Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Jul-26 21:07:50 |
Detected languages |
English - United States
|
TLS Callbacks | 1 callback(s) detected. |
Debug artifacts |
C:\ungoogled-chromium\buildspace\tree\out\Default\chrome.exe.pdb
|
CompanyName | The Chromium Authors |
FileDescription | Chromium |
FileVersion | 67.0.3396.87 |
InternalName | chrome_exe |
LegalCopyright | Copyright 2017 The Chromium Authors. All rights reserved. |
OriginalFilename | chrome.exe |
ProductName | Chromium |
ProductVersion | 67.0.3396.87 |
CompanyShortName | The Chromium Authors |
ProductShortName | Chromium |
LastChange | 878cd31214ac27a3996927cd5c9c138b10c9fc8d-refs/branch-heads/3396@{#771} |
Official Build | 1 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .didat
Unusual section name found: prot Unusual section name found: CPADinfo |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | VirusTotal score: 1/72 (Scanned on 2019-04-27 10:00:41) | Trapmine: suspicious.low.ml.score |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x138 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 9 |
TimeDateStamp | 2018-Jul-26 21:07:50 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xf3400 |
SizeOfInitializedData | 0x59400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000CEBA0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x152000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
chrome_elf.dll |
GetInstallDetailsPayload
SignalChromeElf SignalInitializeCrashReporting |
---|---|
ADVAPI32.dll |
GetNamedSecurityInfoW
SetEntriesInAclW GetSecurityInfo InitializeSid RegCreateKeyExW RegOpenKeyExW RegCloseKey RegQueryValueExW RegDeleteValueW RegSetValueExW OpenProcessToken GetTokenInformation ConvertSidToStringSidW CreateProcessAsUserW GetSidSubAuthority EventRegister EventUnregister EventWrite SystemFunction036 RevertToSelf RegDisablePredefinedCache ConvertStringSecurityDescriptorToSecurityDescriptorW GetSecurityDescriptorSacl SetSecurityInfo ConvertStringSidToSidW GetLengthSid SetTokenInformation GetAce SetKernelObjectSecurity GetKernelObjectSecurity DuplicateTokenEx FreeSid ImpersonateLoggedOnUser MapGenericMask ImpersonateNamedPipeClient IsValidSid EqualSid AccessCheck SetThreadToken CreateRestrictedToken DuplicateToken LookupPrivilegeValueW CopySid CreateWellKnownSid |
PSAPI.DLL |
QueryWorkingSetEx
GetPerformanceInfo GetProcessMemoryInfo |
SHELL32.dll |
SHGetKnownFolderPath
SHGetFolderPathW CommandLineToArgvW |
SHLWAPI.dll |
PathMatchSpecW
|
USER32.dll |
CloseDesktop
wsprintfW IsWindow SendMessageTimeoutW AllowSetForegroundWindow GetWindowThreadProcessId CreateWindowStationW GetThreadDesktop SetProcessWindowStation CreateDesktopW GetUserObjectInformationW RegisterClassW GetMessageW GetQueueStatus CloseWindowStation PostMessageW KillTimer UnregisterClassW SetProcessDPIAware DefWindowProcW SetWindowLongPtrW GetWindowLongPtrW FindWindowExW CreateWindowExW DestroyWindow RegisterClassExW DispatchMessageW TranslateMessage MsgWaitForMultipleObjectsEx PeekMessageW SetTimer GetProcessWindowStation |
VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueW |
WINMM.dll |
timeBeginPeriod
timeGetTime timeEndPeriod |
KERNEL32.dll |
GetFileInformationByHandleEx
GetVersion SleepEx WriteConsoleW SetEnvironmentVariableA FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineA GetOEMCP IsValidCodePage GetTimeZoneInformation EnumSystemLocalesW IsValidLocale ReadConsoleW GetACP GetConsoleMode GetConsoleCP SetStdHandle GetFullPathNameW ExitProcess GetDriveTypeW RtlPcToFileHeader RtlUnwindEx GetCPInfo LCMapStringW EncodePointer GetStringTypeW GetStartupInfoW InitializeSListHead IsProcessorFeaturePresent UnhandledExceptionFilter RtlCaptureContext WaitForSingleObjectEx SetEndOfFile LoadLibraryExA DebugBreak lstrlenW SearchPathW CreateMutexW CreateJobObjectW CreateRemoteThread VirtualFreeEx VirtualAllocEx ReadProcessMemory VirtualProtectEx SignalObjectAndWait GetProcessHeaps GetProcessHandleCount WriteProcessMemory ProcessIdToSessionId GetUserDefaultLCID TerminateJobObject LeaveCriticalSection EnterCriticalSection InitializeCriticalSection SetConsoleCtrlHandler InitOnceExecuteOnce GetFileType UnlockFileEx LockFileEx GetComputerNameExW OutputDebugStringW CompareStringW DecodePointer DeleteCriticalSection GetSystemDefaultLCID GetThreadLocale Wow64GetThreadContext ReleaseSemaphore CreateSemaphoreW VirtualQueryEx WaitNamedPipeW TransactNamedPipe SetNamedPipeHandleState IsWow64Process GetModuleFileNameW CreateEventW GetLastError SetLastError GetCurrentThreadId GetCurrentProcess DuplicateHandle GetProcessId WaitForSingleObject SetCurrentDirectoryW LoadLibraryExW GetProcAddress SetProcessShutdownParameters VirtualAlloc VirtualFree MultiByteToWideChar WideCharToMultiByte ReleaseSRWLockExclusive GetCommandLineW LocalFree GetThreadId GetModuleHandleA IsDebuggerPresent GetCurrentProcessId OpenProcess CloseHandle RtlCaptureStackBackTrace SetUnhandledExceptionFilter GetCurrentThread GetUserDefaultLangID CreateFileW FindNextFileW FindClose FindFirstFileExW GetFileAttributesW GetModuleHandleW WriteFile FlushFileBuffers GetTempPathW CreateDirectoryW SetFileAttributesW DeleteFileW RemoveDirectoryW MoveFileW ReplaceFileW GetLongPathNameW CreateFileMappingW MapViewOfFile UnmapViewOfFile QueryDosDeviceW ReadFile GetCurrentDirectoryW SetFilePointerEx GetFileSizeEx InitializeCriticalSectionAndSpinCount GetFileInformationByHandle VirtualQuery VirtualProtect GetModuleHandleExW TryAcquireSRWLockExclusive AcquireSRWLockExclusive SetEvent ResetEvent CreateNamedPipeW ConnectNamedPipe PeekNamedPipe SuspendThread GetThreadContext ResumeThread TlsGetValue RaiseException Sleep CreateThread SetThreadPriority GetThreadPriority TlsSetValue TlsAlloc TlsFree LoadLibraryW GetLocaleInfoW FreeLibrary UnregisterWaitEx RegisterWaitForSingleObject ExpandEnvironmentStringsW GetVersionExW GetNativeSystemInfo GetSystemDirectoryW GetWindowsDirectoryW FileTimeToSystemTime SystemTimeToTzSpecificLocalTime HeapCreate HeapDestroy HeapAlloc HeapReAlloc HeapFree HeapSize SwitchToThread GetSystemTimeAsFileTime QueryPerformanceFrequency QueryPerformanceCounter QueryThreadCycleTime RtlLookupFunctionEntry RtlVirtualUnwind CreateIoCompletionPort PostQueuedCompletionStatus SetInformationJobObject GetQueuedCompletionStatus FlushViewOfFile TerminateProcess GetExitCodeProcess GetTickCount SetHandleInformation CreateProcessW AssignProcessToJobObject GetStdHandle HeapSetInformation GetProcessTimes GetSystemInfo GetLocalTime FormatMessageA OutputDebugStringA DisconnectNamedPipe |
WINHTTP.dll |
WinHttpReceiveResponse
WinHttpWriteData WinHttpSendRequest WinHttpAddRequestHeaders WinHttpOpenRequest WinHttpConnect WinHttpCrackUrl WinHttpSetTimeouts WinHttpOpen WinHttpQueryHeaders WinHttpReadData WinHttpCloseHandle |
dbghelp.dll (delay-loaded) |
MiniDumpWriteDump
|
Attributes | 0x1 |
---|---|
Name | dbghelp.dll |
ModuleHandle | 0x128d20 |
DelayImportAddressTable | 0x135010 |
DelayImportNameTable | 0x121170 |
BoundDelayImportTable | 0x121208 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Ordinal | 1 |
---|---|
Address | 0x2fb50 |
Ordinal | 2 |
---|---|
Address | 0x734c0 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 67.0.3396.87 |
ProductVersion | 67.0.3396.87 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | The Chromium Authors |
FileDescription | Chromium |
FileVersion (#2) | 67.0.3396.87 |
InternalName | chrome_exe |
LegalCopyright | Copyright 2017 The Chromium Authors. All rights reserved. |
OriginalFilename | chrome.exe |
ProductName | Chromium |
ProductVersion (#2) | 67.0.3396.87 |
CompanyShortName | The Chromium Authors |
ProductShortName | Chromium |
LastChange | 878cd31214ac27a3996927cd5c9c138b10c9fc8d-refs/branch-heads/3396@{#771} |
Official Build | 1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Jul-26 21:07:50 |
Version | 0.0 |
SizeofData | 89 |
AddressOfRawData | 0x11c824 |
PointerToRawData | 0x11b024 |
Referenced File | C:\ungoogled-chromium\buildspace\tree\out\Default\chrome.exe.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Jul-26 21:07:50 |
Version | 0.0 |
SizeofData | 1176 |
AddressOfRawData | 0x11c880 |
PointerToRawData | 0x11b080 |
StartAddressOfRawData | 0x14011cd38 |
---|---|
EndAddressOfRawData | 0x14011cd58 |
AddressOfIndex | 0x140128d68 |
AddressOfCallbacks | 0x1400f5ab0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks |
0x000000014002D190
|
Size | 0x70 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0x200000 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140124d68 |
GuardCFCheckFunctionPointer | 0 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xe13dd844 |
---|---|
Unmarked objects | 0 |
C objects (24610) | 21 |
ASM objects (24610) | 15 |
C++ objects (24610) | 181 |
199 (41118) | 4 |
ASM objects (VS2015/2017 runtime 25810) | 10 |
C objects (VS2015/2017 runtime 25810) | 36 |
C++ objects (VS2015/2017 runtime 25810) | 69 |
263 (24610) | 1 |
262 (24610) | 5 |
Imports (24610) | 28 |
ASM objects (VS2017 v15.5 compiler 25830) | 1 |
Imports (VS2017 v15.5 compiler 25830) | 3 |
Total imports | 470 |
Unmarked objects (#2) | 303 |
Exports (VS2017 v15.5 compiler 25830) | 1 |
Resource objects (VS2017 v15.5 compiler 25830) | 1 |
151 | 2 |
Linker (VS2017 v15.5 compiler 25830) | 1 |