ChilkatDotNet_JC[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ChilkatDotNet_JC.dll
Size

2.3MB
MD5

627f8d5e2f13250297736da989024cf4
SHA1

d3ee2bb095a8a5587be8dc57f8a1ed0c60dcecf0
SHA256

273eefd597ebd5e8e9784245eea3a5a3af814a02319867cbf1b2967ee747c5c3
SHA512

a2aa4edfe293a0cdf9295dda65b9ff029f2f0b0b63956e7f68c60830ba3ea8589012173948095b3c9018c461f7d9c7a2b1250e8eb1c68a7560353d1325daa79f
SSDEEP

49152:fFgYhJKQbpx65rMSTOtMbrWrfhQ49pRb:fCYaQbvY4Q6fx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ChilkatDotNet_JC.dll

Files

ChilkatDotNet_JC.dll
.dll windows x86

439ee2a26c1b8bab3c9416c7ba59ba8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertSaveStore
CertDeleteCertificateFromStore
CertGetSubjectCertificateFromStore
CertAddCertificateContextToStore
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToDecode
CertAddEncodedCertificateToStore
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateStore
CertNameToStrA
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCreateCertificateContext
CertGetCertificateContextProperty
CryptDecodeObject
CryptVerifyMessageSignature
CryptEncodeObject
CryptEncryptMessage
CryptDecryptMessage
CryptDecodeMessage
CryptVerifyDetachedMessageSignature
CryptMsgClose
CryptSignMessage

wininet

InternetReadFile
HttpOpenRequestA
InternetSetOptionA
InternetCloseHandle
InternetQueryOptionA
HttpSendRequestA
InternetOpenA
InternetCrackUrlA
HttpQueryInfoA
FtpOpenFileA
InternetConnectA
InternetWriteFile
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
FtpRenameFileA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpFindFirstFileA
InternetFindNextFileA
InternetGetLastResponseInfoA

ws2_32

inet_addr
gethostbyname
WSAStartup
htons
gethostname
WSAGetLastError
socket
recv
connect
ioctlsocket
closesocket
select
send
listen
accept
WSAEnumProtocolsA
bind

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

kernel32

IsBadCodePtr
SetUnhandledExceptionFilter
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleHandleA
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
FileTimeToDosDateTime
SystemTimeToFileTime
GetLocalTime
CloseHandle
WriteFile
GetACP
SetFileAttributesA
CreateFileW
SetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetCurrentDirectoryA
CopyFileA
GetFileAttributesA
DeleteFileA
GetLastError
CompareFileTime
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
GetComputerNameA
GetTickCount
Sleep
ReadFile
GetFileSize
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedDecrement
GetTempPathA
MoveFileA
GetTempFileNameA
GetFullPathNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
CreateDirectoryA
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
GetModuleFileNameA
UnmapViewOfFile
GetFileTime
FindClose
RemoveDirectoryA
FindNextFileA
FindFirstFileA
InterlockedIncrement
LocalFree
FormatMessageA
CreateDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
GetProcAddress
LoadLibraryA
FreeLibrary
GetOEMCP
GetCPInfo
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
HeapCreate
HeapDestroy
ExitProcess
TlsAlloc
TlsGetValue
SetLastError
TlsFree
RaiseException
GetVersionExA
GetCommandLineA
TlsSetValue
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
lstrlenA

advapi32

ReportEventA
RegisterEventSourceA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
RegSetValueExA
RegQueryValueExA
CryptReleaseContext
CryptGetProvParam
CryptAcquireContextA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
DeregisterEventSource

ole32

OleRun
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoInitialize
CoInitializeEx
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoUninitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreateVector
VariantInit
SysStringLen
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString
GetErrorInfo

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439ee2a26c1b8bab3c9416c7ba59ba8f

Headers

File Characteristics

Imports

crypt32

wininet

ws2_32

rpcrt4

kernel32

advapi32

ole32

oleaut32

mscoree

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 284KB - Virtual size: 281KB

.data Size: 512KB - Virtual size: 680KB

.reloc Size: 72KB - Virtual size: 70KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 284KB - Virtual size: 281KB

.data
Size: 512KB - Virtual size: 680KB

.reloc
Size: 72KB - Virtual size: 70KB