Analysis

Category Started Completed Duration Log
FILE 2023-05-26 07:37:11 2023-05-26 07:37:11 0 seconds Show Log

    

MalScore

1.6

Benign

File Details

File Name cefsharp.browsersubprocess.exe
File Size 6656 bytes
File Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 ed1cea45d3c9fadc00b237378164365c
SHA1 4683eb0338a6b518aaf9f2b36b9da76d81351adb
SHA256 4fa950e0a0c28bf83fce80a1c346bb9485b9da6915e97f746f812c50bb88e6cc
SHA512 662b124d7a351f08e582aa327497a850ff9d5bdf35f5d5c90f2bba5e6963941b0abf7b7e22d698396ebb8e857f264880e60d012bbe42bbe39ab88c8a822e1bab
CRC32 23E556F5
Ssdeep 96:OgwxZDVcvI7lcnmQBDau1KpFZ+etmAwNt61OYcXei+U:O5ZuIwmQBT1KpFZ8sAYcXeU
ClamAV None matched
Yara None matched

Signatures

Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x140000000
Entry Point 0x140000000
Reported Checksum 0x00006a6f
Actual Checksum 0x00006a6f
Minimum OS Version 4.0
PDB Path C:\projects\cefsharp\CefSharp.BrowserSubprocess\obj\x64\Release\CefSharp.BrowserSubprocess.pdb
Compile Time 2097-04-28 11:50:49

Version Infos

Translation 0x0000 0x04b0
LegalCopyright Copyright \xa9 2022 The CefSharp Authors
Assembly Version 104.4.240.0
InternalName CefSharp.BrowserSubprocess.exe
FileVersion 104.4.240.0
CompanyName The CefSharp Authors
LegalTrademarks
Comments
ProductName CefSharp
ProductVersion 104.4.240.0
FileDescription CefSharp.BrowserSubprocess
OriginalFilename CefSharp.BrowserSubprocess.exe

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00002000 0x00000963 0x00000a00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.60
.rsrc 0x00004000 0x00000d80 0x00000e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.91

Resources

Name Offset Size Language Sub-language Entropy File type
RT_VERSION 0x00004090 0x000003f0 LANG_NEUTRAL SUBLANG_NEUTRAL 3.38 SysEx File - OctavePlateau
RT_MANIFEST 0x00004490 0x000008ea LANG_NEUTRAL SUBLANG_NEUTRAL 5.11 XML document text

.text
`.rsrc
v4.0.30319
#Strings
#GUID
#Blob
IEnumerable`1
<Module>
mscorlib
System.Collections.Generic
WcfBrowserSubprocessExecutable
CefSharp.BrowserSubprocess.Core
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
CLSCompliantAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
CefSharp.BrowserSubprocess.exe
System.Runtime.Versioning
Program
System
System.Reflection
CefSharp
IRenderProcessHandler
.ctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
SubProcess
CefSharp.RenderProcess
CefSharp.BrowserSubprocess
Object
EnableHighDPISupport
CefSharp.BrowserSubprocess
The CefSharp Authors
CefSharp
2022 The CefSharp Authors
104.4.240.0
.NET Framework 4.5.2
C:\projects\cefsharp\CefSharp.BrowserSubprocess\obj\x64\Release\CefSharp.BrowserSubprocess.pdb
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
The CefSharp Authors
FileDescription
CefSharp.BrowserSubprocess
FileVersion
104.4.240.0
InternalName
CefSharp.BrowserSubprocess.exe
LegalCopyright
2022 The CefSharp Authors
LegalTrademarks
OriginalFilename
CefSharp.BrowserSubprocess.exe
ProductName
CefSharp
ProductVersion
104.4.240.0
Assembly Version
104.4.240.0
No antivirus signatures available.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.
Sorry! No dropped files.
JSON Report Download

Comments



No comments posted

Processing ( 1.214 seconds )

  • 0.74 Static
  • 0.298 VirusTotal
  • 0.137 peid
  • 0.028 static_dotnet
  • 0.007 AnalysisInfo
  • 0.002 TargetInfo
  • 0.001 Debug
  • 0.001 Strings

Signatures ( 0.024 seconds )

  • 0.005 antiav_detectreg
  • 0.003 persistence_autorun
  • 0.002 antiav_detectfile
  • 0.002 infostealer_ftp
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 ransomware_extensions
  • 0.001 ransomware_files

Reporting ( 0.004 seconds )

  • 0.004 JsonDump
Task ID 1757
Mongo ID 6470a7fd2694ed0be09631ff
Cuckoo release 1.3-NG