| File name: | Native-Component.exe |
| Full analysis: | https://app.any.run/tasks/3d002fa7-c89f-48be-b842-38ae670cfdb0 |
| Verdict: | No threats detected |
| Analysis date: | December 27, 2019, 06:48:26 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 773DF1A7E553BCC5A6970C26E6BA76BC |
| SHA1: | 8708DDA3CA1B5FEDEA9CD3B426E24498C2CA9150 |
| SHA256: | 9FCAFCD6D615C6DC65389AD0BC81073FA5D8FA02F1D3E5D27B93212A112CD449 |
| SSDEEP: | 6144:oqTgmQJrjHD6v+21Z+aJoh2pOVKa1RnSosXAOcWUx0Vn18jwr6:oJVD6v+21ZnJo0cVDRSXG56/r6 |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- Native-Component.exe (PID: 2204)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win64 Executable (generic) (64.6) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (15.4) |
| .exe | | | Win32 Executable (generic) (10.5) |
| .exe | | | Generic Win/DOS Executable (4.6) |
| .exe | | | DOS Executable Generic (4.6) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:10:10 22:35:44+02:00 |
| PEType: | PE32 |
| LinkerVersion: | 14 |
| CodeSize: | 216064 |
| InitializedDataSize: | 116736 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x15220 |
| OSVersion: | 5.1 |
| ImageVersion: | - |
| SubsystemVersion: | 5.1 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 2019.10.10.0 |
| ProductVersionNumber: | 2019.10.10.0 |
| FileFlagsMask: | 0x0000 |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| ProductName: | Native Component Extension |
| FileDescription: | Native Component Extension |
Summary
| Architecture: | IMAGE_FILE_MACHINE_I386 |
|---|---|
| Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Compilation Date: | 10-Oct-2019 20:35:44 |
| Detected languages: |
|
| ProductName: | Native Component Extension |
| FileDescription: | Native Component Extension |
DOS Header
| Magic number: | MZ |
|---|---|
| Bytes on last page of file: | 0x0090 |
| Pages in file: | 0x0003 |
| Relocations: | 0x0000 |
| Size of header: | 0x0004 |
| Min extra paragraphs: | 0x0000 |
| Max extra paragraphs: | 0xFFFF |
| Initial SS value: | 0x0000 |
| Initial SP value: | 0x00B8 |
| Checksum: | 0x0000 |
| Initial IP value: | 0x0000 |
| Initial CS value: | 0x0000 |
| Overlay number: | 0x0000 |
| OEM identifier: | 0x0000 |
| OEM information: | 0x0000 |
| Address of NE header: | 0x00000108 |
PE Headers
| Signature: | PE |
|---|---|
| Machine: | IMAGE_FILE_MACHINE_I386 |
| Number of sections: | 7 |
| Time date stamp: | 10-Oct-2019 20:35:44 |
| Pointer to Symbol Table: | 0x00000000 |
| Number of symbols: | 0 |
| Size of Optional Header: | 0x00E0 |
| Characteristics: |
|
Sections
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
|---|---|---|---|---|---|
.text | 0x00001000 | 0x00034B63 | 0x00034C00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.64022 |
.rdata | 0x00036000 | 0x00012870 | 0x00012A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.65804 |
.data | 0x00049000 | 0x00001DF8 | 0x00000E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.30943 |
.gfids | 0x0004B000 | 0x000001E4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.69936 |
.tls | 0x0004C000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0203931 |
.rsrc | 0x0004D000 | 0x00004B58 | 0x00004C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.85322 |
.reloc | 0x00052000 | 0x00002E58 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.55505 |
Resources
Title | Entropy | Size | Codepage | Language | Type |
|---|---|---|---|---|---|
0 | 2.62308 | 62 | UNKNOWN | English - United States | RT_GROUP_ICON |
1 | 5.39877 | 880 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 4.71607 | 2440 | UNKNOWN | English - United States | RT_ICON |
3 | 5.65347 | 4264 | UNKNOWN | English - United States | RT_ICON |
4 | 5.54859 | 9640 | UNKNOWN | English - United States | RT_ICON |
Imports
ADVAPI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
Total processes
34
Monitored processes
1
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2204 | "C:\Users\admin\AppData\Local\Temp\Native-Component.exe" | C:\Users\admin\AppData\Local\Temp\Native-Component.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Native Component Extension Exit code: 0 Modules
| |||||||||||||||
Total events
4
Read events
3
Write events
1
Delete events
0
Modification events
| (PID) Process: | (2204) Native-Component.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\NativeMessagingHosts\hrich.autocontrol |
| Operation: | write | Name: | |
Value: C:\Users\admin\AppData\Local\AutoControl\AutoControl.manifest | |||
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2204 | Native-Component.exe | C:\Users\admin\AppData\Local\AutoControl\AutoControlZero.exe | executable | |
MD5:— | SHA256:— | |||
| 2204 | Native-Component.exe | C:\Users\admin\AppData\Local\AutoControl\AutoControl.manifest | text | |
MD5:4C8B0F08FCA72810E1F202827B85CA31 | SHA256:44A8BD5DEFDB3839568452F83BB958CC7D2949E0D481D8C9F4C3C9D0EE9B2CD1 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report