Cheto[.]5[.]10[.]2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Cheto.5.10.2.zip
Size

1.1MB
MD5

efa709d98fe3e570f7bdf43bda1716c2
SHA1

e04eebb3f7502122cf25fd1a565dbfdaf1f8adb7
SHA256

d21e497395d55646d4ef8f1f308027a727681f2f70d2e897afc6112cdc467f40
SHA512

e46a419e3f6b753784b6a5c4751e41c26f70340a378cbfb4817949cda91338f0b43711591934c351f65e8352330d361fac768bb457d262573f34060b37d70be1
SSDEEP

24576:BpIMUuvWwliEywVd/M9RMs7cokNrfsNGtK8W9gUu7WD88op:cMUiWwlbUMGLcsXFQKop

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MASTER 8BP.exe

Files

Cheto.5.10.2.zip
.zip
MASTER 8BP.exe
.exe windows x86

ab112d0cc5969ab45ef7e32379cb53d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
ReleaseMutex
CreateMutexA
Sleep
OpenMutexA
AllocConsole
CloseHandle
OpenProcess
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount64
LocalFree
FormatMessageA
MultiByteToWideChar
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateThread
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
GlobalFree
GlobalAlloc
WideCharToMultiByte
GlobalLock
GlobalUnlock
IsProcessorFeaturePresent

user32

SetProcessDPIAware
ShowWindow
TranslateMessage
DispatchMessageA
SetWindowPos
MessageBoxA
SendMessageA
LoadIconA
UpdateWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetWindowInfo
GetWindowThreadProcessId
RegisterClassA
EnumWindows
SetLayeredWindowAttributes
IsIconic
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
TrackMouseEvent
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
FindWindowExA
FindWindowA
GetWindowRect
GetSystemMetrics
KillTimer
SetTimer
IsWindow
DefWindowProcA
PeekMessageA

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

shell32

ShellExecuteA

msvcp140

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Random_device@std@@YAIXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

imm32

ImmReleaseContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea
DwmGetColorizationColor

d3d9

Direct3DCreate9

vcruntime140

_except_handler4_common
memset
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
__current_exception_context
strstr
memchr
__std_type_info_destroy_list
__current_exception

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
exit
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_errno
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_wassert
_beginthreadex
_controlfp_s

api-ms-win-crt-math-l1-1-0

_libm_sse2_acos_precise
_libm_sse2_sin_precise
ceil
_libm_sse2_sqrt_precise
_CIatan2
_libm_sse2_log_precise
_libm_sse2_pow_precise
__setusermatherr
_CIfmod
_except1
_dsign
_dclass
_libm_sse2_cos_precise
_libm_sse2_atan_precise
floor
_ldsign
_fdsign
_fdclass
_ldclass
roundf

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
calloc

api-ms-win-crt-convert-l1-1-0

strtoll
strtod
strtoull
atof

api-ms-win-crt-stdio-l1-1-0

fread
__p__commode
_set_fmode
__stdio_common_vfprintf
ungetc
__stdio_common_vsprintf
fsetpos
_fseeki64
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fwrite
fputc
__stdio_common_vsscanf
ftell
fseek
_wfopen
__acrt_iob_func
setvbuf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strncmp
toupper
strncpy

api-ms-win-crt-utility-l1-1-0

srand
qsort

api-ms-win-crt-time-l1-1-0

_time64
clock

d2d1

ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab112d0cc5969ab45ef7e32379cb53d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcp140

imm32

dwmapi

d3d9

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

d2d1

dwrite

Sections

.text Size: 685KB - Virtual size: 684KB

.rdata Size: 264KB - Virtual size: 263KB

.data Size: 1.1MB - Virtual size: 1.2MB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 685KB - Virtual size: 684KB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 1.1MB - Virtual size: 1.2MB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 31KB - Virtual size: 31KB