Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 22, 2021, 11:11 a.m.	July 22, 2021, 11:13 a.m.

Size	235.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cf53febec7e1376c2e42b3857ab25424`
SHA256	`0291e6c35ad5ed041579b75496fa212f04eb1c9d73f639349ddaa01e5da10906`
CRC32	`31CC6F11`
ssdeep	`6144:o08gJKENk2IwPDIIgK+TkQcKxRB/ERZ92aDck6:odgcEW2DgeM/EcaDck6`
PDB Path	c:\Projects\VS2005\ChromePass\Command-Line\ChromePass.pdb
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature

a.exe "C:\Users\test22\AppData\Local\Temp\a.exe"
1440

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\Projects\VS2005\ChromePass\Command-Line\ChromePass.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

BIN

Steals private information from local Internet browsers (50 out of 62 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data

File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 events)

Lionic	Riskware.Win32.Chromepass.1!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Application.Heur.oq0@kK9ERXlO
CAT-QuickHeal	Hacktool.Chromepass
ALYac	Gen:Application.Heur.oq0@kK9ERXlO
Cylance	Unsafe
Zillya	Trojan.PSWTool.Win32.106
Sangfor	Hacktool.Win32.ChromePass.mt
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	HackTool:Win32/ChromePass.10dd59db
K7GW	Unwanted-Program ( 0056d3a51 )
K7AntiVirus	Unwanted-Program ( 0056d3a51 )
Cyren	W32/Application.ZBFX-9294
Symantec	PasswordRevealer
ESET-NOD32	a variant of Win32/PSWTool.ChromePass.D potentially unsafe
Paloalto	generic.ml
ClamAV	Win.Tool.ChromePassVariant-6615990-0
BitDefender	Gen:Application.Heur.oq0@kK9ERXlO
Avast	FileRepMetagen [PUP]
Ad-Aware	Gen:Application.Heur.oq0@kK9ERXlO
Sophos	NirPassView (PUA)
Comodo	Malware@#m51cuhbd5d44
VIPRE	Nirsoft Password Recovery (not malicious)
TrendMicro	HackTool.Win32.NirsoftPT.SM
McAfee-GW-Edition	Tool-PassView.b
FireEye	Generic.mg.cf53febec7e1376c
Emsisoft	Gen:Application.Heur.oq0@kK9ERXlO (B)
Webroot	W32.Malware.Gen
MAX	malware (ai score=77)
Antiy-AVL	Trojan/Generic.ASMalwS.30D291E
Gridinsoft	Risk.Win32.ChromePass.ad!i
Microsoft	HackTool:Win32/ChromePass
GData	Gen:Application.Heur.oq0@kK9ERXlO
AhnLab-V3	Trojan/Win32.Wacatac.R346831
McAfee	Tool-PassView.b
Malwarebytes	RiskWare.ChromePasswordTool
TrendMicro-HouseCall	HackTool.Win32.NirsoftPT.SM
Rising	Trojan.Generic@ML.100 (RDML:7NWhW+/C1ctzTDMUznAzEQ)
Yandex	Trojan.Igent.bUkQId.2
eGambit	Trojan.Generic
Fortinet	Riskware/PassView
MaxSecure	Trojan.Malware.102171505.susgen
AVG	FileRepMetagen [PUP]
Cybereason	malicious.ec7e13
Panda	Trj/CI.A
Qihoo-360	Win32/HackTool.Generic.HgIASQ8A

a.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All