ChromePass.exe

First submission 2024-10-17 19:14:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	234.5 KB (240128 bytes)
Compile time:	2021-04-10 13:55:34
MD5:	a892c43b0cf244f070f97fafdb224cf4
SHA1:	1bd3cedff1b38d8244af15a8d97e49884fd8a511
SHA256:	4b127e7b83148bfbe56bd83e4b95b2a4fdb69e1c9fa4e0c021a3bfb7b02d8a16
Import Hash :	1e5e3ffcadaf7ce3dde86165afb33e9f
Sections 4	.text .rdata .data .rsrc
Directories 3	import resource debug

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	53/77 VT report date: 2024-10-17 17:33:57
Malware Type 3	hacktool trojan pua
Threat Type 3	chromepass chromepassview nirsoft

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://157.173.104.153/up/Tool/ChromePass.exe	157.173.104.153	2024-10-17 19:14:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x2eeee	192512	34c9e5cd9a8f1624081d7a6e45ed2f7852ddcae9	59f7534ecbbfbbe81e8dd5c36e901aed
.rdata	0x30000	0x788c	31232	fd3e27f50b2eb1c0af3c31ed6e8cc98eb0bc8acf	485528108e9c44fc4b01bcc48373ab82
.data	0x38000	0x4dbc	3584	3b82f43ca514c0e42cf39a4d0d0867516a0d4827	228877751411da992ddeb1aede909868
.rsrc	0x3d000	0x2cfe	11776	56c43772790b15ad66155b64ce9dab6f14bdc573	8a65f2220c2a708e87ea638e9961cd31

PE Resources 10

Name	Language	Sublanguage	Offset	Size	Data
BIN	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3d4f8	792	PE Resource: BIN - Data `Cp:TVi&[v8J^,%Ed!z35'8uP;=V;?5[f2^<-Mjk$3 W &jo&4{2dqA[^w; 7G"+,7pvTtdR2KfXO[}wCS spL$]aGC>c=i2>eHjBLQ}7G k^tRW G2Xj[JFK!j2H<9\[U v7Jy>dCO?h]}-U/#F7ckJV"}l:qcXE yn2'h^:Xz;EJZDZMf <} ;wY"]X$?9#2`p\|6~P>@AflG[Ke(H7;T7k>3p}yG7QN[NreZdF.%6cRiN}kf'Jbqljg> aIw /riG.D`r 3-te[vgN6OBJir@2E3XAvyTl4)gp+4gS} !w]rq8:A x.mTwy\|
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3d810	308
RT_BITMAP	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3de04	216
RT_MENU	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3e254	452
RT_DIALOG	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3efbc	822	PE Resource: RT_DIALOG - Data Column SettingsMS Shell Dlg @PSysListView32P2Move &UpP/2Move &DownP@2&ShowPQ2&HidePb2Default P\| Pf2OKP2CancelPCheck the columns that you would like to make visible. Use the Move Up and Move Down buttons to reorder the columnsPrWidth of selected column (in pixels):P
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3f7ec	104
RT_ACCELERATOR	LANG_HEBREW	SUBLANG_DEFAULT	0x3f854	80
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3f8a4	20
RT_VERSION	LANG_HEBREW	SUBLANG_DEFAULT	0x3f8b8	732	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?:StringFileInfo040904b00CompanyNameNirSoftZFileDescriptionChrome Password Recovery*FileVersion1.556InternalNameChromePassh"LegalCopyrightCopyright 2008 - 2021 Nir Sofer@OriginalFilename ChromePass8ProductName ChromePass.ProductVersion1.55DVarFileInfo$Translation
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3fb94	362	PE Resource: RT_MANIFEST - Data <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <dependency> <dependentAssembly> <assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity> </dependentAssembly> </dependency> </assembly>

Meta infos 9

LegalCopyright:	Copyright \xa9 2008 - 2021 Nir Sofer
InternalName:	ChromePass
FileVersion:	1.55
CompanyName:	NirSoft
ProductVersion:	1.55
FileDescription:	Chrome Password Recovery
Translation:	0x0409 0x04b0
OriginalFilename:	ChromePass
ProductName:	ChromePass

Packers detected 1

Microsoft Visual C++ v7.0

Anti debug functions 1

GetLastError

Strings analysis - File found

XML
*.xml
Text
*.txt
Library
Bshell32.dll
KERNEL32.dll
SHLWAPI.dll
Bnetmsg.dll
BCrypt32.dll
COMCTL32.dll
Badvapi32.dll
PSAPI.DLL
ADVAPI32.dll
GDI32.dll
COMDLG32.dll
USER32.dll
MSVCRT.dll
SHELL32.dll
ole32.dll

Strings analysis - Possible URLs found 1

http://www.nirsoft.net/

Import functions

comdlg32.dll 2 GDI32.dll 9 SHELL32.dll 6 KERNEL32.dll 78 msvcrt.dll 55 ADVAPI32.dll 3 ole32.dll 3 USER32.dll 75 COMCTL32.dll 7

Function	Address	Souspicious	Anti Debug
GetSaveFileNameW	0x4302e0
FindTextW	0x4302e4

Function	Address	Souspicious	Anti Debug
SetBkColor	0x430030
GetDeviceCaps	0x430034
SelectObject	0x430038
SetTextColor	0x43003c
CreateFontIndirectW	0x430040
SetBkMode	0x430044
DeleteObject	0x430048
GetStockObject	0x43004c
GetTextExtentPoint32W	0x430050

Function	Address	Souspicious	Anti Debug
ShellExecuteExW	0x430194
SHBrowseForFolderW	0x430198
SHGetPathFromIDListW	0x43019c
SHGetMalloc	0x4301a0
SHGetFileInfoW	0x4301a4
ShellExecuteW	0x4301a8

Function	Address	Souspicious	Anti Debug
OpenProcess	0x430058
ExitProcess	0x43005c
GetCurrentProcess	0x430060
SetErrorMode	0x430064
GetPrivateProfileStringW	0x430068
EnumResourceNamesW	0x43006c
GetPrivateProfileIntW	0x430070
CopyFileW	0x430074
FindFirstFileW	0x430078
GetModuleFileNameW	0x43007c
LockResource	0x430080
GetTempFileNameW	0x430084
GetDateFormatW	0x430088
GetTimeFormatW	0x43008c
GetWindowsDirectoryW	0x430090
GlobalLock	0x430094
FormatMessageW	0x430098
FindClose	0x43009c
EnumResourceTypesW	0x4300a0
GetModuleHandleA	0x4300a4
GetStartupInfoW	0x4300a8
WritePrivateProfileStringW	0x4300ac
ReadProcessMemory	0x4300b0
LockFile	0x4300b4
DeleteFileW	0x4300b8
LeaveCriticalSection	0x4300bc
GetCurrentProcessId	0x4300c0
SetFilePointer	0x4300c4
GetFileAttributesA	0x4300c8
GetTickCount	0x4300cc
GetSystemTimeAsFileTime	0x4300d0
GetFileAttributesW	0x4300d4
GetTempPathA	0x4300d8
GetSystemTime	0x4300dc
AreFileApisANSI	0x4300e0
DeleteFileA	0x4300e4
WriteFile	0x4300e8
ReadFile	0x4300ec
SetEndOfFile	0x4300f0
GetFullPathNameW	0x4300f4
CreateFileW	0x4300f8
GetFullPathNameA	0x4300fc
InterlockedIncrement	0x430100
MultiByteToWideChar	0x430104
InitializeCriticalSection	0x430108
FlushFileBuffers	0x43010c
GetTempPathW	0x430110
QueryPerformanceCounter	0x430114
WideCharToMultiByte	0x430118
CreateFileA	0x43011c
GetFileSize	0x430120
DeleteCriticalSection	0x430124
GetLastError	0x430128
Sleep	0x43012c
GetCurrentThreadId	0x430130
LockFileEx	0x430134
CloseHandle	0x430138
UnlockFile	0x43013c
GetVersionExW	0x430140
EnterCriticalSection	0x430144
FreeLibrary	0x430148
GetProcAddress	0x43014c
SystemTimeToFileTime	0x430150
CompareFileTime	0x430154
FileTimeToLocalFileTime	0x430158
LocalAlloc	0x43015c
LocalFree	0x430160
GetModuleHandleW	0x430164
LoadLibraryW	0x430168
FileTimeToSystemTime	0x43016c
GlobalUnlock	0x430170
GlobalAlloc	0x430174
GetSystemDirectoryW	0x430178
FindResourceW	0x43017c
LoadResource	0x430180
FindNextFileW	0x430184
LoadLibraryExW	0x430188
SizeofResource	0x43018c

Function	Address	Souspicious	Anti Debug
modf	0x4302ec
wcsrchr	0x4302f0
_gmtime64	0x4302f4
memmove	0x4302f8
_itow	0x4302fc
_wcslwr	0x430300
_purecall	0x430304
__dllonexit	0x430308
_onexit	0x43030c
_c_exit	0x430310
_exit	0x430314
_XcptFilter	0x430318
_cexit	0x43031c
_wtoi	0x430320
_wcmdln	0x430324
__wgetmainargs	0x430328
log	0x43032c
abs	0x430330
_wcsicmp	0x430334
wcscmp	0x430338
wcschr	0x43033c
wcslen	0x430340
wcscpy	0x430344
wcsncat	0x430348
_snwprintf	0x43034c
wcscat	0x430350
isxdigit	0x430354
strftime	0x430358
isalnum	0x43035c
strlen	0x430360
isdigit	0x430364
wcstoul	0x430368
_memicmp	0x43036c
??2@YAPAXI@Z	0x430370
exit	0x430374
??3@YAXPAX@Z	0x430378
malloc	0x43037c
realloc	0x430380
isspace	0x430384
free	0x430388
strcmp	0x43038c
toupper	0x430390
memset	0x430394
memcmp	0x430398
memcpy	0x43039c
atoi	0x4303a0
tolower	0x4303a4
_initterm	0x4303a8
__setusermatherr	0x4303ac
_adjust_fdiv	0x4303b0
__p__commode	0x4303b4
__p__fmode	0x4303b8
__set_app_type	0x4303bc
_controlfp	0x4303c0
_except_handler3	0x4303c4

Function	Address	Souspicious	Anti Debug
RegQueryValueExW	0x430000
RegCloseKey	0x430004
RegOpenKeyExW	0x430008

Function	Address	Souspicious	Anti Debug
CoUninitialize	0x4303cc
CoInitialize	0x4303d0
CoCreateGuid	0x4303d4

Function	Address	Souspicious	Anti Debug
DrawTextExW	0x4301b0
TranslateMessage	0x4301b4
IsDialogMessageW	0x4301b8
GetMessageW	0x4301bc
PostQuitMessage	0x4301c0
TrackPopupMenu	0x4301c4
BeginDeferWindowPos	0x4301c8
RegisterWindowMessageW	0x4301cc
EndDeferWindowPos	0x4301d0
DispatchMessageW	0x4301d4
LoadStringW	0x4301d8
EnumChildWindows	0x4301dc
DestroyWindow	0x4301e0
CreateDialogParamW	0x4301e4
DestroyMenu	0x4301e8
GetDlgCtrlID	0x4301ec
DialogBoxParamW	0x4301f0
ChildWindowFromPoint	0x4301f4
LoadCursorW	0x4301f8
GetSysColorBrush	0x4301fc
ShowWindow	0x430200
SetCursor	0x430204
GetClientRect	0x430208
SetWindowTextW	0x43020c
UpdateWindow	0x430210
SetDlgItemTextW	0x430214
GetDlgItemTextW	0x430218
GetSystemMetrics	0x43021c
DeferWindowPos	0x430220
CreateWindowExW	0x430224
GetWindowRect	0x430228
GetDlgItemInt	0x43022c
SendDlgItemMessageW	0x430230
EndDialog	0x430234
GetDlgItem	0x430238
InvalidateRect	0x43023c
SetDlgItemInt	0x430240
SetWindowPos	0x430244
GetWindowPlacement	0x430248
LoadAcceleratorsW	0x43024c
PostMessageW	0x430250
DefWindowProcW	0x430254
SendMessageW	0x430258
TranslateAcceleratorW	0x43025c
RegisterClassW	0x430260
MessageBoxW	0x430264
SetMenu	0x430268
LoadImageW	0x43026c
LoadIconW	0x430270
SetWindowLongW	0x430274
GetWindowLongW	0x430278
SetFocus	0x43027c
SetClipboardData	0x430280
GetDC	0x430284
EnableWindow	0x430288
MapWindowPoints	0x43028c
EmptyClipboard	0x430290
EnableMenuItem	0x430294
ReleaseDC	0x430298
GetClassNameW	0x43029c
OpenClipboard	0x4302a0
GetMenuStringW	0x4302a4
CloseClipboard	0x4302a8
GetMenuItemCount	0x4302ac
MoveWindow	0x4302b0
GetParent	0x4302b4
CheckMenuItem	0x4302b8
GetCursorPos	0x4302bc
GetSysColor	0x4302c0
GetMenu	0x4302c4
GetSubMenu	0x4302c8
GetWindowTextW	0x4302cc
LoadMenuW	0x4302d0
ModifyMenuW	0x4302d4
GetMenuItemInfoW	0x4302d8

Function	Address	Souspicious	Anti Debug
CreateStatusWindowW	0x430010
ImageList_AddMasked	0x430014
ImageList_SetImageCount	0x430018
ImageList_Create	0x43001c
None	0x430020
ImageList_ReplaceIcon	0x430024
CreateToolbarEx	0x430028