Manalyze report for ff317550dc5c0feff7410c023d8dd552

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
TLS Callbacks	3 callback(s) detected.
CompanyName	Google Inc.
FileDescription	Google Chrome
FileVersion	`67.0.3396.62`
InternalName	chrome_exe
LegalCopyright	Copyright 2017 Google Inc. All rights reserved.
OriginalFilename	chrome.exe
ProductName	Google Chrome
ProductVersion	`67.0.3396.62`
CompanyShortName	Google
ProductShortName	Chrome
LastChange	babbbb5b433370f9a7feeb9f98a57599ad1c4676-refs/branch-heads/3396@{#702}
Official Build	1

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe` `Contains references to mining pools: stratum+tcp://` `Contains domain names: curl.haxx.se example.com http://curl.haxx.se http://curl.haxx.se/docs/http-cookies.html`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to AES` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptCreateHash CryptDestroyHash CryptGetHashParam CryptHashData CryptReleaseContext` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSACleanup WSAGetLastError WSAIoctl WSASetLastError WSAStartup __WSAFDIsSet accept bind closesocket connect freeaddrinfo getaddrinfo gethostname getpeername getsockname getsockopt htons ioctlsocket listen ntohs recv recvfrom select send sendto setsockopt socket`
Malicious	The program tries to mislead users about its origins.	`The PE pretends to be from Google but is not signed!`
Malicious	VirusTotal score: 52/68 (Scanned on 2020-08-21 10:33:36)	`Elastic: malicious (high confidence)` `MicroWorld-eScan: Application.BitCoinMiner.IG` `Qihoo-360: Win64/Virus.RiskTool.f33` `Cylance: Unsafe` `Zillya: Tool.BitCoinMiner.Win64.3` `Sangfor: Malware` `Alibaba: RiskWare:Win32/Miners.a0bab468` `Cybereason: malicious.0dc5c0` `TrendMicro: TROJ_GEN.R002C0OHI20` `Cyren: W64/BitCoinMiner.D` `Symantec: Linux.Coinminer` `ESET-NOD32: a variant of Win64/CoinMiner.U potentially unwanted` `APEX: Malicious` `Paloalto: generic.ml` `ClamAV: Win.Trojan.Bitcoinminer-73` `Kaspersky: not-a-virus:RiskTool.Win64.BitCoinMiner.ju` `BitDefender: Application.BitCoinMiner.IG` `NANO-Antivirus: Riskware.Win64.Coinbit.fdvzhd` `ViRobot: Adware.Bitcoinminer.525824` `Avast: Win32:Miner-BA [Trj]` `Rising: Trojan.CoinMiner!1.A92B (C64:YzY0Ondx5mhM/lZm)` `Ad-Aware: Application.BitCoinMiner.IG` `Comodo: ApplicUnwnt@#yn0q6ufwrq37` `F-Secure: Heuristic.HEUR/AGEN.1135641` `DrWeb: Trojan.Coinbit.43` `VIPRE: Trojan.Win32.Generic!BT` `Invincea: heuristic` `FireEye: Generic.mg.ff317550dc5c0fef` `Sophos: Internet Download Manager - Miner (PUA)` `Ikarus: Gen.Application.Heur2` `Jiangmin: RiskTool.BitCoinMiner.eq` `Avira: HEUR/AGEN.1135641` `Antiy-AVL: RiskWare[RiskTool]/Win64.BitCoinMiner` `Microsoft: PUA:Win32/CoinMiner` `Arcabit: Application.BitCoinMiner.IG` `AegisLab: Riskware.Win64.BitCoinMiner.1!c` `ZoneAlarm: not-a-virus:RiskTool.Win64.BitCoinMiner.ju` `GData: Win32.Application.CoinMiner.X` `Cynet: Malicious (score: 85)` `AhnLab-V3: Trojan/Win32.HDC.C582588` `Acronis: suspicious` `McAfee: GenericRXAA-AA!FF317550DC5C` `MAX: malware (ai score=99)` `Malwarebytes: RiskWare.BitCoinMiner` `TrendMicro-HouseCall: TROJ_GEN.R002C0OHI20` `Yandex: Riskware.BitCoinMiner!` `SentinelOne: DFI - Suspicious PE` `eGambit: Trojan.Generic` `Fortinet: Riskware/BitCoinMiner` `AVG: Win32:Miner-BA [Trj]` `Panda: Trj/CI.A` `CrowdStrike: win/malicious_confidence_60% (D)`

Hashes

MD5	`ff317550dc5c0feff7410c023d8dd552`
SHA1	`15c116d56bb80a3a5a1fb1dea2a70ef587cc7e57`
SHA256	`54846fbd538dfd4d469546ad70dcd4c40543b430e8648f4ce7dfead8c2cba059`
SHA3	`27846aee324279e81175b7c0c1baed4713b479be80b5d1300f57702a86b71f8f`
SSDeep	`12288:SVOEGAlH4s/FFRf725x8zHWt2/BSvHLWq1blj/UY0nTRCgu:SVfHX/FFRzJjc2/4vrWq1RAYyTI`
Imports Hash	`961161a4a1e139c8d8d2f026378a9d81`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x61000`
SizeOfInitializedData	`0x1f200`
SizeOfUninitializedData	`0x2400`
AddressOfEntryPoint	`0x0000000000001500 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x89000`
SizeOfHeaders	`0x400`
Checksum	`0x86cc2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0xa00000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0c1319b3bbcd6e2d555fe978eae3cc89`
SHA1	`161c9412e27c6ad61ca4d0a1c040a5c868a203d2`
SHA256	`5740781185fcd5455c30678a50d85372b6d843bd720567dc0bd1644d4b762e46`
SHA3	`d9f310460fa1415f4a3dd2f4ec979f0d991b74d998a92bc2cc85c773fc34831f`
VirtualSize	`0x60f90`
VirtualAddress	`0x1000`
SizeOfRawData	`0x61000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23018`

.data

MD5	`e957cba14885dbef265d5828980b13bb`
SHA1	`0449106f0384b890c56890cade0709faa55c4f20`
SHA256	`0443b1d4694a01c7721ef39be24c58416e9e9db694dd40398e56cc8b5ce7b692`
SHA3	`4c9f596dab7da7c96f95a2afe2d8e9daff04c50145c5c094a918e31b69081251`
VirtualSize	`0x450`
VirtualAddress	`0x62000`
SizeOfRawData	`0x600`
PointerToRawData	`0x61400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.89717`

.rdata

MD5	`e946daf802eb3a90463cb91d67fdc572`
SHA1	`b2220a63a903ddd689fcbc2d98f4e1be74cf23f3`
SHA256	`a648feab9bf1034cf952ee2970e0377cad0d1a15c6d2dee523f613d6efd4022d`
SHA3	`d173b47f2f6f3a8a56dec6d87e1dd63acdda95aa1460987445d858a761e1a742`
VirtualSize	`0x13208`
VirtualAddress	`0x63000`
SizeOfRawData	`0x13400`
PointerToRawData	`0x61a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.37172`

.pdata

MD5	`e5b86bc408ac435bf6505fa16da12dfe`
SHA1	`b3180a6936e5aba294adb7d008dc5e6833d4eeff`
SHA256	`4d662c2345e282366d7a2caaa5e0f463a78fddc4303f20d5de1365411f76a4cf`
SHA3	`8979200a9498b00396207d84033a40e1c34653ed7d4f3864deddf8e30aba3234`
VirtualSize	`0x3384`
VirtualAddress	`0x77000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x74e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75391`

.xdata

MD5	`4a9257d9a59458c8b38723f2de7aba44`
SHA1	`2f97956b8d97b65c1647906d78afdf12775cc794`
SHA256	`622bb7adde16274b951434bf58801771eaeae07b7e92809bb22a645bced4d9c0`
SHA3	`5e2f6bf1907454d9121e95b2dd5897a9ef86e60228aac8ff89225763b7c03ab8`
VirtualSize	`0x333c`
VirtualAddress	`0x7b000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x78200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.31591`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x23e0`
VirtualAddress	`0x7f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`1b8c18052e052aeb0c7a05e42681aeea`
SHA1	`d8df5714c8ca27f4d95c3f914c1bfb6b3c3fe2cc`
SHA256	`876cc1a05c12444ce60038734840fbc2b09173179ec857863dd7a8d7b535e15c`
SHA3	`dc1348fab0b5d0af63d35064a572f5ad28652a430dcde1f3f5b30cb3146eaaa5`
VirtualSize	`0x1e50`
VirtualAddress	`0x82000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x7b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.37846`

.CRT

MD5	`deb0a00bcd4b14926b8f1c9e7b9f1f96`
SHA1	`e2951278846eb59f4aabeeb467789052e0a1ec19`
SHA256	`301e62456a366eb1187576904efd89e2a5925c29ba2829f60e6dd654519f6b5e`
SHA3	`464f824d359c310c59df815915cb543101d207fcf46423c7b68fa8b33601eb7f`
VirtualSize	`0x70`
VirtualAddress	`0x84000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.33888`

.tls

MD5	`ff98682b9277e5766a22d3be9541863c`
SHA1	`2e0b930bde587cdf7de6d262e863574c7827b8c7`
SHA256	`22ce439e1a479de4bc1882a02adc6a51584b251ce1123d6ee521f21e84a53f3a`
SHA3	`8034b6e903fbe1bdd31fb433ea342f7679a4eb472eb3c02534ebd427d0ecb647`
VirtualSize	`0x68`
VirtualAddress	`0x85000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.200582`

.rsrc

MD5	`6ae23a335d239a441d36d2732ad7df1a`
SHA1	`9182980fae6604567d0afe5462292a6344a8c82e`
SHA256	`2d2f3795b56a228239dbda20dd7f7b5718c5f0f84a4559b373975318d5ec12bb`
SHA3	`3b0b40f8066dc537aba475141add3c9d8f23482a63ddddcf9b998bdb4baae5a5`
VirtualSize	`0x2af4`
VirtualAddress	`0x86000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x7da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.49506`

Imports

ADVAPI32.dll	`CryptAcquireContextA` `CryptCreateHash` `CryptDestroyHash` `CryptGetHashParam` `CryptHashData` `CryptReleaseContext`
KERNEL32.dll	`CloseHandle` `CreateEventA` `CreateSemaphoreA` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `ExpandEnvironmentStringsA` `FormatMessageA` `FreeLibrary` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetFileType` `GetHandleInformation` `GetLastError` `GetModuleFileNameW` `GetProcAddress` `GetProcessAffinityMask` `GetStartupInfoA` `GetStdHandle` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetThreadContext` `GetThreadPriority` `GetTickCount` `GetTimeZoneInformation` `GetVersionExA` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `PeekNamedPipe` `QueryPerformanceCounter` `ReadFile` `ReleaseSemaphore` `ResetEvent` `ResumeThread` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetCriticalSectionSpinCount` `SetEvent` `SetLastError` `SetProcessAffinityMask` `SetThreadContext` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SleepEx` `SuspendThread` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnhandledExceptionFilter` `VirtualAlloc` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject`
msvcrt.dll	`__C_specific_handler` `__argv` `__dllonexit` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_beginthreadex` `_cexit` `_endthreadex` `_errno` `_exit` `_fmode` `_fstat64` `_ftime` `_ftime64` `_gmtime64` `_initterm` `_localtime64` `_lock` `_lseeki64` `_onexit` `_setjmp` `_snwprintf` `_stat64` `_stricmp` `_strnicmp` `_sys_nerr` `_time64` `_unlock` `_vsnprintf` `abort` `atoi` `calloc` `exit` `fclose` `feof` `fflush` `fgetc` `fgets` `fopen` `fprintf` `fputc` `fread` `free` `fseek` `fwprintf` `fwrite` `getenv` `isalnum` `isalpha` `isgraph` `islower` `isprint` `isspace` `isupper` `isxdigit` `localeconv` `malloc` `mbstowcs` `memchr` `memcmp` `memcpy` `memmove` `memset` `printf` `puts` `qsort` `raise` `rand` `realloc` `setlocale` `signal` `sprintf` `srand` `sscanf` `strcat` `strchr` `strcmp` `strcpy` `strerror` `strlen` `strncmp` `strncpy` `strrchr` `strstr` `strtok` `strtol` `strtoul` `tolower` `vfprintf` `wcscpy` `wcstombs` `longjmp` `_write` `_strdup` `_read` `_open` `_getpid` `_close`
USER32.dll	`MessageBoxW`
WLDAP32.dll	`ber_free` `ldap_err2string` `ldap_first_attribute` `ldap_first_entry` `ldap_get_dn` `ldap_get_values_len` `ldap_init` `ldap_memfree` `ldap_msgfree` `ldap_next_attribute` `ldap_next_entry` `ldap_search_s` `ldap_set_option` `ldap_simple_bind_s` `ldap_sslinit` `ldap_unbind_s` `ldap_value_free_len`
WS2_32.dll	`WSACleanup` `WSAGetLastError` `WSAIoctl` `WSASetLastError` `WSAStartup` `__WSAFDIsSet` `accept` `bind` `closesocket` `connect` `freeaddrinfo` `getaddrinfo` `gethostname` `getpeername` `getsockname` `getsockopt` `htons` `ioctlsocket` `listen` `ntohs` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `socket`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57106`
MD5	`d25c28b8e7a58ee6c49eae31f535b17c`
SHA1	`e670238fc808df56b819330fb1d24b76776a318f`
SHA256	`34ed8326ad33a8c447dc5b091f6163bd9c7ffc569445f71eb3b929f86c3758fc`
SHA3	`1709961cf392842c90c378b9648227f90e4c1ed5b3443ccb5722d982d6f436bb`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`f70771cfd93218e0da5b0b45af15d4cd`
SHA1	`778a9a90cc44e3833f9b5b45929465567e44cb69`
SHA256	`8ba3a2e4e72ee5f60718eb9ad3f29fa859b38e7b5e52a9b03ebd6547d54019d3`
SHA3	`44c4488b210d6bed764e8f94561afa6bc2cfaee0ca7fc61079b4b217eaabbd02`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x450`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51889`
MD5	`90625f91fe82934d2ba02087dfb6a462`
SHA1	`b1773db6117b9e69332fb032706e1fe2bf0a9bbf`
SHA256	`a1a126a6f7e63e7f047811b1ac854d9a1a53b316a21d634bcd148422d59b4c83`
SHA3	`cf62e99fb20338df720575d9708d4990d9045b078508b117eadc8abe4f16b3ae`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	67.0.3396.62
ProductVersion	67.0.3396.62
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Google Inc.
FileDescription	Google Chrome
FileVersion (#2)	67.0.3396.62
InternalName	chrome_exe
LegalCopyright	Copyright 2017 Google Inc. All rights reserved.
OriginalFilename	chrome.exe
ProductName	Google Chrome
ProductVersion (#2)	67.0.3396.62
CompanyShortName	Google
ProductShortName	Chrome
LastChange	babbbb5b433370f9a7feeb9f98a57599ad1c4676-refs/branch-heads/3396@{#702}
Official Build	1

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x485000`
EndAddressOfRawData	`0x485060`
AddressOfIndex	`0x48078c`
AddressOfCallbacks	`0x484040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000000045AC80` `0x000000000045AC50` `0x0000000000456520`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!