-28 11:21:15
Entry Point 0x0000C870
Number of sections 5
PE sections
PE imports
CloseServiceHandle
RegCloseKey
RegNotifyChangeKeyValue
OpenServiceA
RegQueryValueExA
RegSetValueExA
ControlService
RegCreateKeyExA
DeleteService
RegOpenKeyExA
OpenSCManagerA
ImageList_Create
Ord(17)
GetOpenFileNameA
GetOpenFileNameW
CommDlgExtendedError
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore
CreatePen
TextOutA
GetPaletteEntries
EndPath
CombineRgn
GetBitmapBits
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
EndDoc
FillPath
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
GetCurrentObject
RectVisible
CreateEllipticRgn
MoveToEx
SetViewportOrgEx
GetDIBits
CreateCompatibleDC
SelectObject
StartDocA
GetTextMetricsA
SetDIBColorTable
CreateSolidBrush
Polyline
SetBkColor
BeginPath
DeleteObject
Ellipse
GetStdHandle
WaitForSingleObject
HeapAlloc
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
lstrcatW
CommConfigDialogA
WaitCommEvent
SetStdHandle
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
GetProfileIntA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
WriteProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ClearCommError
DecodePointer
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
SetCommMask
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyA
GetProfileStringA
GetComputerNameExW
SetCommTimeouts
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
IsBadReadPtr
HeapValidate
NetUserEnum
NetGetJoinInformation
NetApiBufferFree
VariantClear
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SHGetFolderPathW
StrToIntA
SetFocus
GetMessageA
SetWindowRgn
GetCursorInfo
SetLayeredWindowAttributes
EndDialog
BeginPaint
CreateWindowExA
SetRectEmpty
DefWindowProcA
KillTimer
DestroyMenu
RegisterClassExW
PostQuitMessage
CreatePopupMenu
ShowWindow
MessageBeep
LoadBitmapA
GetParent
GetSystemMetrics
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
WindowFromPoint
MessageBoxA
SetWindowLongA
TranslateMessage
InvalidateRect
GetDlgItemInt
CheckDlgButton
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
CheckMenuItem
GetWindowLongA
PtInRect
GetIconInfo
IsDialogMessageA
SendMessageA
GetClientRect
CreateMenu
GetDlgItem
DrawMenuBar
ClientToScreen
SetRect
ScreenToClient
wsprintfA
SetTimer
LoadCursorA
LoadIconA
CountClipboardFormats
AdjustWindowRect
IsDlgButtonChecked
SetDlgItemInt
LoadImageA
GetClassNameA
CreateWindowExW
EndPaint
GetWindowTextA
GetMonitorInfoA
CopyImage
SetMenuItemBitmaps
DestroyWindow
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetGetLastResponseInfoA
InternetConnectA
EndDocPrinter
OpenPrinterA
EnumPrintersA
ClosePrinter
EndPagePrinter
GdipFree
GdipLoadImageFromFile
GdipAlloc
GdipCreateFromHWND
GdipCloneImage
GdipDisposeImage
GdipDeleteGraphics
CoUninitialize
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
StringFromCLSID
CoGetMalloc
Number of PE resources by type
RT_BITMAP 1
Struct(28) 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
110592

ImageVersion
0.0

ProductName
Comodo Dragon

FileVersionNumber
3.3.1.0

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Comodo Dragon

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
chrome.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.3.1.0

TimeStamp
2014:11:28 12:21:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chrome_exe

FileAccessDate
2014:12:06 01:35:28+01:00

ProductVersion
3.3.1.0

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:12:06 01:35:28+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2009-2013, Comodo Security Solutions, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Comodo

CodeSize
341504

FileSubtype
0

ProductVersionNumber
3.3.1.0

EntryPoint
0xc870

ObjectFileType
Executable application

File identification
MD5 759f6df3ee48e2ccf4d4a080bd0d6be4
SHA1 866086c22e7134d45798e7f440f9d05318f6311e
SHA256 d18fa7e12d3e18684f762046ed5692e689f8877e536f1624052c11619c0a9ecb
ssdeep
6144:o+u69d2ExFqF0AyVVfCKxhUKdM1/N6JaxfF3Pz4VMxU9CHXtLqlMmpH54t:o+u69dtFqqA8fLBI/kJQKwUqw+mL

authentihash dcd4fc1fcdf8145e5721eb8a21d235e9f2e30a61954b74c92081ac1cdd843d6e
imphash f84f583f27b09c782ca8cfc0ac53151a
File size 442.5 KB ( 453120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-29 00:35:01 UTC ( 4 years, 3 months ago )
Last submission 2014-11-29 00:35:01 UTC ( 4 years, 3 months ago )
File names 866086c22e7134d45798e7f440f9d05318f6311e
d18fa7e12d3e18684f762046ed5692e689f8877e536f1624052c11619c0a9ecb.exe
chrome_exe
chrome.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.