Manalyze report for fc2cbf1afe7b033360dc0afa662e0e67

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Feb-12 23:08:01
Detected languages	English - United States
Debug artifacts	mini_installer.exe.pdb
CompanyName	Google LLC
FileDescription	Google Chrome Installer
FileVersion	`88.0.4324.182`
InternalName	mini_installer
LegalCopyright	Copyright 2020 Google LLC. All rights reserved.
ProductName	Google Chrome Installer
ProductVersion	`88.0.4324.182`
CompanyShortName	Google
ProductShortName	Chrome Installer
LastChange	73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202}
Official Build	1

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW` `Can access the registry: RegCloseKey RegOpenKeyExW RegQueryValueExW RegSetValueExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 98.5251% of the executable.`
Info	The PE is digitally signed.	`Signer: Google LLC` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Safe	VirusTotal score: 0/68 (Scanned on 2021-02-22 18:11:55)	`All the AVs think this file is safe.`

Hashes

MD5	`fc2cbf1afe7b033360dc0afa662e0e67`
SHA1	`eb6cb3d314df343a4a3564d1253d3545deb1af38`
SHA256	`0672edfad6dbbc6b8c419670f693e6e2293241c8628b31837791dff88f997d26`
SHA3	`99ca5951d8f109b189a705008e928c48553d8179227317e19ae29b3fe77215ca`
SSDeep	`49152:qAXGTRgEpiCCfM7z73uWqYzhAxWK96eiUhOL5q6ahgb:qAX7Cz7z7uAhAxWK9niR5q6cgb`
Imports Hash	`accbac0267bff841c2da968404a9cf5e`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Feb-12 23:08:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3200`
SizeOfInitializedData	`0x271800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001000 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x27b000`
SizeOfHeaders	`0x400`
Checksum	`0x283af3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6a67c4337ade48181ee74948e058bfbd`
SHA1	`86b322ad3147bd18070b5953e763c5a24a2c58dc`
SHA256	`10b45397976e0c321f353f118670aa091b49221f366ccba64b6ac7a2a8a36d6e`
SHA3	`7f7b9f2d0b97fdbad0e4a575088ffd75c0b6e91ea98f16fc0598e484ec1ed1e1`
VirtualSize	`0x31c5`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.10048`

.rdata

MD5	`99b8c3cc435af301cb7c65e8346d4ac6`
SHA1	`c3e220a0a41b86c93627ea8e69b25410fbdc04d3`
SHA256	`b32f66c4536d56ab733866830637f85083a4e2955ba026b1fa66db7ddbb7d83c`
SHA3	`4569616478cfcca91f490bb1c9f4016607628d210391776d7dce383de0021d43`
VirtualSize	`0x1374`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.31765`

.data

MD5	`71537fa5cc10e55469f1d7633bf25a1e`
SHA1	`1d9f0dc4523dbdf0f349cc051be3aa13b11f281f`
SHA256	`f3ce0c9aeb0cdf1a6022e4ac39234ab99d60b7b0aeadfa5a67dcdfe71335319d`
SHA3	`52f2ecdcfc818a55742ace69cb8a7f172f96040acd59640839963eaba0633b5e`
VirtualSize	`0xc4`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.837703`

.pdata

MD5	`feca932bfb9f66ffb22ed777f6d9c81e`
SHA1	`9d9fc1c14e3a0e9cf110841a48d72384574a083c`
SHA256	`b8ae72f6fcd56266e718e5c14a189a511a033c1803ca9bc709cf74fb828d12a9`
SHA3	`23a5157ddcb229d81b42ef314f588db151262695ea318081f73d11a1e65a5912`
VirtualSize	`0x264`
VirtualAddress	`0x8000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.65871`

.00cfg

MD5	`5d3993602ddec443cc20e6db0b4c0307`
SHA1	`1ceafa14c66226c661469c7362be1442f4da5440`
SHA256	`6f859ad0391b749df1d431e1e44a0d6d927ee27b8289de599721ef4626935cf9`
SHA3	`52a927eeeeb8d589cd17eb893d5fb8c0193e34af7199365a458d34b818074231`
VirtualSize	`0x28`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.311433`

.rsrc

MD5	`5858250f26786389f8a506dfdc6481be`
SHA1	`286d7d73bad8955e07eeb74ada89fc3ab8905786`
SHA256	`df85f4ba38f97ff307dd783db6e2a11b93d4d2a04f2e90c7699c71fc762475e9`
SHA3	`eee3076e6a345c560476614fdb73c4b23c5524042e762093454151c7315880f0`
VirtualSize	`0x26f884`
VirtualAddress	`0xa000`
SizeOfRawData	`0x26fa00`
PointerToRawData	`0x5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99985`

.reloc

MD5	`c05f9c738c09d573e5ead9b4b5136f86`
SHA1	`8b4b4d22807ad54f1808ad8b8ebae36dcdaf327c`
SHA256	`c805109c28e5bcfe545ac728a4d18625f18f0393a9cc93d20e1de555fc69bdbc`
SHA3	`cc076c88407e2f62ac7a52c08121c61e140c244911e2ae9158dde191ab6358eb`
VirtualSize	`0x48`
VirtualAddress	`0x27a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x274c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.775735`

Imports

SHELL32.dll	`CommandLineToArgvW`
KERNEL32.dll	`CloseHandle` `CreateDirectoryW` `CreateFileW` `CreateProcessW` `DosDateTimeToFileTime` `DuplicateHandle` `EnumResourceNamesW` `ExitProcess` `ExpandEnvironmentStringsW` `FindResourceW` `FreeLibrary` `GetCommandLineW` `GetCurrentProcess` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandleEx` `GetLastError` `GetModuleFileNameW` `GetModuleHandleW` `GetProcAddress` `GetProcessHeap` `GetSystemInfo` `GetTempPathW` `GetVolumeInformationW` `GetVolumePathNameW` `HeapAlloc` `HeapFree` `LoadLibraryExA` `LoadLibraryExW` `LoadResource` `LocalAlloc` `LocalFileTimeToFileTime` `LocalFree` `LockResource` `MultiByteToWideChar` `RaiseException` `ReadFile` `SetFileInformationByHandle` `SetFilePointer` `SetLastError` `SetProcessWorkingSetSize` `SizeofResource` `Sleep` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `lstrcmpiW` `lstrlenW`
ADVAPI32.dll (delay-loaded)	`ConvertSidToStringSidW` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `GetTokenInformation` `OpenProcessToken` `RegCloseKey` `RegOpenKeyExW` `RegQueryValueExW` `RegSetValueExW` `SystemFunction036`

Delayed Imports

Attributes	`0x1`
Name	`ADVAPI32.dll`
ModuleHandle	`0x7010`
DelayImportAddressTable	`0x7018`
DelayImportNameTable	`0x5888`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

CHROME_PATCH.PACKED.7Z

Type	`B7`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26e40e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99993`
Detected Filetype	7-Zip compressed file
MD5	`3317ec7c3bae0f17b4d6364754df916a`
SHA1	`d3187e7420c890271ab5fa086c3654b1dcd70145`
SHA256	`1b7db544ff4c9d49499786db686d6b24b1aad2cbbd6fdd9b316f3c3c0493ff46`
SHA3	`30d1a991620d8f7ae64ef19aa6d776232bdebc11092a45bea18fde3b0b112f5a`

SETUP_PATCH.PACKED.7Z

Type	`B7`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76191`
Detected Filetype	7-Zip compressed file
MD5	`e1a3f99cbecbc31783fbd1f9bd917ea4`
SHA1	`860d89aa1c6faa7b891f82771d2570f971dba664`
SHA256	`744ccb496c4564786d0bc6883a7b36d5f7528e917082757e133999856d092982`
SHA3	`9015e61db44cadfc34eefb4365497ba96b0eb43fcd8e8927452291d5ba951ea6`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47987`
MD5	`b1feab05237beb3558dc3da814a3af98`
SHA1	`21cf68edd62bd20434948dc1afe8edad0e90f737`
SHA256	`eaf94684ccce3349c11cbc32ba6e31aac91727b454d72d17611d3c1f8ceda3c0`
SHA3	`3f7bd6b6f5432a39652c70a6ba7a102204af2b7724307402663ecaf460209ec1`

1 (#2)

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33027`
MD5	`a450f65eb0b13de6f54b8ffd6ac79ed2`
SHA1	`8bed59a17cbee787dee2b5b23d3e4de56f83c74e`
SHA256	`2ddc6845921738fda743417d82223029b0c12a649820614478b6a418f612b204`
SHA3	`462d350271741faab414cc4a37252e5223510a3fce0d81cefe3d6b8cb0ac47de`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x454`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55722`
MD5	`f7738f37b223b1c0a97e5ed60827ec8a`
SHA1	`820175fb3cc527e26779e8b4cf61b683a530af66`
SHA256	`c508c6c53b81bb25ebf67716245ef77c9568068e5cce77d560486b526f9203cb`
SHA3	`c077ba3db3e893fd52e9b6577e075b26c62d9cd327dccc8f64a81b460b0cc64f`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33361`
MD5	`fa140205692392be88038eaba9ca7910`
SHA1	`4ede0ea94437564dc9b1d1d989e3116e92a1a4dc`
SHA256	`1f4b3a5657ae0d8242461a11cb08b8adf8e46a21fb612336311fcba10faccb61`
SHA3	`c72a92379b693f109c695e4e9511e110aa78840b4f2d31bc63ef1a9ff674e88d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	88.0.4324.182
ProductVersion	88.0.4324.182
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Google LLC
FileDescription	Google Chrome Installer
FileVersion (#2)	88.0.4324.182
InternalName	mini_installer
LegalCopyright	Copyright 2020 Google LLC. All rights reserved.
ProductName	Google Chrome Installer
ProductVersion (#2)	88.0.4324.182
CompanyShortName	Google
ProductShortName	Chrome Installer
LastChange	73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202}
Official Build	1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Feb-12 23:08:01
Version	`0.0`
SizeofData	`47`
AddressOfRawData	`0x57dc`
PointerToRawData	`0x3ddc`
Referenced File	mini_installer.exe.pdb

TLS Callbacks

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140007008`
GuardCFCheckFunctionPointer	`5368745984`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

fc2cbf1afe7b033360dc0afa662e0e67

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

CHROME_PATCH.PACKED.7Z

SETUP_PATCH.PACKED.7Z

1

1 (#2)

107

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors