Analyzing a Trojanized Chrome Installer
The REMnux MCP server connects AI assistants to the malware analysis tools on REMnux through the Model Context Protocol. The AI can call tools, interpret results, and adapt its analysis, while everything runs on REMnux, which can be set up as a virtual machine or Docker container.
The sample in this session is cherome.exe, a 26MB executable that claims to be Chrome Setup, downloaded from an S3 bucket. Across two sessions and 27 MCP tool calls, the AI assistant identified a Gentee installer framework abused to drop a Cloudflare tunnel for command-and-control communication, a VBScript Encoded orchestrator, and a legitimate Chrome installer as a decoy. It then reverse-engineered the proprietary archive format to extract the embedded file table.
| Sample | cherome.exe (from cherome.zip) |
| Verdict | Malicious: trojanized installer dropping Cloudflare tunnel C2 + VBE payload |
| MCP Tool Calls | 27 across two sessions |
| Analysis Time | ~10 minutes |
The walkthrough below follows an actual analysis session. It focuses on how the MCP server’s tools contributed to the analysis rather than providing a comprehensive malware report.
Using AI with REMnux for Malware Analysis · REMnux MCP Server on GitHub
Sample Acquisition and Triage
Using the MCP server, the AI downloads the sample directly from attacker-controlled hosting.
download_from_url· hxxps://chvomrec[.]s3[.]ap-southeast-1[.]amazonaws[.]com/cherome[.]zip · 34.7s26.2MB ZIP from an S3 bucket.
extract_archive· 481msSingle file:
cherome.exe.
get_file_info· cherome.exePE32 executable (GUI) Intel 80386, 26.2MB. SHA256:
26ddeea6d5171984cd054b33cab67970716611064972b44ed7297703d0848df1
The name “cherome” typosquats “chrome.” Automated analysis runs 16 tools in about 3 minutes.
analyze_file· cherome.exe · depth: standard · 188s16 tools completed. Gentee installer framework detected. FileDescription: “Chrome Setup.”
The triage summary flagged both AutoIt and UPX detections, but autoit-ripper extraction and UPX decompression both failed. This was the first clue that the binary is neither truly AutoIt nor standard UPX. The Gentee installer framework was being misidentified by signature-based detectors.
Static Analysis Results
The AI examines individual tool results, and they converge:
- diec: Gentee Installer confirmed. 26MB overlay at entropy 7.9997 (near-maximum, indicating encryption).
- peframe: Three dropped filenames discovered:
adddf.vbe,cloudflared_installer.exe,ChromeSetup.exe. - portex: Manifest demands administrator privileges (
requireAdministrator). A.genteebytecode section at entropy 7.81. - manalyze: 99.64% of the file is encrypted overlay. All exploit mitigations disabled (no ASLR, DEP, SafeSEH, Stack Canary, or CFG).
Capa analysis added further detail: anti-VM detection through Xen hypervisor string references, anti-analysis tool references, cryptocurrency-related strings, and mutex-based single-instance enforcement. These findings suggest the payload checks for virtualized environments before executing its full behavior.
How the MCP server helps: The three dropped filenames tell the entire story.
ChromeSetup.exeis a legitimate Chrome installer that runs as a decoy. The victim sees Chrome installing and thinks everything is normal. Meanwhile,cloudflared_installer.exesilently installs a Cloudflare tunnel for C2 communication through Cloudflare’s legitimate infrastructure, andadddf.vbeorchestrates the attack.
Overlay Analysis
The AI writes custom Python through run_tool to analyze the overlay structure.
run_tool· python3 overlay analysis · 0.2sOverlay: 26,127,364 bytes. Magic:
GEA\x00(Gentee Executable Archive). 380 embedded MZ signatures.
The overlay is a single proprietary archive containing all the payloads. No standard archive tool can open it.
Emulating the Bootstrap Sequence
For the second analysis session, the AI uses Speakeasy to emulate the dropper’s execution. It first discovers the tool’s flags by calling get_tool_help, learning about -z for dropped files, -o for JSON output, and -q for timeout.
get_tool_help· speakeasy · 0.3sDiscovered CLI flags:
-ttarget,-zdrops directory,-oJSON report,-qtimeout.
run_tool· speakeasy emulation · 11s62 API calls traced. Two-stage bootstrap architecture revealed.
The emulation captured 62 API calls including 13 VirtualAlloc/VirtualFree cycles that represent the LZGE decompression loop. The condensed API trace shows the dropper’s execution flow:
GetModuleFileNameA → self-locate
GetFileSize → 26,221,572 bytes (overlay integrity check)
GetTempPathA → "C:\Windows\temp\"
wsprintfA → "C:\Windows\temp\genteert.dll"
CreateFileA → write new DLL (CREATE_ALWAYS)
WriteFile → MZ header (4d5a9000), confirming a PE is being writtenThe emulation captured the complete first-stage bootstrap: the launcher reads its own file to verify overlay integrity, decompresses genteert.dll using LZGE compression, and writes it to the temp directory. Emulation halted before Stage 2, but the architecture is clear from static analysis: the Gentee runtime DLL loads bytecode from the .gentee section and executes the installer script that extracts the three payloads.
Parsing a Proprietary Archive
When standard decompression methods (zlib, LZMA, deflate, XOR) all fail against the GEA archive, the AI adapts. It fetches the Gentee format documentation from the open-source Gentee website, studies the geacompfile structure, then writes a custom GEA file table parser in Python and runs it through the MCP server.
run_tool· python3 GEA parser · 0.2sParsed 3 file entries from the archive header.
| File | Uncompressed | Compressed | Ratio |
|---|---|---|---|
adddf.vbe | 9,478 B | 6,186 B | 65% |
cloudflared_installer.exe | 21.8 MB | 21.3 MB | 98% |
ChromeSetup.exe | 10.8 MB | 4.8 MB | 45% |
The archive uses solid LZGE compression, a proprietary LZ77+Huffman variant. The parsed file table also reveals CRC values for each entry and compression group flags. cloudflared_installer.exe and ChromeSetup.exe share a single compressed stream (marked with the GEAF_SOLID flag), while adddf.vbe is in its own compression group. Even without extracting the files, the file table provides exact sizes and CRCs for threat intelligence.
How the MCP server helps: When pre-built tools couldn’t parse the proprietary archive format, the AI researched the format specification online, wrote a custom parser, and executed it through the MCP server, all within the same analysis session. This is the kind of adaptive problem-solving that MCP-connected AI enables.
Infection Chain and IOCs
cherome.zip (S3 bucket)
└── cherome.exe (Gentee installer, masquerades as Chrome Setup)
├── ChromeSetup.exe ← legitimate decoy
├── cloudflared_installer.exe ← Cloudflare tunnel C2
└── adddf.vbe ← VBScript orchestrator| Technique | MITRE ATT&CK |
|---|---|
| Masquerading as Chrome | T1036.005 |
| Administrator privilege request | T1548 |
| Tunnel-based C2 via Cloudflare | T1572 |
| VBScript Encoded orchestration | T1059.005 |
Indicators of Compromise:
| Type | Value |
|---|---|
| Delivery URL | hxxps://chvomrec[.]s3[.]ap-southeast-1[.]amazonaws[.]com/cherome[.]zip |
| Domain | chvomrec[.]s3[.]ap-southeast-1[.]amazonaws[.]com |
| cherome.exe SHA256 | 26ddeea6d5171984cd054b33cab67970716611064972b44ed7297703d0848df1 |
| cherome.zip SHA256 | 04c2dc65b7cc14ae1ae203c75bb8bd96e1bda359fc5851a7dcbd4407c984e054 |
| Drop path | c:\temp |
What This Demonstrates
- Automated triage: 16 tools identified the Gentee framework and all dropped filenames
- Dynamic emulation: Speakeasy traced the bootstrap sequence via MCP without running the malware
- Tool discovery: AI used
get_tool_helpto learn Speakeasy flags on the fly - Format reverse engineering: Web research + custom Python parser, all through MCP
- Graceful degradation: When decompression hit a wall, the analysis still extracted file names, sizes, and CRCs from the archive header
Note: Behavioral labels from tools such as YARA and capa are derived from pattern matching and should be treated as indicative rather than definitive. As this walkthrough showed with the AutoIt and UPX misidentifications, cross-referencing with additional sources helps validate findings.
Try It Yourself
Install REMnux to get an analysis environment with the MCP server included. The setup guide explains how to connect an AI assistant. See also the companion piece, Analyzing an Obfuscated AutoIt Info-Stealer, for a demo featuring script deobfuscation and ad-hoc PE reconstruction.
This walkthrough is part of the article Using AI Agents to Analyze Malware on REMnux.