home

nacl64.exe

MyChrome

Hefei Hejunzhengce Info Tech Co., Ltd.

The executable nacl64.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
@COMPANY_FULLNAME@  (signed by Hefei Hejunzhengce Info Tech Co., Ltd.)

Product:
MyChrome

Version:
46.0.2479.0

MD5:
497aa92a658311df1b43d7b98970a55f

SHA-1:
1025464a5b27aec44c30d7f3369d0455a637a83e

SHA-256:
dd09ab993eff1bb226a29faf698d00a01941bb15332a5ce1bcbd0a5df98c5609

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/16/2024 7:29:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.26.21

File size:
2.2 MB (2,354,672 bytes)

Product version:
46.0.2479.0

Copyright:
Copyright 2015 The MyChrome Authors. All rights reserved.

Original file name:
nacl64.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\google\chrome\application\46.10.2479.19\nacl64.exe

Digital Signature
Signed by:
Hefei Hejunzhengce Info Tech Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
3/6/2015 3:35:27 PM

Valid to:
12/30/2016 3:35:27 PM

Subject:
CN="Hefei Hejunzhengce Info Tech Co., Ltd.", O="Hefei Hejunzhengce Info Tech Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3312D0B8D4D7941DF85AA59F134E7719

File PE Metadata
Compilation timestamp:
1/25/2016 12:19:45 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:vb8tmUd9zN6DpdgmC7uz1ehlLIpmm0pcofraOjA59ppppppppppppppppppppppa:vb8d6Dpdgtk1SSpBeacA5tO

Entry address:
0xC3428

Entry point:
48, 83, EC, 28, E8, 53, F8, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 8B, 05, 84, C6, 18, 00, 33, DB, BF, 14, 00, 00, 00, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 05, 3B, C7, 0F, 4C, C7, 48, 63, C8, BA, 08, 00, 00, 00, 89, 05, 5F, C6, 18, 00, E8, 12, 90, 00, 00, 48, 89, 05, 4B, C6, 18, 00, 48, 85, C0, 75, 24, 8D, 50, 08, 48, 8B, CF, 89, 3D, 42, C6, 18, 00, E8, F5, 8F, 00, 00, 48, 89, 05, 2E, C6, 18, 00, 48, 85, C0, 75, 07, B8, 1A, 00, 00, 00, EB, 23, 48, 8D...
 
[+]

Entropy:
5.2503

Code size:
948 KB (970,752 bytes)

Remove nacl64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.