Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Feb-12 23:08:01 |
Detected languages |
English - United States
|
Debug artifacts |
mini_installer.exe.pdb
|
CompanyName | Google LLC |
FileDescription | Google Chrome Installer |
FileVersion | 88.0.4324.182 |
InternalName | mini_installer |
LegalCopyright | Copyright 2020 Google LLC. All rights reserved. |
ProductName | Google Chrome Installer |
ProductVersion | 88.0.4324.182 |
CompanyShortName | |
ProductShortName | Chrome Installer |
LastChange | 73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202} |
Official Build | 1 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE is possibly a dropper. | Resources amount for 98.5251% of the executable. |
Info | The PE is digitally signed. |
Signer: Google LLC
Issuer: DigiCert SHA2 Assured ID Code Signing CA |
Safe | VirusTotal score: 0/68 (Scanned on 2021-02-22 18:11:55) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2021-Feb-12 23:08:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x3200 |
SizeOfInitializedData | 0x271800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001000 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x27b000 |
SizeOfHeaders | 0x400 |
Checksum | 0x283af3 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHELL32.dll |
CommandLineToArgvW
|
---|---|
KERNEL32.dll |
CloseHandle
CreateDirectoryW CreateFileW CreateProcessW DosDateTimeToFileTime DuplicateHandle EnumResourceNamesW ExitProcess ExpandEnvironmentStringsW FindResourceW FreeLibrary GetCommandLineW GetCurrentProcess GetEnvironmentVariableW GetExitCodeProcess GetFileAttributesW GetFileInformationByHandleEx GetLastError GetModuleFileNameW GetModuleHandleW GetProcAddress GetProcessHeap GetSystemInfo GetTempPathW GetVolumeInformationW GetVolumePathNameW HeapAlloc HeapFree LoadLibraryExA LoadLibraryExW LoadResource LocalAlloc LocalFileTimeToFileTime LocalFree LockResource MultiByteToWideChar RaiseException ReadFile SetFileInformationByHandle SetFilePointer SetLastError SetProcessWorkingSetSize SizeofResource Sleep VirtualProtect VirtualQuery WaitForSingleObject WideCharToMultiByte WriteFile lstrcmpiW lstrlenW |
ADVAPI32.dll (delay-loaded) |
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW GetTokenInformation OpenProcessToken RegCloseKey RegOpenKeyExW RegQueryValueExW RegSetValueExW SystemFunction036 |
Attributes | 0x1 |
---|---|
Name | ADVAPI32.dll |
ModuleHandle | 0x7010 |
DelayImportAddressTable | 0x7018 |
DelayImportNameTable | 0x5888 |
BoundDelayImportTable | 0 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 88.0.4324.182 |
ProductVersion | 88.0.4324.182 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Google LLC |
FileDescription | Google Chrome Installer |
FileVersion (#2) | 88.0.4324.182 |
InternalName | mini_installer |
LegalCopyright | Copyright 2020 Google LLC. All rights reserved. |
ProductName | Google Chrome Installer |
ProductVersion (#2) | 88.0.4324.182 |
CompanyShortName | |
ProductShortName | Chrome Installer |
LastChange | 73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202} |
Official Build | 1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Feb-12 23:08:01 |
Version | 0.0 |
SizeofData | 47 |
AddressOfRawData | 0x57dc |
PointerToRawData | 0x3ddc |
Referenced File | mini_installer.exe.pdb |
Size | 0x130 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140007008 |
GuardCFCheckFunctionPointer | 5368745984 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |