chilkat[.]node

Sharing

Copy URL Twitter E-mail

General

Target

chilkat.node
Size

9.6MB
MD5

67cd0a71321d491841f1317fafa90878
SHA1

e9f5698512a3b11e6d690057467fc28c1f1e87db
SHA256

7acb94aaf35ca0721df099ad969ccadb01f72ef7ec45234a5ae10f94fd44a8b9
SHA512

ecc70e7659d4f3a2ec080bffb9da78c70a4730a2b7379d29aec3f61aecd70ff53b7abdf2a54f3e900fc011cd98eceac4b393291ef12a414e16941a6b595f25cc
SSDEEP

196608:6Aay4pqXepyELvPtnMMBNwGu/yd+pXrdfp:DWpqEy4h3NPa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chilkat.node

Files

chilkat.node
.dll windows x86

2d3a857f71e2e20cd9e2d1cbf1444aa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
GetTempPathW
GetModuleFileNameW
GetTempPathA
CopyFileW
MoveFileW
MoveFileExW
QueryPerformanceCounter
GetFileSize
GetFileTime
ReadFile
SetEndOfFile
SetFileTime
WriteFile
GetCurrentThreadId
SetLastError
LoadLibraryA
GetComputerNameA
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
LocalFileTimeToFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
IsBadReadPtr
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetOEMCP
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitProcess
OutputDebugStringW
HeapFree
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetFileSizeEx
CompareStringW
LCMapStringW
HeapAlloc
GetCPInfo
HeapReAlloc
SetStdHandle
FlushFileBuffers
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
HeapSize
DecodePointer
GetACP
GetComputerNameW
FormatMessageA
GetModuleFileNameA
GetTickCount
GetSystemTimeAsFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetVersionExA
GetLastError
CreateThread
CloseHandle
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetSystemTime
CompareFileTime
VirtualQuery
GetCurrentProcessId
GetModuleHandleA
VirtualProtect
GetSystemInfo
LoadLibraryExA

advapi32

CryptGenRandom
CryptHashData
CryptImportKey
CryptExportKey
CryptDeriveKey
RegQueryValueExA
RegCloseKey
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptSetHashParam
CryptAcquireContextW
CryptEnumProvidersA
CryptGetKeyParam
CryptGetUserKey
CryptDestroyKey
CryptAcquireContextA
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
GetUserNameA
CryptGetProvParam
CryptReleaseContext

ws2_32

connect
ioctlsocket
getpeername
getsockname
getsockopt
htons
inet_addr
inet_ntoa
listen
ntohs
closesocket
select
send
sendto
setsockopt
shutdown
socket
gethostbyname
gethostname
WSAStartup
WSAGetLastError
WSAIoctl
recv
accept
__WSAFDIsSet
bind

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d3a857f71e2e20cd9e2d1cbf1444aa1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 252KB - Virtual size: 268KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 367KB - Virtual size: 367KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 252KB - Virtual size: 268KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 367KB - Virtual size: 367KB