CheezeHub (1)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CheezeHub (1).exe
Size

557KB
MD5

cadd7e914e40c2b4df5c4a8bf80b29da
SHA1

45ef92cd2bb1676a7ccf35d61251ed55050cef00
SHA256

43c3ef912983b2fd7cb94f153b9a4b14ac893e0ac479012ecabea9d2363fb1bf
SHA512

eacfa6fbed13921f74fd7984ec44777c2a29492c6faffaa5a105dbe9aca592d6e48a26a6bb0c32063542a2cf29d965e4965236546496625a8e7b63345f27077c
SSDEEP

12288:q3ayELxxKx/eVYMr6RwaWvIhYErftePyz3Gh:q3zsximVYM/aoE5LzA

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CheezeHub (1).exe

Files

CheezeHub (1).exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

\,&=;
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

X5905156
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ