Manalyze report for c2fa619833be0fd0b37d9f44e2d3a7ee

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jul-26 21:07:50
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	C:\ungoogled-chromium\buildspace\tree\out\Default\chrome.exe.pdb
CompanyName	The Chromium Authors
FileDescription	Chromium
FileVersion	`67.0.3396.87`
InternalName	chrome_exe
LegalCopyright	Copyright 2017 The Chromium Authors. All rights reserved.
OriginalFilename	chrome.exe
ProductName	Chromium
ProductVersion	`67.0.3396.87`
CompanyShortName	The Chromium Authors
ProductShortName	Chromium
LastChange	878cd31214ac27a3996927cd5c9c138b10c9fc8d-refs/branch-heads/3396@{#771}
Official Build	1

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didat` `Unusual section name found: prot` `Unusual section name found: CPADinfo`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Code injection capabilities: CreateRemoteThread VirtualAllocEx WriteProcessMemory VirtualAlloc OpenProcess` `Code injection capabilities (mapping injection): CreateRemoteThread CreateFileMappingW MapViewOfFile` `Can access the registry: RegCreateKeyExW RegOpenKeyExW RegCloseKey RegQueryValueExW RegDeleteValueW RegSetValueExW` `Possibly launches other programs: CreateProcessAsUserW CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtectEx VirtualAlloc VirtualProtect` `Has Internet access capabilities: WinHttpReceiveResponse WinHttpWriteData WinHttpSendRequest WinHttpAddRequestHeaders WinHttpOpenRequest WinHttpConnect WinHttpCrackUrl WinHttpSetTimeouts WinHttpOpen WinHttpQueryHeaders WinHttpReadData WinHttpCloseHandle` `Functions related to the privilege level: OpenProcessToken DuplicateTokenEx DuplicateToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: ReadProcessMemory WriteProcessMemory OpenProcess` `Changes object ACLs: SetSecurityInfo SetKernelObjectSecurity`
Suspicious	VirusTotal score: 1/72 (Scanned on 2019-04-27 10:00:41)	`Trapmine: suspicious.low.ml.score`

Hashes

MD5	`c2fa619833be0fd0b37d9f44e2d3a7ee`
SHA1	`0ce6612d1b6c0922131a7566bd6f42e0c69d0a31`
SHA256	`4ef796a3d5b9f651ae59871bdb09082a7a6cca5dc350d49acb3039d2c6049ace`
SHA3	`522a067eba406742b0436ec011916f00a020552f75a16aaa14fce9c35882964f`
SSDeep	`24576:xm6X6rmJ6oVezkHm+bHLW/wj94cRE13SEaJTyvvhQ:xm6qCJ6o8kH/bHP9fNEaJT`
Imports Hash	`3704f90dd915e02d0a12e115499064cd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2018-Jul-26 21:07:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xf3400`
SizeOfInitializedData	`0x59400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000CEBA0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x152000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a26a700a1a88b85c4a9c35a97365fe87`
SHA1	`78e31050f397b51efcd1bb8af59a0620f46b715b`
SHA256	`2bd7681dd20eb345452c228e0eb22109b425a2c96ad466da9d42dc22cb149ec8`
SHA3	`d665b4cdab055df787712775ebec175001c232e48dd3bc1445c5827831463988`
VirtualSize	`0xf32bc`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf3400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39805`

.rdata

MD5	`6d64464ac9f5b7a6b560ecd3b9a92671`
SHA1	`8c1af4df07398bc48297fc9f0ed6ed987aa00db6`
SHA256	`ecbca84324cfe899e75f2c29daca73e3a77fe0f9392855edbc31de983a563997`
SHA3	`350303c76870afd19a6d9e46d36c7db9d035e090b610ca21382dbfa52ef0468b`
VirtualSize	`0x2e518`
VirtualAddress	`0xf5000`
SizeOfRawData	`0x2e600`
PointerToRawData	`0xf3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.70111`

.data

MD5	`0036b1d0be3432200424a4d48d2f4342`
SHA1	`6f571233b5fc4a7bc55eb765f74417cea33b7ae2`
SHA256	`0a03b5eba61e9d08cdc5503365baf7b6fc2dfe65f01d9df67a9221f1e74db888`
SHA3	`185d2f51be43abc8598eb7ac1ef4c041628df9dbe0da85d8d45389b2572e90f0`
VirtualSize	`0x6ea0`
VirtualAddress	`0x124000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x121e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.05918`

.pdata

MD5	`20f0441263091db95eb049f60367039e`
SHA1	`e050f6472ab6f56c19adc595e5ea1a69d336860f`
SHA256	`682867748599b897d4465911b9eeba7cc1d4625f6ba6c9bd8f7bb46e841f322b`
SHA3	`73b17c41e784c1b7c4e11949c85d969c177df8e5b6d05978f9d789b1506e01a2`
VirtualSize	`0x9eb8`
VirtualAddress	`0x12b000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x123e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.92608`

.didat

MD5	`e7ce90869ad3d087128ac8debbaaaf25`
SHA1	`6b783bd28aa0f5b66c58f570d634242d7da9db9f`
SHA256	`195ff06187148a838dc88b7b2984d18c9466be680d74bc16971978893e3af16f`
SHA3	`fd2876efdca54ef63255f22ed6a997f0c0d0229cf889619d08d415342096c764`
VirtualSize	`0x40`
VirtualAddress	`0x135000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.437887`

prot

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4`
VirtualAddress	`0x136000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

CPADinfo

MD5	`60d3ea61d541c9be2e845d2787fb9574`
SHA1	`a314e912df98dd680cdb9679390177a970ee9ac8`
SHA256	`911d1a12eca8935990172cfcd6768f9c6351ed94b700833b2cf0cf457a1d752d`
SHA3	`44f366ded1e40e29d2543686d5e4f2fc6daf379b056e4f94af32c16e9f6b2205`
VirtualSize	`0x38`
VirtualAddress	`0x137000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.122276`

.rsrc

MD5	`bf4b4854f97f4ddfef69a87cd4a7656e`
SHA1	`46b94194b44eb7e3c606ffeafc714460b84c5703`
SHA256	`ea48a15fe61e8a2c61143ed739a7d3a27a7ca83f92f3773c69e702fd2985f2e0`
SHA3	`26ac8ef9ce02532171b221c032f67c495c4f7bc612adbdc2e7d738ce141c40cb`
VirtualSize	`0x17b18`
VirtualAddress	`0x138000`
SizeOfRawData	`0x17c00`
PointerToRawData	`0x12e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.37369`

.reloc

MD5	`63ce37d5ecd07f138aa933c2ccb4363b`
SHA1	`a08b24318be619b5ba8b37bbfd9751d1ecd5a2f8`
SHA256	`d21fc52d41c492be92c5654ee11b9846702acae5ca383e7b8b3ff1e750c77541`
SHA3	`b4fa55113b5217f5e470db3afa0f23a21272d6882941e1fa7f65f7b9ac7e0c4f`
VirtualSize	`0x1b84`
VirtualAddress	`0x150000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x146000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42416`

Imports

chrome_elf.dll	`GetInstallDetailsPayload` `SignalChromeElf` `SignalInitializeCrashReporting`
ADVAPI32.dll	`GetNamedSecurityInfoW` `SetEntriesInAclW` `GetSecurityInfo` `InitializeSid` `RegCreateKeyExW` `RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW` `RegDeleteValueW` `RegSetValueExW` `OpenProcessToken` `GetTokenInformation` `ConvertSidToStringSidW` `CreateProcessAsUserW` `GetSidSubAuthority` `EventRegister` `EventUnregister` `EventWrite` `SystemFunction036` `RevertToSelf` `RegDisablePredefinedCache` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `GetSecurityDescriptorSacl` `SetSecurityInfo` `ConvertStringSidToSidW` `GetLengthSid` `SetTokenInformation` `GetAce` `SetKernelObjectSecurity` `GetKernelObjectSecurity` `DuplicateTokenEx` `FreeSid` `ImpersonateLoggedOnUser` `MapGenericMask` `ImpersonateNamedPipeClient` `IsValidSid` `EqualSid` `AccessCheck` `SetThreadToken` `CreateRestrictedToken` `DuplicateToken` `LookupPrivilegeValueW` `CopySid` `CreateWellKnownSid`
PSAPI.DLL	`QueryWorkingSetEx` `GetPerformanceInfo` `GetProcessMemoryInfo`
SHELL32.dll	`SHGetKnownFolderPath` `SHGetFolderPathW` `CommandLineToArgvW`
SHLWAPI.dll	`PathMatchSpecW`
USER32.dll	`CloseDesktop` `wsprintfW` `IsWindow` `SendMessageTimeoutW` `AllowSetForegroundWindow` `GetWindowThreadProcessId` `CreateWindowStationW` `GetThreadDesktop` `SetProcessWindowStation` `CreateDesktopW` `GetUserObjectInformationW` `RegisterClassW` `GetMessageW` `GetQueueStatus` `CloseWindowStation` `PostMessageW` `KillTimer` `UnregisterClassW` `SetProcessDPIAware` `DefWindowProcW` `SetWindowLongPtrW` `GetWindowLongPtrW` `FindWindowExW` `CreateWindowExW` `DestroyWindow` `RegisterClassExW` `DispatchMessageW` `TranslateMessage` `MsgWaitForMultipleObjectsEx` `PeekMessageW` `SetTimer` `GetProcessWindowStation`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
WINMM.dll	`timeBeginPeriod` `timeGetTime` `timeEndPeriod`
KERNEL32.dll	`GetFileInformationByHandleEx` `GetVersion` `SleepEx` `WriteConsoleW` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `GetOEMCP` `IsValidCodePage` `GetTimeZoneInformation` `EnumSystemLocalesW` `IsValidLocale` `ReadConsoleW` `GetACP` `GetConsoleMode` `GetConsoleCP` `SetStdHandle` `GetFullPathNameW` `ExitProcess` `GetDriveTypeW` `RtlPcToFileHeader` `RtlUnwindEx` `GetCPInfo` `LCMapStringW` `EncodePointer` `GetStringTypeW` `GetStartupInfoW` `InitializeSListHead` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `RtlCaptureContext` `WaitForSingleObjectEx` `SetEndOfFile` `LoadLibraryExA` `DebugBreak` `lstrlenW` `SearchPathW` `CreateMutexW` `CreateJobObjectW` `CreateRemoteThread` `VirtualFreeEx` `VirtualAllocEx` `ReadProcessMemory` `VirtualProtectEx` `SignalObjectAndWait` `GetProcessHeaps` `GetProcessHandleCount` `WriteProcessMemory` `ProcessIdToSessionId` `GetUserDefaultLCID` `TerminateJobObject` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `SetConsoleCtrlHandler` `InitOnceExecuteOnce` `GetFileType` `UnlockFileEx` `LockFileEx` `GetComputerNameExW` `OutputDebugStringW` `CompareStringW` `DecodePointer` `DeleteCriticalSection` `GetSystemDefaultLCID` `GetThreadLocale` `Wow64GetThreadContext` `ReleaseSemaphore` `CreateSemaphoreW` `VirtualQueryEx` `WaitNamedPipeW` `TransactNamedPipe` `SetNamedPipeHandleState` `IsWow64Process` `GetModuleFileNameW` `CreateEventW` `GetLastError` `SetLastError` `GetCurrentThreadId` `GetCurrentProcess` `DuplicateHandle` `GetProcessId` `WaitForSingleObject` `SetCurrentDirectoryW` `LoadLibraryExW` `GetProcAddress` `SetProcessShutdownParameters` `VirtualAlloc` `VirtualFree` `MultiByteToWideChar` `WideCharToMultiByte` `ReleaseSRWLockExclusive` `GetCommandLineW` `LocalFree` `GetThreadId` `GetModuleHandleA` `IsDebuggerPresent` `GetCurrentProcessId` `OpenProcess` `CloseHandle` `RtlCaptureStackBackTrace` `SetUnhandledExceptionFilter` `GetCurrentThread` `GetUserDefaultLangID` `CreateFileW` `FindNextFileW` `FindClose` `FindFirstFileExW` `GetFileAttributesW` `GetModuleHandleW` `WriteFile` `FlushFileBuffers` `GetTempPathW` `CreateDirectoryW` `SetFileAttributesW` `DeleteFileW` `RemoveDirectoryW` `MoveFileW` `ReplaceFileW` `GetLongPathNameW` `CreateFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `QueryDosDeviceW` `ReadFile` `GetCurrentDirectoryW` `SetFilePointerEx` `GetFileSizeEx` `InitializeCriticalSectionAndSpinCount` `GetFileInformationByHandle` `VirtualQuery` `VirtualProtect` `GetModuleHandleExW` `TryAcquireSRWLockExclusive` `AcquireSRWLockExclusive` `SetEvent` `ResetEvent` `CreateNamedPipeW` `ConnectNamedPipe` `PeekNamedPipe` `SuspendThread` `GetThreadContext` `ResumeThread` `TlsGetValue` `RaiseException` `Sleep` `CreateThread` `SetThreadPriority` `GetThreadPriority` `TlsSetValue` `TlsAlloc` `TlsFree` `LoadLibraryW` `GetLocaleInfoW` `FreeLibrary` `UnregisterWaitEx` `RegisterWaitForSingleObject` `ExpandEnvironmentStringsW` `GetVersionExW` `GetNativeSystemInfo` `GetSystemDirectoryW` `GetWindowsDirectoryW` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `HeapCreate` `HeapDestroy` `HeapAlloc` `HeapReAlloc` `HeapFree` `HeapSize` `SwitchToThread` `GetSystemTimeAsFileTime` `QueryPerformanceFrequency` `QueryPerformanceCounter` `QueryThreadCycleTime` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `CreateIoCompletionPort` `PostQueuedCompletionStatus` `SetInformationJobObject` `GetQueuedCompletionStatus` `FlushViewOfFile` `TerminateProcess` `GetExitCodeProcess` `GetTickCount` `SetHandleInformation` `CreateProcessW` `AssignProcessToJobObject` `GetStdHandle` `HeapSetInformation` `GetProcessTimes` `GetSystemInfo` `GetLocalTime` `FormatMessageA` `OutputDebugStringA` `DisconnectNamedPipe`
WINHTTP.dll	`WinHttpReceiveResponse` `WinHttpWriteData` `WinHttpSendRequest` `WinHttpAddRequestHeaders` `WinHttpOpenRequest` `WinHttpConnect` `WinHttpCrackUrl` `WinHttpSetTimeouts` `WinHttpOpen` `WinHttpQueryHeaders` `WinHttpReadData` `WinHttpCloseHandle`
dbghelp.dll (delay-loaded)	`MiniDumpWriteDump`

Delayed Imports

Attributes	`0x1`
Name	`dbghelp.dll`
ModuleHandle	`0x128d20`
DelayImportAddressTable	`0x135010`
DelayImportNameTable	`0x121170`
BoundDelayImportTable	`0x121208`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

GetHandleVerifier

Ordinal	`1`
Address	`0x2fb50`

IsSandboxedProcess

Ordinal	`2`
Address	`0x734c0`

1

Type	`GOOGLEUPDATEAPPLICATIONCOMMANDS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.811278`
MD5	`4352d88a78aa39750bf70cd6f27bcaa5`
SHA1	`3c585604e87f855973731fea83e21fab9392d2fc`
SHA256	`67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450`
SHA3	`295cd1698c6ac5bd804a09e50f19f8549475e52db1c6ebd441ed0c7b256e1ddf`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5eaf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97957`
Detected Filetype	PNG graphic file
MD5	`e78f4b5600d9558dacb0c02c976558a2`
SHA1	`29d974ae00c134a973053428799c6c29942ff7f2`
SHA256	`981397b128ec6d563bcc477026d9bca65590ad8e31c6980b4e90d02335093751`
SHA3	`f1c89b2e3268ecd747fad142f3deb3eb3b1fd9d197d530b3a8422b5e2f441279`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00073`
MD5	`8adc848039023b0b4afd7018aa80d944`
SHA1	`89b86d9c614cb38b0b62536aada2f10e2d2a1e44`
SHA256	`6e5450bccc276cb8749b5a9d1769c3aefd470c549407164d1088bac962b71c4d`
SHA3	`ae38955e35f192f52bbc07cb232c44292464647f60ece7b379eeb0acec08e5aa`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70631`
MD5	`92d08240e8f7bddde55c1a0e88d41828`
SHA1	`c3972a86826046a037f7e93c5c661e961fc6ad25`
SHA256	`d850faa182a56f0628267e0026b772fd3ffb69aa153e33d374f15f109f57c538`
SHA3	`7a99b6a71ba0d4227d68779ea7b5bc51f3136e160459d368070a5b3e567eb890`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88121`
MD5	`a30fe6c043dd225bbf21238b179bfcd6`
SHA1	`96ef34a90d8ce568d796e0c3bfec5c2f0e2da9d7`
SHA256	`559cd90f0cefdc95d0b0406f3d76fad0a3c3e843d25f9d555f7af3fb298eef9e`
SHA3	`c25c0fa9164ebd0af8b8649e09a55ea0f75121ce058329b418ea6e736c21a583`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.97203`
MD5	`08cd660ddf1b47d1b2670acd8906986b`
SHA1	`13763c21eab73533fb971191583e2970dedd1ecc`
SHA256	`da80fbbcab7638b1dfb3d449f4f5ccf0fec1043918689c18f07ffc7ec2178ce6`
SHA3	`7d56294d294c00e78af675081a88f851369259f543cd8e19fb408c6cb19d10e1`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0507`
MD5	`1dfbe1fb32e9b30c64fe5a9b99e806ac`
SHA1	`a672ffafa0ce29237bac0e0239c4798b1bbd8ab5`
SHA256	`8b9b9561aad49712b31b2a552bdd5242e31640aadc5fca239d0b907ad211f546`
SHA3	`c78d5bdd15aa497523efc11c8fc161def9b73b1446234b00d246b1771d9ba8f0`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32465`
MD5	`8d2a66dfbe315debdf6df9475fab9cf1`
SHA1	`944a29020dc8f6fcd2e72de47bec6714a2346c2b`
SHA256	`6abc1db0fc739be6e0f79d64febe2c3f93851b500cc68a67a3a6d917b41931ec`
SHA3	`8361eb977447ebabb28023a0f241c7d5dd64d3abab3e2227276b341eb769e2b1`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05163`
MD5	`1d631f6d8fa19398d2df5863be341a2c`
SHA1	`97243c848ad1a29da52855996d88fbdb092ef48f`
SHA256	`7abae35099733d994c7168b58edf433d9a87096ffacdbee04cacc5a05dd84909`
SHA3	`d6fbfd69d2f15297c09308bc2fc122cb08b379927f53cbf30c5974c6f62067a9`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36687`
MD5	`f5a0e41bc60f9722f17d2eec66a72996`
SHA1	`db94b2c361fd617c8ef978dc1e4e5f71e0538d7c`
SHA256	`110d31262fc1d5c2a33c27059c94469b6fb4f7e4e16a91572c0492795c3f21b7`
SHA3	`2c2652334d23ef6e09283055ceb3997751854a44b3907deca030491f4fd46f59`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32943`
MD5	`faaa6b184f0de776b3694d7333bb7dd3`
SHA1	`821091dda1f7b14e9d84a2114021773366aead18`
SHA256	`a8589c4aab8ed377a9602ef5bf3b6565e45a3357911efd6048f38a56b0a102c7`
SHA3	`3f0f8f6b4531727f1e8196654de4352ba230b90a335a6b5f621bbca551d72e9d`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.26175`
Detected Filetype	PNG graphic file
MD5	`44ecf3fd91cf33cfb4535bb2ea59e27a`
SHA1	`3090f24b36ec71739d9820d550aa3f4eed8e52e9`
SHA256	`977990ecb2a3a7bf7ef2edea2c484b538b73476eb46722791fb8591d19bcda4a`
SHA3	`b339de91d44a8b0b0dddcc8b659a82533fc85134b67ad2e7a6c70e9a13577924`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32779`
MD5	`d790cb9b9086f45ea53fec385891355d`
SHA1	`20e3548d16dbba68b8f322a1c4f7086e38110d10`
SHA256	`18621604c0b5f4229416994b569e2afda775a608e1759d5ba7082a31458e1169`
SHA3	`b14e2bb5e8953ae807c2ec3b726942eb2ead7890772fdf6a410a8c9a71e81915`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21995`
MD5	`7ab8c3240114b0f7ebc42c5c489060f6`
SHA1	`0de249b988a94d3374bbf9eb3585f00ace2e5499`
SHA256	`f5feb3ba96da36d90fb879e6f1af274a1c5f6fd4ba68332b1c25d97c6508d062`
SHA3	`def1c08500690c2ea7b272685c0a594f8ca5bf9865055bfb9c488d12a6955dfe`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65783`
MD5	`d720ab3b897affd8516a5c73e9020b19`
SHA1	`36e5ac25f4b4f4b869d109c0072da7f6f1fd03c2`
SHA256	`f269848277f345c8fc62634f14c012bc8ee1afa4887e8819228e99c6915bbdf3`
SHA3	`c946f83fcb2547d27caf0a1adff84c375349fd416f64281d3fb2653a224affa0`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70621`
MD5	`7a8fd82c16489f1ed6e5cdc5dc38c815`
SHA1	`595b39dc0c92b6e3943ea918a213cec58503daf4`
SHA256	`9260d8b6f0fd7fc00e9a960db1b1283180efd59049be2c8867a4e660b1ff0123`
SHA3	`2eec2ac06df13fa72c5317fe2f7e049cddea95363b53620674c73c866a7f8d52`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1234`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.90997`
MD5	`11921cfff61b5877c53bb37c86b6d09c`
SHA1	`3800127e39a03ea9b2a9f79538d40227ef4d0c89`
SHA256	`c714566bd8b7f0be360e68950a5615a2fb365d53b14ea7c2812f23c458497799`
SHA3	`0e2df531413bcc400f2f42179d34b093d3229754f3ee9d7c982faacd2f766e18`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.72497`
MD5	`0e559d7f5897727c98dfdd1e6c3631e7`
SHA1	`fcd9803592250e14d186e9c8fd0f094e7debfdf0`
SHA256	`6e6dd7cc3df380721e4678fb1825b982df22a4dc058091634e733c33f3543b1f`
SHA3	`54cc4d475eb6e3066dda379e7ce197dad0d994522cc58d68673a5707d4aa46cf`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x184b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91162`
Detected Filetype	PNG graphic file
MD5	`e3e595605f7ba7a83a424e5698b342b4`
SHA1	`b7cf89a883818649ffeab77f323b07808b1b717e`
SHA256	`05de73b49e62f848770d877a92a4a920e2ef6812538b84ab3a3255ee89bf3666`
SHA3	`0a0834c7fc8c9270e4ef414eb9095219a154fefc631b38f811eb7639a46a3aec`

IDR_MAINFRAME

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`16dcee74800eeea7d9ae7bd4490d4328`
SHA1	`201cebc189fda352b57fd46da4c2e5dd19cb119e`
SHA256	`75b5242be9637c32ac84dfec526b00e69cd8585b0d82c0f688c8632b3e9be5f6`
SHA3	`7c24e348f16e1076bc01692ed81770065bc9775e773ad9d46cddcb5b8a8a18f7`

IDR_X001_APP_LIST

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74665`
Detected Filetype	Icon file
MD5	`69590c402866fba3f21839c1cc550427`
SHA1	`6339327b147004d2ba100bc5623c68061744ab1b`
SHA256	`d7f3662969a93e7b22aab51222b1b10a54fdd5f53b7975b94947bce2ba044ec4`
SHA3	`fa2c85ae72f67c19734d7a8534af7f950ae24c42bcc3aa52d7d26780e286d6f7`

IDR_X003_INCOGNITO

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68672`
Detected Filetype	Icon file
MD5	`a400995690e99d45e2e7e9babe75c24c`
SHA1	`5e9093acb4477fb2088f326d7c4928409e8cff96`
SHA256	`71906c0048df8ede2056b81e473360c366e7552337d0385ad11af55e1574d9d5`
SHA3	`8f832c83fa479596486934306b8f08d91004c1d7440c4a6305414fe623bbc10f`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52503`
MD5	`a138afade1b7628ed6411d1bd1a23fcb`
SHA1	`f71af38086e48a59e973db1d3e07aeecfebbb4c7`
SHA256	`4d54da808f6cb5b8196b59c2ac4a54e3517b59679469961b797bc22da49d5101`
SHA3	`09e0ea79380441066b3ac52c499608297323b8150e8ece346b4a48916df3df76`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4d6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31251`
MD5	`c53295767029586836fa986eb7558247`
SHA1	`a13c45c54a6b49b1837ae9bbc17a3fdfefc0c107`
SHA256	`6ab2623575d17c2c2d44f933990cb19c60fe1615104bab1735af64c1282fea04`
SHA3	`e4825985499506b88985ff420e38e92e5005fd4098db88a608d22f1b8281c89d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	67.0.3396.87
ProductVersion	67.0.3396.87
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	The Chromium Authors
FileDescription	Chromium
FileVersion (#2)	67.0.3396.87
InternalName	chrome_exe
LegalCopyright	Copyright 2017 The Chromium Authors. All rights reserved.
OriginalFilename	chrome.exe
ProductName	Chromium
ProductVersion (#2)	67.0.3396.87
CompanyShortName	The Chromium Authors
ProductShortName	Chromium
LastChange	878cd31214ac27a3996927cd5c9c138b10c9fc8d-refs/branch-heads/3396@{#771}
Official Build	1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Jul-26 21:07:50
Version	`0.0`
SizeofData	`89`
AddressOfRawData	`0x11c824`
PointerToRawData	`0x11b024`
Referenced File	C:\ungoogled-chromium\buildspace\tree\out\Default\chrome.exe.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Jul-26 21:07:50
Version	`0.0`
SizeofData	`1176`
AddressOfRawData	`0x11c880`
PointerToRawData	`0x11b080`

TLS Callbacks

StartAddressOfRawData	`0x14011cd38`
EndAddressOfRawData	`0x14011cd58`
AddressOfIndex	`0x140128d68`
AddressOfCallbacks	`0x1400f5ab0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x000000014002D190`

Load Configuration

Size	`0x70`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0x200000`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140124d68`
GuardCFCheckFunctionPointer	`0`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xe13dd844`
Unmarked objects	`0`
C objects (24610)	`21`
ASM objects (24610)	`15`
C++ objects (24610)	`181`
199 (41118)	`4`
ASM objects (VS2015/2017 runtime 25810)	`10`
C objects (VS2015/2017 runtime 25810)	`36`
C++ objects (VS2015/2017 runtime 25810)	`69`
263 (24610)	`1`
262 (24610)	`5`
Imports (24610)	`28`
ASM objects (VS2017 v15.5 compiler 25830)	`1`
Imports (VS2017 v15.5 compiler 25830)	`3`
Total imports	`470`
Unmarked objects (#2)	`303`
Exports (VS2017 v15.5 compiler 25830)	`1`
Resource objects (VS2017 v15.5 compiler 25830)	`1`
151	`2`
Linker (VS2017 v15.5 compiler 25830)	`1`

c2fa619833be0fd0b37d9f44e2d3a7ee

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

prot

CPADinfo

.rsrc

.reloc

Imports

Delayed Imports

GetHandleVerifier

IsSandboxedProcess

1

1 (#2)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

IDR_MAINFRAME

IDR_X001_APP_LIST

IDR_X003_INCOGNITO

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors