Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-May-13 05:00:00 |
Detected languages |
English - United States
|
TLS Callbacks | 2 callback(s) detected. |
Debug artifacts |
elevation_service.exe.pdb
|
CompanyName | Google Inc. |
FileDescription | Google Chrome |
FileVersion | 74.0.3729.157 |
InternalName | elevation_service_exe |
LegalCopyright | Copyright 2018 Google Inc. All rights reserved. |
OriginalFilename | elevation_service.exe |
ProductName | Google Chrome |
ProductVersion | 74.0.3729.157 |
CompanyShortName | |
ProductShortName | Chrome |
LastChange | 7b16107ab85c5364cdcd0b2dea2539a1f2dc327a-refs/branch-heads/3729@{#998} |
Official Build | 1 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES |
Suspicious | The PE is possibly packed. | Unusual section name found: .retplne |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Google LLC
Issuer: DigiCert SHA2 Assured ID Code Signing CA |
Safe | VirusTotal score: 0/68 (Scanned on 2019-05-21 07:05:31) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 9 |
TimeDateStamp | 2019-May-13 05:00:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xeee00 |
SizeOfInitializedData | 0x44800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000C77D0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x13f000 |
SizeOfHeaders | 0x400 |
Checksum | 0x13f7ce |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
AddAce
CopySid CreateProcessAsUserW EventRegister EventUnregister EventWrite GetAclInformation GetLengthSid GetSecurityDescriptorControl GetSecurityDescriptorDacl GetSecurityDescriptorGroup GetSecurityDescriptorOwner GetSecurityDescriptorSacl GetSidLengthRequired GetSidSubAuthority InitializeAcl InitializeSecurityDescriptor InitializeSid IsValidSid MakeAbsoluteSD RegCloseKey RegOpenKeyExW RegQueryValueExW RegisterServiceCtrlHandlerW SetSecurityDescriptorDacl SetSecurityDescriptorGroup SetSecurityDescriptorOwner SetServiceStatus StartServiceCtrlDispatcherW SystemFunction036 |
---|---|
KERNEL32.dll |
AcquireSRWLockExclusive
AcquireSRWLockShared AssignProcessToJobObject ChangeTimerQueueTimer CloseHandle CompareStringW CopyFileW CreateDirectoryW CreateEventW CreateFileW CreateProcessW CreateThread CreateTimerQueue CreateTimerQueueTimer DecodePointer DeleteCriticalSection DeleteFileW DeleteTimerQueueTimer DuplicateHandle EncodePointer EnterCriticalSection EnumSystemLocalesW ExitProcess FindClose FindFirstFileExW FindNextFileW FlushFileBuffers FormatMessageA FormatMessageW FreeEnvironmentStringsW FreeLibrary FreeLibraryAndExitThread GetACP GetCPInfo GetCommandLineA GetCommandLineW GetConsoleCP GetConsoleMode GetCurrentDirectoryW GetCurrentProcess GetCurrentProcessId GetCurrentThread GetCurrentThreadId GetDriveTypeW GetEnvironmentStringsW GetEnvironmentVariableW GetExitCodeProcess GetFileAttributesW GetFileSizeEx GetFileType GetFullPathNameW GetLastError GetLocalTime GetLocaleInfoW GetLogicalProcessorInformation GetModuleFileNameW GetModuleHandleA GetModuleHandleExW GetModuleHandleW GetNativeSystemInfo GetNumaHighestNodeNumber GetOEMCP GetProcAddress GetProcessAffinityMask GetProcessHeap GetProcessId GetProcessTimes GetStartupInfoW GetStdHandle GetStringTypeW GetSystemDirectoryW GetSystemInfo GetSystemTimeAsFileTime GetTempPathW GetThreadId GetThreadPriority GetThreadTimes GetTickCount GetUserDefaultLCID GetVersionExW GetWindowsDirectoryW HeapAlloc HeapCreate HeapDestroy HeapFree HeapReAlloc HeapSetInformation HeapSize InitOnceExecuteOnce InitializeCriticalSectionAndSpinCount InitializeSListHead InitializeSRWLock InterlockedFlushSList InterlockedPopEntrySList InterlockedPushEntrySList IsDebuggerPresent IsProcessorFeaturePresent IsValidCodePage IsValidLocale LCMapStringW LeaveCriticalSection LoadLibraryExA LoadLibraryExW LoadLibraryW LocalFree MoveFileExW MultiByteToWideChar OpenProcess OutputDebugStringA OutputDebugStringW QueryDepthSList QueryPerformanceCounter QueryPerformanceFrequency QueryThreadCycleTime RaiseException ReadConsoleW ReadFile RegisterWaitForSingleObject ReleaseSRWLockExclusive ReleaseSRWLockShared ReleaseSemaphore RemoveDirectoryW ResetEvent RtlCaptureContext RtlCaptureStackBackTrace RtlLookupFunctionEntry RtlPcToFileHeader RtlUnwind RtlUnwindEx RtlVirtualUnwind SetEndOfFile SetEnvironmentVariableW SetEvent SetFileAttributesW SetFilePointer SetFilePointerEx SetFileTime SetHandleInformation SetLastError SetStdHandle SetThreadAffinityMask SetThreadPriority SetUnhandledExceptionFilter SignalObjectAndWait Sleep SwitchToThread SystemTimeToFileTime TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue TryAcquireSRWLockExclusive TryEnterCriticalSection TzSpecificLocalTimeToSystemTime UnhandledExceptionFilter UnregisterWait UnregisterWaitEx VirtualAlloc VirtualFree VirtualProtect VirtualQuery WaitForSingleObject WaitForSingleObjectEx WideCharToMultiByte WriteConsoleW WriteFile |
ole32.dll |
CoAddRefServerProcess
CoImpersonateClient CoInitializeEx CoInitializeSecurity CoRegisterClassObject CoReleaseServerProcess CoResumeClassObjects CoRevertToSelf CoRevokeClassObject CoTaskMemFree CoUninitialize IIDFromString |
SHELL32.dll |
CommandLineToArgvW
SHGetFolderPathW SHGetKnownFolderPath |
USERENV.dll |
CreateEnvironmentBlock
DestroyEnvironmentBlock |
USER32.dll |
AllowSetForegroundWindow
|
SHLWAPI.dll |
PathMatchSpecW
|
WINMM.dll |
timeGetTime
|
Ordinal | 1 |
---|---|
Address | 0x2fd30 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 74.0.3729.157 |
ProductVersion | 74.0.3729.157 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Google Inc. |
FileDescription | Google Chrome |
FileVersion (#2) | 74.0.3729.157 |
InternalName | elevation_service_exe |
LegalCopyright | Copyright 2018 Google Inc. All rights reserved. |
OriginalFilename | elevation_service.exe |
ProductName | Google Chrome |
ProductVersion (#2) | 74.0.3729.157 |
CompanyShortName | |
ProductShortName | Chrome |
LastChange | 7b16107ab85c5364cdcd0b2dea2539a1f2dc327a-refs/branch-heads/3729@{#998} |
Official Build | 1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-13 05:00:00 |
Version | 0.0 |
SizeofData | 50 |
AddressOfRawData | 0x118cf0 |
PointerToRawData | 0x117ef0 |
Referenced File | elevation_service.exe.pdb |
StartAddressOfRawData | 0x14013a000 |
---|---|
EndAddressOfRawData | 0x14013a018 |
AddressOfIndex | 0x140127e00 |
AddressOfCallbacks | 0x14011b5c8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x0000000140068B60
0x000000014007F270 |
Size | 0x100 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140124058 |
GuardCFCheckFunctionPointer | 5369987072 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |