che@tHUB[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

[email protected]
Size

705.1MB
MD5

79c29ca3c617eb82f8582fc71988b8b3
SHA1

8e88dd729c6ccd51a120710066c5e9ae1c710a0d
SHA256

462316c5b36227c7e39116a21bf5da7db9d03ca6bae0295c3c78e660f0e878ad
SHA512

8f90b9f1d3c6816afb017f45b161048a33eb7a8283ce02d20b2398aa810ef66a3a6eccbdf8ae9b3cf605cfead2782f04b2062dc077862f29bf23a27f49123922
SSDEEP

196608:jnkDHLbi4pofZjd2a/ajinOByBFv9ir1I+esq8fx+jK0iEf/J0g0Ul48:jkDi/hSjinO4PwQsDx+/iEfegr48

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
[email protected]

Files

[email protected]
.exe windows:4 windows x86

44815096448dfd22ddf0ba1275ee43f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WriteConsoleW

msvcrt

__setusermatherr
_iob
abort
calloc
fprintf
free
fwrite
signal
strncmp
vfprintf
_CrtSetDumpClient
__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
_adj_fdivr_m16i
_amsg_exit
_cexit
_commode
_fmode
_fpreset
_initterm
_ismbbkalnum_l
_onexit
exit
malloc

compstui

GetCPSUIUserData

cryptui

CryptUIDlgCertMgr
CryptUIDlgViewSignerInfoA
InvokeHelpLink

dwmapi

DwmInvalidateIconicBitmaps

gdi32

D3DKMTGetDisplayModeList
DdEntry45

ieframe

IERegCreateKeyEx
IERegSetValueEx
IERemoveDirectory
IESetProtectedModeCookieEx
SoftwareUpdateMessageBox

mmcndmgr

CreateExecutivePlatform

msftedit

CreateTextServices
IID_ITextServices
MathBuildDown
MathBuildUp
RichEdit10ANSIWndProc
RichEditWndProc

netapi32

DavGetHTTPFromUNCPath
I_NetLogonControl

netshell

NcIsValidConnectionName
StartNCW

ntdll

NtWow64GetCurrentProcessorNumberEx
RtlQueryTagHeap

oleaut32

DllRegisterServer
DllUnregisterServer

propsys

PSPropertyBag_ReadRECTL
PropVariantToFileTimeVector

rasdlg

DwTerminalDlg
RasSrvEnumConnections
RasSrvInitializeService
RouterEntryDlgA

rpcrt4

I_RpcNDRSContextEmergencyCleanup
I_RpcTransDatagramFree

secur32

AcceptSecurityContext
GetUserNameExW
MakeSignature

setupapi

CM_Get_Depth_Ex
pSetupModifyGlobalFlags

shell32

Options_RunDLL
SHCoCreateInstance
SHGetPropertyStoreFromIDList
Shell_GetImageLists

userenv

GetNextFgPolicyRefreshInfo

uxtheme

BufferedPaintInit
DrawThemeParentBackground
GetThemePartSize

ws2_32

WSASetServiceW

wsecedit

InvokeCAPEACLEditor
TranslateAceMasksAndCondition

wtsapi32

WTSOpenServerExA
WTSQueryListenerConfigA

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44815096448dfd22ddf0ba1275ee43f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

compstui

cryptui

dwmapi

gdi32

ieframe

mmcndmgr

msftedit

netapi32

netshell

ntdll

oleaut32

propsys

rasdlg

rpcrt4

secur32

setupapi

shell32

userenv

uxtheme

ws2_32

wsecedit

wtsapi32

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.data Size: 434KB - Virtual size: 433KB

.rdata Size: 2KB - Virtual size: 1KB

.eh_fram Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 224B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 163KB - Virtual size: 163KB

.reloc Size: 1024B - Virtual size: 804B

.text
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 434KB - Virtual size: 433KB

.rdata
Size: 2KB - Virtual size: 1KB

.eh_fram
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 224B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 163KB - Virtual size: 163KB

.reloc
Size: 1024B - Virtual size: 804B