chglogon[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

chglogon.exe
Size

21KB
MD5

043cc77ed997f7e4bd153030a18304dc
SHA1

a2f0f37ca9072e048c8ce9fe8e9f09f37c5e1ec4
SHA256

c91f6b286b59ae125bc039512ff9801354c10e74dca9cd803067d2cd1441592f
SHA512

62188ca77c4220b4c5cbfc3e6524463a592c20182eac3898976255e407c3d2fa3eab60a658dc3f22c2a1c87fca9a96011ac118fe9caded7ef04b9eb8bcd3660a
SSDEEP

384:BHKiqXNzrO3TVneuEvz5+Yc1K8OSGHnhNAmd2P45HCMHtC4qCW9EW:Bq7FrOj9edg91K8E0rAEjp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chglogon.exe

Files

chglogon.exe
.exe windows x64

39cdc867b4449192c880f526495b2b10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

LoadStringW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
RtlVirtualUnwind

kernel32

GetConsoleOutputCP
SetThreadUILanguage
RegOpenKeyExW
LocalAlloc
RegSetValueExW
GetVersionExW
RegCreateKeyExW
HeapSetInformation
LocalFree
RegCloseKey
SetLastError
GetStdHandle
MultiByteToWideChar
FormatMessageW
GetLastError
GetCurrentThreadId
LoadLibraryW
WriteConsoleW
GetModuleHandleW
FreeLibrary
GetFileType
GetCommandLineW
VerifyVersionInfoW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
RegQueryValueExW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTickCount
GetCurrentProcess
Sleep
UnhandledExceptionFilter

regapi

RegGetMachinePolicyNew

msvcrt

wcscpy_s
wcscat_s
vswprintf_s
wcschr
free
vfwprintf
fwprintf
malloc
wcstol
wcstoul
_wcsnicmp
_wcsdup
_wsetlocale
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
swprintf_s
_wtoi
setlocale
__iob_func
memmove
_ultoa
_wcslwr
memset

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39cdc867b4449192c880f526495b2b10

Headers

DLL Characteristics

File Characteristics

Imports

user32

ntdll

kernel32

regapi

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 512B - Virtual size: 504B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 512B - Virtual size: 504B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 68B