Uploaded PUP Chromnius Analysis
Technical Analysis
| File Name | uploaded |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.139.174 |
| Database Version | 2023-09-18 14:02:12 UTC |
PUP.Win32.Chromnius.dg!c
Malware family: Chromnius
Chromnius is browser hijacker software using a modified Chromium browser that claims security enhancement while redirecting users to fake search engines, potentially compromising privacy and browsing experience.
N/A
Detection Rate
7,262,528
File Size (bytes)
2023-09-18
Analysis Date
Scan Another File
File Identification
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
4bb331ead48449e15ff9aa51fee8fa25
|
|
| SHA1 |
113bffa93601f83ea002317c2f9dd055640cf56c
|
|
| SHA256 |
2ab2a97ce09791d77c39da25b974384da6ad9c61f63f4beabfe2f0eddecd73ff
|
|
| SHA512 |
8e76046d447b1319cc1503a61e6c54baba6b09233b07a4ef51c04969c874781d41a1eb26e534eb061e9cbfe564512225f4b331fb0a74aaf3379bd30d1ad6e80d
|
|
| ImpHash |
21314122cd4542a6b9b297f52a87acbe
|
PE Analysis
Basic Information
▼| Icon |
Hash: 5e172c0dc3b3b45ca039c9e793a07b29
Fuzzy: a0944f9361276e2a5e874864a5c88639 dHash: f8e2eae6b696c6cc |
| Image Base | 0x00400000 |
| Entry Point | 0x005e0862 |
| Compilation Time | 2023-07-27 09:36:39 |
| Checksum | 0x006f2bc4 (Actual: 0x006f2bc4) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB Path | C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb |
| Digital Signature | OK |
| Imports |
1 libraries
KERNEL32 |
| Exports | 0 functions |
| Resources | 44 Resources |
| Sections | 5 Sections |
Digital Signatures
▼| GlobalSign | GlobalSign nv-sa (BE) |
| GlobalSign Code Signing Root R45 | GlobalSign nv-sa (BE) |
| GlobalSign GCC R45 CodeSigning CA 2020 | Dragon Boss Solutions LLC (AE) |
Version Information
▼| CompanyName | Chromstera Browser |
| FileDescription | Chromstera Browser Installer |
| FileVersion | 1.0 |
| InternalName | ChromsteraPublic |
| LegalCopyright | Copyright (C) 2023 Chromstera Browser |
| OriginalFileName | ChromsteraPublic.exe |
| ProductName | Chromstera Browser |
| ProductVersion | 1.0 |
| Translation | 0x0409 0x04b0 |
PE Sections
▼| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,534,582 bytes | 2,534,912 bytes | 6.45 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
6609EE5AD35366535F89171104FD9407 |
.rdata |
0x0026c000 |
587,098 bytes | 587,264 bytes | 4.60 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
82A48C8EED166A4419B55B922166495D |
.data |
0x002fc000 |
53,824 bytes | 15,360 bytes | 4.77 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
624471F60C55363D0BDC9E3921A90C7E |
.rsrc |
0x0030a000 |
170,164 bytes | 170,496 bytes | 5.19 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0541A6101798A79B746007837D07F229 |
.reloc |
0x00334000 |
166,892 bytes | 166,912 bytes | 6.51 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
7704EC72484064D3D713DEF4A99CB43B |
Entropy Analysis Alert
1 section(s) with elevated entropy (≥6.5) - possible compression
Resource Analysis
▼
Total Resources: 44
(167,800 bytes)
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_BITMAP | 6 | 26,098 bytes | |
| RT_ICON | 6 | 10,032 bytes | |
| RT_DIALOG | 5 | 1,198 bytes | |
| RT_STRING | 15 | 11,262 bytes | |
| RT_GROUP_ICON | 1 | 90 bytes | |
| RT_VERSION | 1 | 812 bytes | |
| RT_HTML | 9 | 116,245 bytes | |
| RT_MANIFEST | 1 | 2,063 bytes |
Certificate Chain Analysis
▼Certificate #1
| Subject |
GlobalSign Code Signing Root R45 GlobalSign nv-sa BE |
| Issuer | GlobalSign |
| Serial Number | 159895020367154186454025795821008217243 |
Certificate #2
| Subject |
GlobalSign GCC R45 CodeSigning CA 2020 GlobalSign nv-sa BE |
| Issuer | GlobalSign Code Signing Root R45 |
| Serial Number | 159159759846135372329575655669707113543 |
Certificate #3
| Subject |
Dragon Boss Solutions LLC Dragon Boss Solutions LLC AE |
| Issuer | GlobalSign GCC R45 CodeSigning CA 2020 |
| Serial Number | 35484042506904463140501520684 |
Certificate Verification Status
OK
PUP.Win32.Chromnius.dg!c Removal
Gridinsoft has the capability to identify and eliminate PUP.Win32.Chromnius.dg!c without requiring further user intervention.
Download Anti-MalwareRemoval Instructions
Follow these steps to completely remove the threat from your system
-
Start by downloading Gridinsoft Anti-Malware to your computer.
-
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
-
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
-
Click on the "Standard Scan" button to begin scanning your computer for threats.
-
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
-
If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.
Leave a Comment
Gridinsoft Anti-Malware
Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware
Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!
