ChanChan Proxy[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ChanChan Proxy.exe
Size

6.1MB
MD5

f9f9e04113130c9fe21519fe88e88f7c
SHA1

c510306a53908a833d7259f07b7a21d12476e31a
SHA256

d77c4e172ec9da97a63f3b662849628fc76aa8cc7de767d355f9b844c39b7649
SHA512

9a00228a5e7474ef472656a575b019adebdeea278298ba365206d681c86a2316df9758c574ff5d79050e4ed3fdbe2513555562337c8abf339b288edc0dd3b818
SSDEEP

49152:uNz0UGRjE50TTm71zzOVBQwCPweFypG2cO+gv8jD25l19mdL3XaK1I/4FPSBb1Vi:u3pLygEZP7ekBWiFW

Score

N/A

Malware Config

Signatures

Files

ChanChan Proxy.exe
.exe windows x64

11f0af6bb33312a9c42915c733cf6b18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtDeviceIoControlFile
NtCancelIoFileEx
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

kernel32

lstrlenW
SetConsoleScreenBufferSize
CreateFileW
GetLargestConsoleWindowSize
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentThreadId
GetCurrentProcessId
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
SetConsoleMode
SetConsoleCursorPosition
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
Sleep
TryAcquireSRWLockExclusive
HeapReAlloc
GetFileInformationByHandleEx
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetLastError
WriteFile
HeapAlloc
GetConsoleMode
GetProcessHeap
InitializeCriticalSection
GetStdHandle
CloseHandle
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
CompareStringOrdinal
SetFilePointerEx
GetTimeZoneInformation
SwitchToThread
AcquireSRWLockExclusive
CreateEventW
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentProcess
GetCurrentThread
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetFileInformationByHandle
DeviceIoControl
CreateDirectoryW
DeleteFileW
MoveFileExW
GetFinalPathNameByHandleW
CopyFileExW
SetHandleInformation
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CancelIo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
CreateNamedPipeW
DuplicateHandle
CreateThread
TlsGetValue
TlsSetValue
QueryPerformanceFrequency
WriteConsoleW
ReadConsoleW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
ReleaseSRWLockExclusive
FileTimeToSystemTime
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetConsoleTitleW
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
TryEnterCriticalSection

crypt32

CertOpenStore
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
CertCloseStore
CertDuplicateStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy

secur32

DeleteSecurityContext
ApplyControlToken
QueryContextAttributesW
AcquireCredentialsHandleA
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
FreeCredentialsHandle
EncryptMessage

ws2_32

bind
socket
getsockopt
WSAGetLastError
WSASocketW
WSAIoctl
connect
recv
send
WSASend
shutdown
WSAStartup
WSACleanup
closesocket
freeaddrinfo
accept
getaddrinfo
getpeername
ioctlsocket
getsockname
setsockopt
listen

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

user32

MessageBoxW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

pdh

PdhCloseQuery
PdhOpenQueryA
PdhAddEnglishCounterA
PdhCollectQueryData
PdhGetFormattedCounterArrayA

vcruntime140

__C_specific_handler
__CxxFrameHandler3
memcpy
memset
memmove
memcmp
__current_exception_context
_CxxThrowException
__current_exception

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_initial_narrow_environment
_seh_filter_exe
_initterm_e
exit
_exit
__p___argc
__p___argv
_set_app_type
terminate
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11f0af6bb33312a9c42915c733cf6b18

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

bcrypt

kernel32

crypt32

secur32

ws2_32

shell32

ole32

user32

advapi32

pdh

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 10KB - Virtual size: 10KB

.pdata Size: 149KB - Virtual size: 148KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 10KB - Virtual size: 10KB

.pdata
Size: 149KB - Virtual size: 148KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 48KB - Virtual size: 47KB