× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e777a742c44a617b05e455edd4872c1a5c73a40fc18b767bfcaaa1a5dde88bc6
File name: b3427c74913a7281044b1993eb585c30ccf0a947
Detection ratio: 16 / 56
Analysis date: 2014-11-28 23:55:44 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Ransom 20141128
Avast Win32:Trojan-gen 20141128
Avira (no cloud) TR/Crypt.ZPACK.110584 20141128
Baidu-International Trojan.Win32.Zbot.Aw 20141128
ESET-NOD32 Win32/Spy.Zbot.ACB 20141128
Ikarus Trojan-Spy.Zbot 20141129
Kaspersky Trojan-Spy.Win32.Zbot.uqbe 20141129
Malwarebytes Trojan.Agent.ED 20141129
McAfee RDN/Generic PWS.y!bbw 20141129
McAfee-GW-Edition BehavesLike.Win32.Pate.dc 20141129
Microsoft PWS:Win32/Zbot.gen!VM 20141129
Panda Generic Suspicious 20141128
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20141129
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141126
Sophos AV Mal/Generic-S 20141128
TrendMicro-HouseCall Suspicious_GEN.F47V1127 20141128
Ad-Aware 20141128
AegisLab 20141128
Yandex 20141128
ALYac 20141128
Antiy-AVL 20141128
AVG 20141128
AVware 20141121
BitDefender 20141128
Bkav 20141127
ByteHero 20141129
CAT-QuickHeal 20141128
ClamAV 20141128
CMC 20141127
Comodo 20141128
Cyren 20141128
DrWeb 20141128
Emsisoft 20141128
F-Prot 20141128
F-Secure 20141128
Fortinet 20141128
GData 20141128
Jiangmin 20141127
K7AntiVirus 20141128
K7GW 20141128
Kingsoft 20141129
eScan 20141129
NANO-Antivirus 20141128
Norman 20141128
nProtect 20141128
SUPERAntiSpyware 20141128
Symantec 20141129
Tencent 20141129
TheHacker 20141124
TotalDefense 20141129
TrendMicro 20141129
VBA32 20141128
VIPRE 20141128
ViRobot 20141128
Zillya 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009-2013, Comodo Security Solutions, Inc.

Product Comodo Dragon
Original name chrome.exe
Internal name chrome_exe
File version 3.3.1.0
Description Comodo Dragon
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-27 18:07:51
Entry Point 0x00004841
Number of sections 5
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
TextOutA
LineTo
CreateICA
TextOutW
DeleteDC
SelectObject
RectVisible
CreatePen
GetStockObject
SetViewportOrgEx
SetPixel
GetTextMetricsA
CreateSolidBrush
Polyline
MoveToEx
SetBkColor
DeleteObject
Ellipse
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
EncodePointer
OutputDebugStringA
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
lstrlenW
GetProfileIntA
IsProcessorFeaturePresent
lstrcatW
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
SetFilePointer
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileType
SetStdHandle
CompareStringW
lstrcpyW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
HeapSetInformation
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetComputerNameExW
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
CreateFileW
FindClose
TlsGetValue
Sleep
WriteConsoleW
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
acmFormatEnumA
acmMetrics
acmDriverOpen
acmDriverClose
NetUserEnum
NetGetJoinInformation
NetApiBufferFree
SHGetFolderPathW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ExtractAssociatedIconA
ReleaseDC
SetLayeredWindowAttributes
SetMenuItemBitmaps
PostQuitMessage
EndDialog
ReleaseCapture
DestroyMenu
ShowWindow
DefWindowProcA
SetWindowTextA
LoadBitmapA
GetClipboardData
GetSystemMetrics
AppendMenuA
GetWindowRect
EndPaint
SetMenu
MoveWindow
MessageBoxA
CopyImage
DialogBoxParamA
GetDlgItemInt
CheckDlgButton
GetDC
DrawCaption
GetCursorPos
DrawTextA
BeginPaint
CreatePopupMenu
CheckMenuItem
PtInRect
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
DrawMenuBar
DrawTextW
ScreenToClient
SetRect
InvalidateRect
wsprintfA
CreateMenu
SetRectEmpty
LoadIconA
CountClipboardFormats
IsDlgButtonChecked
SetDlgItemInt
EnableWindow
CloseClipboard
GetMonitorInfoA
DestroyWindow
OpenClipboard
ScriptStringOut
ScriptStringAnalyse
ScriptStringFree
WTSQuerySessionInformationA
GdiplusShutdown
GdipCreateFromHWND
GdipFree
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdiplusStartup
GdipDeleteGraphics
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_BITMAP 1
Struct(28) 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.3.1.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
49664

EntryPoint
0x4841

OriginalFileName
chrome.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2013, Comodo Security Solutions, Inc.

FileVersion
3.3.1.0

TimeStamp
2014:11:27 19:07:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chrome_exe

ProductVersion
3.3.1.0

FileDescription
Comodo Dragon

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Comodo

CodeSize
216576

ProductName
Comodo Dragon

ProductVersionNumber
3.3.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f7d2c8fa25a40c88b8d03dc732720526
SHA1 2afedec96f1d00269e0470bb266e56edac75f9ba
SHA256 e777a742c44a617b05e455edd4872c1a5c73a40fc18b767bfcaaa1a5dde88bc6
ssdeep
3072:vR65njL4ZwseCOnOZpigkGi4YneJai92B9kCFUEsSa6C0gIZEx5VNRiOUcs/D:Onj+wLCOOXigLLaiS+dJt6Cyu8Ov

authentihash 291f7f16e1b3b6256ec6c95dcfcc601a3e22e1424edfbe1cb1455a2de175127f
imphash 5dda17d4668b5c8d3c75a361152abff7
File size 261.0 KB ( 267264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-27 23:30:03 UTC ( 4 years, 3 months ago )
Last submission 2016-01-14 15:52:01 UTC ( 3 years, 2 months ago )
File names e777a742c44a617b05e455edd4872c1a5c73a40fc18b767bfcaaa1a5dde88bc6.exe
lH6JHh.jpeg
chrome.exe
b3427c74913a7281044b1993eb585c30ccf0a947
chrome_exe
e777a742c44a617b05e455edd4872c1a5c73a40fc18b767bfcaaa1a5dde88bc6.exe
qbda.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.