Uploaded PUP Chromnius 文件恶意软件分析: 4bb331ead48449e15ff9aa51fee8fa25

Uploaded PUP Chromnius 分析

更新于 2 years ago

检查者 Malware Check

uploaded

哈希类型	值	操作
MD5	4bb331ead48449e15ff9aa51fee8fa25
SHA1	113bffa93601f83ea002317c2f9dd055640cf56c
SHA256	2ab2a97ce09791d77c39da25b974384da6ad9c61f63f4beabfe2f0eddecd73ff
SHA512	8e76046d447b1319cc1503a61e6c54baba6b09233b07a4ef51c04969c874781d41a1eb26e534eb061e9cbfe564512225f4b331fb0a74aaf3379bd30d1ad6e80d
ImpHash	21314122cd4542a6b9b297f52a87acbe

哈希类型

值

操作

MD5

4bb331ead48449e15ff9aa51fee8fa25

SHA1

113bffa93601f83ea002317c2f9dd055640cf56c

SHA256

2ab2a97ce09791d77c39da25b974384da6ad9c61f63f4beabfe2f0eddecd73ff

SHA512

8e76046d447b1319cc1503a61e6c54baba6b09233b07a4ef51c04969c874781d41a1eb26e534eb061e9cbfe564512225f4b331fb0a74aaf3379bd30d1ad6e80d

ImpHash

21314122cd4542a6b9b297f52a87acbe

PE 分析

基本信息

▼

图标	哈希: 5e172c0dc3b3b45ca039c9e793a07b29 模糊: a0944f9361276e2a5e874864a5c88639 dHash: f8e2eae6b696c6cc
映像基址	`0x00400000`
入口点	`0x005e0862`
编译时间	2023-07-27 09:36:39
校验和	0x006f2bc4 (实际: 0x006f2bc4)
操作系统版本	6.0
PEiD 签名	`PE32 executable (GUI) Intel 80386, for MS Windows`
PDB 路径	`C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb`
数字签名	OK
导入	1 库 KERNEL32
导出	0 函数
资源	44 资源
节	5 节

数字签名

▼

GlobalSign	GlobalSign nv-sa (BE)
GlobalSign Code Signing Root R45	GlobalSign nv-sa (BE)
GlobalSign GCC R45 CodeSigning CA 2020	Dragon Boss Solutions LLC (AE)

版本信息

▼

CompanyName	Chromstera Browser
FileDescription	Chromstera Browser Installer
FileVersion	1.0
InternalName	ChromsteraPublic
LegalCopyright	Copyright (C) 2023 Chromstera Browser
OriginalFileName	ChromsteraPublic.exe
ProductName	Chromstera Browser
ProductVersion	1.0
Translation	0x0409 0x04b0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	2,534,582 bytes	2,534,912 bytes	6.45 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`6609EE5AD35366535F89171104FD9407`
`.rdata`	`0x0026c000`	587,098 bytes	587,264 bytes	4.60 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`82A48C8EED166A4419B55B922166495D`
`.data`	`0x002fc000`	53,824 bytes	15,360 bytes	4.77 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`624471F60C55363D0BDC9E3921A90C7E`
`.rsrc`	`0x0030a000`	170,164 bytes	170,496 bytes	5.19 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0541A6101798A79B746007837D07F229`
`.reloc`	`0x00334000`	166,892 bytes	166,912 bytes	6.51 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`7704EC72484064D3D713DEF4A99CB43B`

熵分析警报

1 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 44 (167,800 字节)

资源类型	数量	总大小	百分比
RT_BITMAP	6	26,098 字节	15.6%
RT_ICON	6	10,032 字节	6%
RT_DIALOG	5	1,198 字节	0.7%
RT_STRING	15	11,262 字节	6.7%
RT_GROUP_ICON	1	90 字节	0.1%
RT_VERSION	1	812 字节	0.5%
RT_HTML	9	116,245 字节	69.3%
RT_MANIFEST	1	2,063 字节	1.2%

证书链分析

▼

证书 #1

主题	GlobalSign Code Signing Root R45 GlobalSign nv-sa BE
颁发者	GlobalSign
序列号	`159895020367154186454025795821008217243`

证书 #2

主题	GlobalSign GCC R45 CodeSigning CA 2020 GlobalSign nv-sa BE
颁发者	GlobalSign Code Signing Root R45
序列号	`159159759846135372329575655669707113543`

证书 #3

主题	Dragon Boss Solutions LLC Dragon Boss Solutions LLC AE
颁发者	GlobalSign GCC R45 CodeSigning CA 2020
序列号	`35484042506904463140501520684`

证书验证状态

发表评论

文件名	uploaded
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.139.174
数据库版本	2023-09-18 14:02:12 UTC

Uploaded PUP Chromnius 分析

技术分析

PUP.Win32.Chromnius.dg!c

扫描另一个文件

文件识别