Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 17, 2024, 4:41 p.m.	Oct. 17, 2024, 4:43 p.m.

Size	234.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a892c43b0cf244f070f97fafdb224cf4`
SHA256	`4b127e7b83148bfbe56bd83e4b95b2a4fdb69e1c9fa4e0c021a3bfb7b02d8a16`
CRC32	`B2F9BFA2`
ssdeep	`3072:xuPjHEpDzJHyUXMGI3SdBqc0b1/4NNkQmRf/9E8B0Gt9vFpy8vs971kBJ3y57TqM:4PjHuhM52BqBgvkQmB/lXRk6B9kPqck`
PDB Path	c:\Projects\VS2005\ChromePass\Command-Line\ChromePass.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

ChromePass.exe "C:\Users\test22\AppData\Local\Temp\ChromePass.exe"
184

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\Projects\VS2005\ChromePass\Command-Line\ChromePass.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

BIN

Steals private information from local Internet browsers (50 out of 62 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware
Lionic	Riskware.Win32.ChromePass.1!c
Cynet	Malicious (score: 99)
Skyhigh	Tool-PassView.b
ALYac	Application.NirSoft.ChromePassView.F
Cylance	Unsafe
VIPRE	Application.NirSoft.ChromePassView.F
Sangfor	Hacktool.Win32.Chromepass.Vkn6
K7AntiVirus	Unwanted-Program ( 0056c7481 )
BitDefender	Application.NirSoft.ChromePassView.F
K7GW	Unwanted-Program ( 0056c7481 )
Cybereason	malicious.b0cf24
Arcabit	Application.NirSoft.ChromePassView.F
Symantec	PasswordRevealer
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/PSWTool.ChromePass.D potentially unsafe
McAfee	Tool-PassView.b
Avast	Win32:Malware-gen
ClamAV	Win.Tool.ChromePassVariant-6615990-0
Kaspersky	not-a-virus:HEUR:PSWTool.Win32.ChromePass.gen
NANO-Antivirus	Trojan.Win32.Ool.jpsxrt
MicroWorld-eScan	Application.NirSoft.ChromePassView.F
Rising	HackTool.ChromePass!8.13BF (TFE:5:094ofYYs1NG)
Emsisoft	Application.NirSoft.ChromePassView.F (B)
Zillya	Tool.ChromePass.Win32.467
TrendMicro	HackTool.Win32.NirsoftPT.SM
McAfeeD	ti!4B127E7B8314
FireEye	Generic.mg.a892c43b0cf244f0
Sophos	NirPassView (PUA)
Ikarus	PUA.PSWTool.Chromepass
Jiangmin	PSWTool.ChromePass.rr
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/AVI.Agent.rssnv
Antiy-AVL	RiskWare[PSWTool]/Win32.ChromePass
Kingsoft	malware.kb.a.982
Gridinsoft	PUP.Win32.ChromePass.ad!n
Microsoft	HackTool:Win32/ChromePass
ZoneAlarm	not-a-virus:HEUR:PSWTool.Win32.ChromePass.gen
GData	Win32.Riskware.ChromePass.C
BitDefenderTheta	Gen:NN.ZexaCO.36806.oq0@aCVNqUnO
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	HackTool.Win32.NirsoftPT.SM
Tencent	Malware.Win32.Gencirc.10be30b7
MAX	malware (ai score=78)
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
Paloalto	generic.ml

ChromePass.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All