Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Dec-13 21:33:53 |
Detected languages |
English - United States
|
TLS Callbacks | 1 callback(s) detected. |
Debug artifacts |
C:\b\c\b\win64_pgo\src\out\Release_x64\initialexe\chrome.exe.pdb
|
CompanyName | Google Inc. |
FileDescription | Google Chrome |
FileVersion | 63.0.3239.108 |
InternalName | chrome_exe |
LegalCopyright | Copyright 2016 Google Inc. All rights reserved. |
OriginalFilename | chrome.exe |
ProductName | Google Chrome |
ProductVersion | 63.0.3239.108 |
CompanyShortName | |
ProductShortName | Chrome |
LastChange | d2626860fae283daee484943e6820af18fc73fd9-refs/branch-heads/3239@{#676} |
Official Build | 1 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .didat
Unusual section name found: CPADinfo |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Google Inc
Issuer: Symantec Class 3 SHA256 Code Signing CA |
Safe | VirusTotal score: 0/67 (Scanned on 2019-11-21 14:59:59) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x130 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 8 |
TimeDateStamp | 2017-Dec-13 21:33:53 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xfc800 |
SizeOfInitializedData | 0x8b200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000D7440 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x18c000 |
SizeOfHeaders | 0x400 |
Checksum | 0x1863e0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
chrome_elf.dll |
SignalInitializeCrashReporting
GetInstallDetailsPayload SignalChromeElf |
---|---|
ADVAPI32.dll |
ImpersonateNamedPipeClient
SetEntriesInAclW GetSecurityInfo CreateWellKnownSid GetTokenInformation ConvertSidToStringSidW OpenProcessToken RegQueryValueExW RegDeleteValueW RegOpenKeyExW RegSetValueExW RegCreateKeyExW RegCloseKey SystemFunction036 EventUnregister EventRegister EventWrite RegDisablePredefinedCache RevertToSelf GetLengthSid SetKernelObjectSecurity ConvertStringSecurityDescriptorToSecurityDescriptorW GetKernelObjectSecurity SetSecurityInfo ConvertStringSidToSidW SetTokenInformation GetAce GetSecurityDescriptorSacl CreateProcessAsUserW SetThreadToken DuplicateTokenEx DuplicateToken CreateRestrictedToken EqualSid LookupPrivilegeValueW CopySid |
KERNEL32.dll |
InitOnceExecuteOnce
GetThreadLocale GetSystemDefaultLCID GetModuleFileNameW SetLastError GetCurrentThreadId CreateEventW GetLastError GetCurrentProcess GetProcessId WaitForSingleObject DuplicateHandle SetProcessShutdownParameters SetCurrentDirectoryW GetProcAddress LoadLibraryExW VirtualFree VirtualAlloc MultiByteToWideChar WideCharToMultiByte GetModuleHandleW ReleaseSRWLockExclusive lstrlenW LoadLibraryW LocalFree ExpandEnvironmentStringsW GetModuleHandleA GetCommandLineW SetThreadPriority QueryThreadCycleTime Sleep FileTimeToSystemTime GetCurrentThread QueryPerformanceFrequency GetThreadPriority SystemTimeToTzSpecificLocalTime GetSystemTimeAsFileTime QueryPerformanceCounter HeapCreate HeapDestroy WriteFile CreateFileW DeleteFileW CloseHandle GetLocalTime GetCurrentDirectoryW GetCurrentProcessId FormatMessageA GetTickCount TerminateProcess OpenProcess GetExitCodeProcess ReadFile GetFileSizeEx SetEndOfFile GetFileInformationByHandle SetFilePointerEx FlushFileBuffers AcquireSRWLockExclusive GetVersionExW GetNativeSystemInfo RegisterWaitForSingleObject UnregisterWaitEx CreateDirectoryW QueryDosDeviceW GetLongPathNameW RemoveDirectoryW GetTempPathW GetFileAttributesW UnmapViewOfFile SetFileAttributesW ReplaceFileW CreateFileMappingW MapViewOfFile MoveFileW GetSystemDirectoryW GetWindowsDirectoryW RaiseException CreateThread GetThreadId IsDebuggerPresent HeapFree HeapSize HeapReAlloc HeapAlloc TlsGetValue GetUserDefaultLangID FreeLibrary FindFirstFileExW FindNextFileW FindClose GetModuleHandleExW FlushViewOfFile RtlCaptureStackBackTrace SetUnhandledExceptionFilter TlsSetValue TlsAlloc TlsFree SizeofResource LockResource LoadResource FindResourceW HeapSetInformation VirtualQuery GetProcessTimes WakeAllConditionVariable WakeConditionVariable SleepConditionVariableSRW GetSystemInfo VirtualQueryEx SetEvent ResetEvent SetInformationJobObject GetQueuedCompletionStatus PostQueuedCompletionStatus CreateIoCompletionPort InitializeCriticalSectionAndSpinCount DecodePointer DeleteCriticalSection CreateProcessW OutputDebugStringW GetComputerNameExW UnlockFileEx LockFileEx SetConsoleCtrlHandler GetUserDefaultLCID EnterCriticalSection LeaveCriticalSection InitializeCriticalSection TerminateJobObject GetProcessHeaps SetHandleInformation GetProcessHandleCount SignalObjectAndWait ProcessIdToSessionId GetFileType WriteProcessMemory AssignProcessToJobObject VirtualProtectEx ReadProcessMemory VirtualAllocEx VirtualFreeEx CreateRemoteThread CreateJobObjectW CreateNamedPipeW CreateMutexW DebugBreak SearchPathW VirtualProtect LoadLibraryExA GetThreadContext SuspendThread Wow64GetThreadContext SleepEx CreateSemaphoreW ReleaseSemaphore WaitNamedPipeW TransactNamedPipe GetVersion SetNamedPipeHandleState IsWow64Process ConnectNamedPipe DisconnectNamedPipe GetFileInformationByHandleEx GetUserDefaultUILanguage ResumeThread WriteConsoleW SetEnvironmentVariableA FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineA GetOEMCP IsValidCodePage GetTimeZoneInformation EnumSystemLocalesW IsValidLocale ReadConsoleW GetACP GetStdHandle ExitProcess SetStdHandle GetFullPathNameW GetConsoleMode GetConsoleCP PeekNamedPipe GetDriveTypeW RtlPcToFileHeader RtlUnwindEx GetCPInfo GetLocaleInfoW LCMapStringW CompareStringW EncodePointer GetStringTypeW InitializeSListHead GetStartupInfoW IsProcessorFeaturePresent UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext WaitForSingleObjectEx |
PSAPI.DLL |
GetProcessMemoryInfo
GetPerformanceInfo QueryWorkingSetEx |
SHELL32.dll |
SHGetKnownFolderPath
SHGetFolderPathW ShellExecuteExW CommandLineToArgvW |
SHLWAPI.dll |
PathMatchSpecW
|
USER32.dll |
RegisterClassW
GetMessageW SetTimer SetProcessDPIAware GetThreadDesktop CreateDesktopW SetProcessWindowStation GetUserObjectInformationW GetProcessWindowStation CreateWindowStationW CloseWindowStation CloseDesktop wsprintfW GetWindowThreadProcessId AllowSetForegroundWindow SendMessageTimeoutW IsWindow DefWindowProcW FindWindowExW DestroyWindow SetWindowLongPtrW CreateWindowExW UnregisterClassW GetWindowLongPtrW RegisterClassExW PostMessageW DispatchMessageW PeekMessageW MsgWaitForMultipleObjectsEx GetQueueStatus TranslateMessage KillTimer PostQuitMessage |
VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
WINMM.dll |
timeEndPeriod
timeGetTime timeBeginPeriod |
USERENV.dll |
CreateEnvironmentBlock
DestroyEnvironmentBlock |
WINHTTP.dll |
WinHttpConnect
WinHttpOpen WinHttpCrackUrl WinHttpCloseHandle WinHttpOpenRequest WinHttpReadData WinHttpQueryHeaders WinHttpAddRequestHeaders WinHttpSetTimeouts WinHttpReceiveResponse WinHttpSendRequest WinHttpWriteData |
dbghelp.dll (delay-loaded) |
MiniDumpWriteDump
|
Attributes | 0x1 |
---|---|
Name | dbghelp.dll |
ModuleHandle | 0x134f00 |
DelayImportAddressTable | 0x147030 |
DelayImportNameTable | 0x130aa8 |
BoundDelayImportTable | 0x130b78 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Ordinal | 1 |
---|---|
Address | 0x1cab0 |
Ordinal | 2 |
---|---|
Address | 0x79050 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 63.0.3239.108 |
ProductVersion | 63.0.3239.108 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Google Inc. |
FileDescription | Google Chrome |
FileVersion (#2) | 63.0.3239.108 |
InternalName | chrome_exe |
LegalCopyright | Copyright 2016 Google Inc. All rights reserved. |
OriginalFilename | chrome.exe |
ProductName | Google Chrome |
ProductVersion (#2) | 63.0.3239.108 |
CompanyShortName | |
ProductShortName | Chrome |
LastChange | d2626860fae283daee484943e6820af18fc73fd9-refs/branch-heads/3239@{#676} |
Official Build | 1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Dec-13 21:33:53 |
Version | 0.0 |
SizeofData | 89 |
AddressOfRawData | 0x123a50 |
PointerToRawData | 0x122650 |
Referenced File | C:\b\c\b\win64_pgo\src\out\Release_x64\initialexe\chrome.exe.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Dec-13 21:33:53 |
Version | 0.0 |
SizeofData | 1180 |
AddressOfRawData | 0x123aac |
PointerToRawData | 0x1226ac |
StartAddressOfRawData | 0x140123f68 |
---|---|
EndAddressOfRawData | 0x140123f84 |
AddressOfIndex | 0x140135500 |
AddressOfCallbacks | 0x1400feab0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks |
0x00000001400382B0
|
Size | 0x70 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0x200000 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140133008 |
GuardCFCheckFunctionPointer | 0 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xfaca5da4 |
---|---|
Unmarked objects | 0 |
C++ objects (24610) | 181 |
199 (41118) | 5 |
ASM objects (25305) | 8 |
C objects (25305) | 35 |
262 (24610) | 2 |
ASM objects (24610) | 15 |
C objects (24610) | 22 |
C++ objects (25305) | 68 |
Imports (24610) | 24 |
ASM objects (25507) | 1 |
C++ objects (25507) | 1 |
Imports (25507) | 3 |
Total imports | 422 |
265 (25507) | 473 |
Exports (25507) | 1 |
Resource objects (25507) | 1 |
151 | 2 |
Linker (25507) | 1 |