× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f8ab572c3a395812147faed7fef2c688c0c2b3d06c0074ade741ad4d51fd870c
File name: ChromeCookiesView
Detection ratio: 39 / 56
Analysis date: 2015-11-26 01:19:49 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2881116 20151129
Yandex TrojanSpy.Zbot!KBokO2yKx6w 20151128
AhnLab-V3 Trojan/Win32.NgrBot 20151128
ALYac Trojan.GenericKD.2881116 20151129
Antiy-AVL Trojan/Win32.Yakes 20151129
Arcabit Trojan.Generic.D2BF65C 20151129
Avast Win32:Dorder-G [Trj] 20151129
AVG Crypt_r.ALV 20151129
Avira (no cloud) TR/Crypt.Xpack.324448 20151128
AVware Trojan.Win32.Generic!BT 20151129
Baidu-International Trojan.Win32.Zbot.weeu 20151128
BitDefender Trojan.GenericKD.2881116 20151129
Cyren W32/Agent.XL.gen!Eldorado 20151129
DrWeb BackDoor.IRC.NgrBot.42 20151129
Emsisoft Trojan.GenericKD.2881116 (B) 20151129
ESET-NOD32 a variant of Win32/Kryptik.EFKJ 20151128
F-Prot W32/Agent.XL.gen!Eldorado 20151129
F-Secure Trojan.GenericKD.2881116 20151128
Fortinet W32/Kryptik.EFKJ!tr 20151128
GData Trojan.GenericKD.2881116 20151129
Ikarus Trojan.Win32.Crypt 20151128
K7AntiVirus Trojan ( 004d72ab1 ) 20151129
K7GW Trojan ( 004d72ab1 ) 20151129
Kaspersky Trojan-Spy.Win32.Zbot.weeu 20151129
Malwarebytes Trojan.Zbot 20151129
McAfee Artemis!CCB86ECCBDE7 20151129
McAfee-GW-Edition BehavesLike.Win32.Generic.jh 20151128
Microsoft Trojan:Win32/Bagsu!rfn 20151128
eScan Trojan.GenericKD.2881116 20151129
NANO-Antivirus Trojan.Win32.NgrBot.dywabk 20151129
nProtect Trojan.GenericKD.2881116 20151127
Panda Trj/Genetic.gen 20151128
Qihoo-360 QVM10.1.Malware.Gen 20151129
Sophos AV Mal/Generic-S 20151129
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20151129
Symantec Trojan Horse 20151128
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20151129
TrendMicro TROJ_GEN.R021C0DKL15 20151129
VIPRE Trojan.Win32.Generic!BT 20151129
AegisLab 20151128
Alibaba 20151127
Bkav 20151128
ByteHero 20151129
CAT-QuickHeal 20151128
ClamAV 20151129
CMC 20151127
Comodo 20151129
Jiangmin 20151128
Rising 20151128
TheHacker 20151127
TotalDefense 20151128
TrendMicro-HouseCall 20151129
VBA32 20151129
ViRobot 20151128
Zillya 20151127
Zoner 20151129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2011 - 2015 Nir Sofer

Product ChromeCookiesView
Original name ChromeCookiesView.exe
Internal name ChromeCookiesView
File version 1.20
Description ChromeCookiesView
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-19 01:00:00
Entry Point 0x00023E62
Number of sections 5
PE sections
Overlays
MD5 2642bb48d141f9db58b0504cd51503b0
File type data
Offset 688640
Size 1791
Entropy 7.86
PE imports
RegOpenKeyA
GetOpenFileNameW
SetViewportExtEx
PlayEnhMetaFile
UpdateColors
DeleteDC
GetBoundsRect
GetMapMode
GetGraphicsMode
GetICMProfileA
GetWinMetaFileBits
FillRgn
GetStretchBltMode
GetEnhMetaFileHeader
PtVisible
CreateFontA
PatBlt
SetTextAlign
GetPolyFillMode
SetBoundsRect
DeleteMetaFile
GetTextFaceA
LockFileEx
GetLastError
GetWriteWatch
HeapFree
GetStdHandle
EnterCriticalSection
GetNamedPipeInfo
SetHandleCount
GetModuleFileNameW
GetOEMCP
GetThreadTimes
InitializeCriticalSectionAndSpinCount
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetPriorityClass
FileTimeToDosDateTime
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
CancelDeviceWakeupRequest
LockResource
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetStringTypeA
CreateFileMappingW
LCMapStringW
DosDateTimeToFileTime
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
MulDiv
GetSystemTimeAsFileTime
LocalShrink
FindNextFileA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
IsDebuggerPresent
TerminateProcess
GlobalFlags
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
LocalUnlock
SetLastError
LeaveCriticalSection
SHGetFolderPathW
DragQueryFileW
DragAcceptFiles
ShellExecuteW
ExtractIconExW
CommandLineToArgvW
RedrawWindow
GetForegroundWindow
SetMenuItemBitmaps
SetMenuDefaultItem
GetMessagePos
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
PeekMessageA
CharUpperBuffW
SendMessageW
SetActiveWindow
GetDC
ChangeClipboardChain
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClipCursor
GetMenu
GetClientRect
DefWindowProcW
DrawTextW
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadImageW
GetActiveWindow
OpenClipboard
MapVirtualKeyExW
CopyAcceleratorTableW
DestroyWindow
GetParent
UpdateWindow
EqualRect
GetWindowTextW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
TranslateMDISysAccel
EnableWindow
CharUpperW
GetClipboardFormatNameW
LoadIconW
IsWindowEnabled
GetWindow
RegisterClassW
GetIconInfo
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
IsIconic
InvertRect
GetSubMenu
CreateMenu
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
GetSysColorBrush
EnumDesktopWindows
CreateWindowExW
TabbedTextOutW
GetWindowLongW
PtInRect
IsChild
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefMDIChildProcW
MapVirtualKeyW
ArrangeIconicWindows
SendDlgItemMessageA
IsCharAlphaNumericW
EnableMenuItem
GetWindowRect
InflateRect
SetCapture
DrawIcon
DrawTextExW
GetMessageExtraInfo
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
CheckDlgButton
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
GetAsyncKeyState
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
GetSystemMenu
NotifyWinEvent
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
IntersectRect
EndDialog
HideCaret
FindWindowW
GetCapture
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
DefFrameProcW
UnhookWindowsHookEx
MoveWindow
MessageBoxA
CascadeWindows
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
CopyImage
UpdateLayeredWindow
GetProcessDefaultLayout
TrackMouseEvent
DestroyIcon
IsWindowVisible
WinHelpW
TileWindows
GetDesktopWindow
SystemParametersInfoW
MonitorFromWindow
FrameRect
InvalidateRect
GetUserObjectSecurity
CallWindowProcW
GetClassNameW
DefDlgProcA
ModifyMenuW
IsRectEmpty
GetFocus
CloseClipboard
GetDlgItemTextW
ReplyMessage
SetCursor
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
UnDecorateSymbolName
CoTaskMemFree
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
504832

ImageVersion
0.0

ProductName
ChromeCookiesView

FileVersionNumber
1.2.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
ChromeCookiesView.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2

TimeStamp
2015:11:19 02:00:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChromeCookiesView

ProductVersion
1.2

FileDescription
ChromeCookiesView

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2011 - 2015 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
182784

FileSubtype
0

ProductVersionNumber
1.2.0.0

EntryPoint
0x23e62

ObjectFileType
Executable application

File identification
MD5 ccb86eccbde7683410910adf09bc0a62
SHA1 4df66fbfc6c5b2eee604988aaf83771033fc0959
SHA256 f8ab572c3a395812147faed7fef2c688c0c2b3d06c0074ade741ad4d51fd870c
ssdeep
12288:XLgjOOjOTFggaTDEOUvyud8FZJn3ef1oSuWlImRL/LYMn/7:7gjOOjGFggRyuCjJ3e2OlTRQ67

authentihash fc690a38cc7eccb3bdb3adaaf0f5ededb634b78f0eb8aed762ae522b4147d069
imphash c817ed1d94679a46f400ab45142b415f
File size 674.2 KB ( 690431 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-19 01:19:24 UTC ( 1 year, 10 months ago )
Last submission 2015-11-19 01:19:24 UTC ( 1 year, 10 months ago )
File names ChromeCookiesView.exe
ChromeCookiesView
bot.exe
printfilterpipelinesvc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs