ChICON[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ChICON.exe
Size

45KB
MD5

d177a93bd5c1ef34a8622c53a701080c
SHA1

97ca561b00ccee240487dc943fecab61a5c1a934
SHA256

0a576530ffa07e03360dac10e58c56e36dc0a597c096b17227f3a6dd57be9355
SHA512

ed3603891d96018d90c67259f3d29dc0261ab063b0f9a89a3f058092bf99f9ffcd7fb6110ec3fbe773f82ab16d4c9ae93009ce698e78d95dea6d7d6a51ba359d
SSDEEP

768:NamgNHaJws7If1bDaYKKpfFa715FhJhWbioWjl1SpDZj1KJHcbT/IoZ2wf1:NzgNH2w/NDFNFMbiioWjlO11PEo8wd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Device/HarddiskVolume10/E Drive/Old F Drive/zz e/SHANAVAS BACKUP/ps/book/Learn To Speak English v9.0 Deluxe 4CD's/INSTALL/ICONS/ChICON.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume10/E Drive/Old F Drive/zz e/SHANAVAS BACKUP/ps/book/Learn To Speak English v9.0 Deluxe 4CD's/INSTALL/ICONS/ChICON.exe

Files

ChICON.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume10/E Drive/Old F Drive/zz e/SHANAVAS BACKUP/ps/book/Learn To Speak English v9.0 Deluxe 4CD's/INSTALL/ICONS/ChICON.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX3
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json