3936c79ba81e89157a46181f04dd6d4ccca64f98343b14171aebdd6b749cb9e1

Sharing

Copy URL Twitter E-mail

General

Target

3936c79ba81e89157a46181f04dd6d4ccca64f98343b14171aebdd6b749cb9e1
Size

1.0MB
MD5

96e5e870af18eb528748489e6cd87e00
SHA1

495313ad6cc13101af2c72aa57d0992708fc60cf
SHA256

3936c79ba81e89157a46181f04dd6d4ccca64f98343b14171aebdd6b749cb9e1
SHA512

ca006936338effe9f283f7b5b87b9b15e537ff39f300eb202d3a8712edef499c581810a4b21178e0efaa5b177d835c7d4f291b032c83fa0a374a826446842331
SSDEEP

24576:VTgul6FCa6yC6pe1Kl8YsaXXQtKno01Mm:WS6FlC6pe1Klp1nQknr

Score

N/A

Malware Config

Signatures

Files

3936c79ba81e89157a46181f04dd6d4ccca64f98343b14171aebdd6b749cb9e1
.exe windows x86

165a5a05a9b1adb4baeab22ad4eece40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

chrome_elf

CreateFileW
SignalChromeElf

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

shlwapi

PathRemoveFileSpecW

kernel32

WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
InterlockedCompareExchange
LoadResource
LockResource
SizeofResource
FindResourceW
ReadFile
SetFilePointer
CloseHandle
GetSystemInfo
VirtualAlloc
VirtualFree
LocalFree
CreateMutexW
CreateProcessW
FormatMessageA
WriteFile
SetLastError
ReleaseMutex
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
QueryPerformanceFrequency
GetEnvironmentVariableW
SetEnvironmentVariableW
GetUserDefaultLangID
lstrlenW
IsDebuggerPresent
CreateEventW
ExpandEnvironmentStringsW
GetNativeSystemInfo
GetVersionExW
GetProcessTimes
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
GetLongPathNameW
CreateFileMappingW
QueryDosDeviceW
SetEndOfFile
SetFilePointerEx
DeleteCriticalSection
SetInformationJobObject
GetCurrentProcess
SetHandleInformation
AssignProcessToJobObject
GetStdHandle
ResumeThread
GetLocaleInfoW
GetUserDefaultUILanguage
Sleep
GetCurrentThreadId
GetSystemDirectoryW
GetWindowsDirectoryW
OpenProcess
GetProcessId
HeapSetInformation
InterlockedExchange
TerminateProcess
GetModuleHandleExW
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
UnregisterWaitEx
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
ResetEvent
WaitForMultipleObjects
WaitNamedPipeW
VirtualProtect
VirtualAllocEx
VirtualFreeEx
FormatMessageW
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
InitializeCriticalSection
TerminateJobObject
GetThreadContext
LoadLibraryW
GetFileType
InterlockedIncrement
InterlockedDecrement
GetProcessHandleCount
SignalObjectAndWait
CreateJobObjectW
CreateNamedPipeW
SearchPathW
ProcessIdToSessionId
ReadProcessMemory
SuspendThread
DebugBreak
GetComputerNameExW
DuplicateHandle
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DecodePointer
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
SetCurrentDirectoryW
GetCommandLineW
SetEnvironmentVariableA
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
ReadConsoleW
OutputDebugStringW
GetDriveTypeW
RtlCaptureContext
ReleaseSemaphore
GetModuleHandleA
FreeLibrary
GetTickCount
GetCurrentProcessId
CreateThread
InterlockedExchangeAdd
SetNamedPipeHandleState
TransactNamedPipe
FlushFileBuffers
CreateRemoteThread
IsValidLocale
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetFullPathNameW
GetConsoleMode
GetConsoleCP
ExitProcess
IsProcessorFeaturePresent
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA

advapi32

SetEntriesInAclW
LookupPrivilegeValueW
EqualSid
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
CreateWellKnownSid
CopySid
GetSecurityInfo
SetSecurityInfo
SetTokenInformation
GetLengthSid
SetThreadToken
ConvertStringSidToSidW
RegDisablePredefinedCache
RevertToSelf
SystemFunction036
CreateProcessAsUserW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegSetValueExA
GetUserNameW

user32

CloseDesktop
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
CloseWindowStation
FindWindowExW
wsprintfW
MessageBoxW
CharUpperW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
SendMessageTimeoutW
GetAsyncKeyState

userenv

GetProfileType

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
SetCrashKeyValueImpl

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 252KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

165a5a05a9b1adb4baeab22ad4eece40

Headers

DLL Characteristics

File Characteristics

Imports

chrome_elf

version

winmm

shlwapi

kernel32

advapi32

user32

userenv

wtsapi32

Exports

Exports

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 7KB - Virtual size: 22KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 213KB - Virtual size: 213KB

.reloc Size: 252KB - Virtual size: 412KB

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 7KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 213KB - Virtual size: 213KB

.reloc
Size: 252KB - Virtual size: 412KB