Manalyze report for 0455b3b6912806b729ec664c9b3b17bf259a61375bb49c3699be2af4a7fae815

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-11 23:27:53
Detected languages	English - United States
TLS Callbacks	6 callback(s) detected.
Debug artifacts	chrome_proxy.exe.pdb
CompanyName	Google LLC
FileDescription	Google Chrome
FileVersion	`148.0.7778.168`
InternalName	chrome_proxy
LegalCopyright	Copyright 2026 Google LLC. All rights reserved.
OriginalFilename	chrome_proxy.exe
ProductName	Google Chrome
ProductVersion	`148.0.7778.168`
CompanyShortName	Google
ProductShortName	Chrome
LastChange	58ae0c621a34b558c60db5c6209d9dd9063084b7-refs/branch-heads/7778@{#2784}
Official Build	1

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe` `Contains domain names: blink.net https://perfetto.dev openssl.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable` `Unusual section name found: malloc_h`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegCloseKey RegOpenKeyExW RegQueryValueExW` `Possibly launches other programs: CreateProcessAsUserW CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Enumerates local disk drives: GetDriveTypeW`
Info	The PE is digitally signed.	`Signer: Google LLC` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-18 07:53:49)	`All the AVs think this file is safe.`

Hashes

MD5	`24994c66595772eba3a5d301ee44479b`
SHA1	`d0be4391487b99eff744d15ee214685f2c56aa18`
SHA256	`0455b3b6912806b729ec664c9b3b17bf259a61375bb49c3699be2af4a7fae815`
SHA3	`1613b369773d532faade87a11ff525bcfc43281a323666a2e11a42b1c826dfcb`
SSDeep	`49152:qSGBLGvZ2dDVOiL3WZj2UDIbGP4CuHQOri:qSl2dDVBLGVxKFri`
Imports Hash	`cbc19c45ba6a8b4ac33132c22682d8d2`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-May-11 23:27:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1f7000`
SizeOfInitializedData	`0x68000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000136DD0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`0.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x289000`
SizeOfHeaders	`0x400`
Checksum	`0x26af41`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fe20ed28ebaa6d15ba53c74d2694922e`
SHA1	`f00fb3435d47daac86bb56d3f0080b3ced9dd6f1`
SHA256	`dbee2902050ed817c0e1f7aff93c88662cdbec15647bf59f8ce1de4e602e72f4`
SHA3	`f3e13732a4c550539118d9004e4b1feaaf8e66991e8c8136cc966a944ddd3c94`
VirtualSize	`0x1f6e26`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1f7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49322`

.rdata

MD5	`1110f5fc2f8a898d4daf894eddb3e7a5`
SHA1	`18a132281f9ecf0f2e5bb328449585b5bf9fd73d`
SHA256	`06a95cc7bba0ded9cf924476eb85337afbf5b41cfd6a8909c0c4e639347b4ba6`
SHA3	`7a40b002a19c140cf2a576d114010d721ac8a31c847fca76888ab9fb84d28035`
VirtualSize	`0x43884`
VirtualAddress	`0x1f8000`
SizeOfRawData	`0x43a00`
PointerToRawData	`0x1f7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.69252`

.data

MD5	`f18c4389b285f02a60bbba1c1516030f`
SHA1	`06b06845b9882de96839f008234f1a5dca313a6b`
SHA256	`400c7985bc39fb85ec0a3c9a92e771171b2450b00d90faeae6f35143dc1d197e`
SHA3	`119406d073667499961b819e250cb304808469dbe123b44b0e0e40e8203f6765`
VirtualSize	`0x34210`
VirtualAddress	`0x23c000`
SizeOfRawData	`0x11800`
PointerToRawData	`0x23ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.31069`

.pdata

MD5	`eb54cdeff148da13c8d38733a29ffe0c`
SHA1	`9d107b910251174b622ac6dd4d47557bb5995454`
SHA256	`be068517f6464e762a2d27a7f25ae4e37d1b79ca869d6bd3bab33c291372706a`
SHA3	`e1c4d3a0052ad67c63ec5998141f45473ed4543988d22d42b1d74d04e967e15e`
VirtualSize	`0xf534`
VirtualAddress	`0x271000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x24c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.03352`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x281000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.tls

MD5	`e5b1d5cdcf092782bbe18b4d4730b28a`
SHA1	`9e84068a0372aec5ce5802915645dbd6a1cee421`
SHA256	`dc8336002a548e41b81b6c07ae6c4c8c59626f32ab7e4d317bb6c4cb62b4fa85`
SHA3	`9cb85dc294c72199edf14ef2c334b30ce87ff8e15254303ff19aa0d584f6140c`
VirtualSize	`0x2a9`
VirtualAddress	`0x282000`
SizeOfRawData	`0x400`
PointerToRawData	`0x25be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.193179`

_RDATA

MD5	`3b6d6f675a76e708fd91fe78d99509d1`
SHA1	`c0b340355fc31b4482eb8d140d2a9666c7de1873`
SHA256	`2206961d65807e2748476b51000449b07352a17178ece9f9a42360ec6208ba4b`
SHA3	`78abfd844b6ec0cdc5266e7bf6c827c19ffda615a1cb428299eb5f7fac23404a`
VirtualSize	`0x1f4`
VirtualAddress	`0x283000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.19429`

malloc_h

MD5	`b8bf29438323f9a1532aa87921e8abf5`
SHA1	`1522e1f9ccf7cf796cd2d622b59badc4933bd1eb`
SHA256	`812688c78f15e74e2f706e7b3d731a899c9ab1df1816335a4028791bc6cfa2d8`
SHA3	`83a2907dde6b037beabcea0e2747ab325c3dd9808a7fffc965c7c2609c330ba5`
VirtualSize	`0xc3`
VirtualAddress	`0x284000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.15684`

.rsrc

MD5	`c5be764765618ed78f778bd403b43010`
SHA1	`7cde10f5f4ac6b00c7f821f3990114899c759d9a`
SHA256	`857c447de0a812532c3b171eec6300a6efc36d0294dfc7c9e16386487331f956`
SHA3	`b9b1a93657e7a17070caf70d06319da7aab75cec099fac5fd8a227c1c766f955`
VirtualSize	`0x978`
VirtualAddress	`0x285000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x25c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65538`

.reloc

MD5	`0456c6b9384a0b423b70615a475f6bf6`
SHA1	`c9907d56ba89ca0d9475c7ea7d215f21f50e5318`
SHA256	`e710121303fc6a791888a9138aec8875a94611a946e2525f88c0dd31569897d0`
SHA3	`8abca4fd886804aca8f39af64c7228f8ba2685be818ad2b55a7fd91b00d5ddbd`
VirtualSize	`0x2420`
VirtualAddress	`0x286000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x25d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.36334`

Imports

ADVAPI32.dll	`CreateProcessAsUserW` `RegCloseKey` `RegOpenKeyExW` `RegQueryValueExW`
dbghelp.dll	`SymCleanup` `SymFromAddr` `SymGetLineFromAddr64` `SymGetModuleInfo64` `SymGetSearchPathW` `SymInitialize` `SymSetOptions` `SymSetSearchPathW`
SHELL32.dll	`CommandLineToArgvW` `SHGetFolderPathW` `SHGetKnownFolderPath` `ShellExecuteExW`
USER32.dll	`AllowSetForegroundWindow` `CreateWindowExW` `DefWindowProcW` `DestroyWindow` `DispatchMessageW` `GetActiveWindow` `GetQueueStatus` `KillTimer` `MsgWaitForMultipleObjectsEx` `PeekMessageW` `PostMessageW` `PostQuitMessage` `RegisterClassExW` `SetTimer` `TranslateMessage` `UnregisterClassW`
WINMM.dll	`timeBeginPeriod` `timeEndPeriod` `timeGetTime`
KERNEL32.dll	`AcquireSRWLockExclusive` `AssignProcessToJobObject` `CloseHandle` `CompareStringW` `CreateEventW` `CreateFileW` `CreateIoCompletionPort` `CreateProcessW` `CreateThread` `DeleteCriticalSection` `DeleteFileW` `DeleteProcThreadAttributeList` `DuplicateHandle` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `ExpandEnvironmentStringsW` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDriveTypeW` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileSizeEx` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocalTime` `GetLocaleInfoW` `GetLogicalProcessorInformation` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetModuleHandleW` `GetNativeSystemInfo` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetProductInfo` `GetQueuedCompletionStatus` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTempPathW` `GetThreadContext` `GetThreadId` `GetThreadPriority` `GetThreadPriorityBoost` `GetTickCount` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetVersionExW` `GetWindowsDirectoryW` `GlobalMemoryStatusEx` `InitOnceExecuteOnce` `InitializeConditionVariable` `InitializeCriticalSection` `InitializeCriticalSectionEx` `InitializeProcThreadAttributeList` `InitializeSListHead` `InitializeSRWLock` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `IsWow64Process` `K32GetModuleInformation` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalFree` `MultiByteToWideChar` `OutputDebugStringA` `PostQueuedCompletionStatus` `QueryPerformanceCounter` `QueryPerformanceFrequency` `QueryThreadCycleTime` `RaiseException` `ReadConsoleW` `ReadFile` `ReleaseSRWLockExclusive` `ResetEvent` `ResumeThread` `RtlCaptureContext` `RtlCaptureStackBackTrace` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetEndOfFile` `SetEnvironmentVariableW` `SetEvent` `SetFilePointerEx` `SetHandleInformation` `SetInformationJobObject` `SetLastError` `SetStdHandle` `SetThreadInformation` `SetThreadPriority` `SetThreadPriorityBoost` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableSRW` `SuspendThread` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryAcquireSRWLockExclusive` `UnhandledExceptionFilter` `UnmapViewOfFile` `UnregisterWaitEx` `UpdateProcThreadAttribute` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WakeAllConditionVariable` `WakeConditionVariable` `WideCharToMultiByte` `WriteConsoleW` `WriteFile`
ole32.dll	`CoInitializeEx` `CoRegisterInitializeSpy` `CoRevokeInitializeSpy` `CoTaskMemFree` `CoUninitialize`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock`
api-ms-win-core-winrt-l1-1-0.dll	`RoInitialize` `RoUninitialize`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll` `WakeByAddressSingle`

Delayed Imports

GetHandleVerifier

Ordinal	`1`
Address	`0x482b0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56188`
MD5	`7563df36e4872927521aba6f00ad133a`
SHA1	`6e3530d358b0286e7c257c01d1627aedf6ea4dc1`
SHA256	`f12332b6626bff15f1bfbca42730f628946a66704ecb67458bc63715f8fcf81a`
SHA3	`bd3973df7fff31d8b91356417012bcc030d6539e9e32d069442d47008058fcde`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x46e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33064`
MD5	`01cc84f4b6bdfa1677f829f251bcbca3`
SHA1	`165432c4d32170393092b361002c01d3ccfbd0de`
SHA256	`25f8c0776037b1f0a86a405d0b2d22f2a3cb11c0e7d84c75ae007e7836fc144b`
SHA3	`e293534a95a5a5aa815f787dec03f37968445fc46430ac3dded92e685c61521c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	148.0.7778.168
ProductVersion	148.0.7778.168
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Google LLC
FileDescription	Google Chrome
FileVersion (#2)	148.0.7778.168
InternalName	chrome_proxy
LegalCopyright	Copyright 2026 Google LLC. All rights reserved.
OriginalFilename	chrome_proxy.exe
ProductName	Google Chrome
ProductVersion (#2)	148.0.7778.168
CompanyShortName	Google
ProductShortName	Chrome
LastChange	58ae0c621a34b558c60db5c6209d9dd9063084b7-refs/branch-heads/7778@{#2784}
Official Build	1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-11 23:27:53
Version	`0.0`
SizeofData	`45`
AddressOfRawData	`0x22e328`
PointerToRawData	`0x22d728`
Referenced File	chrome_proxy.exe.pdb

TLS Callbacks

StartAddressOfRawData	`0x140282000`
EndAddressOfRawData	`0x1402822a8`
AddressOfIndex	`0x14024d698`
AddressOfCallbacks	`0x14022fea8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x0000000140052BA0` `0x00000001401360C0` `0x0000000140080240` `0x0000000140136140` `0x000000014002D340` `0x0000000140078F90`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14023c040`
GuardCFCheckFunctionPointer	`5371002352`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

Errors

Leave a comment

No comments yet.