Chess[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Chess.exe
Size

2.7MB
MD5

9dcbaabc84523b3fca1dfe2c8bb39571
SHA1

0cb28776b91b4af4ff067ecba4898922168b69d4
SHA256

e8b2de9aeffe5c3e0ba5f0aaeff61915f241fde428a04675ef262e129c5e518e
SHA512

61a97766614cb711685d4db68050cd75b307084be1a75a221dd65fb3785e3f315d08cb33eebfdd940426ed56fd210fb2b941df77e351e7d1069cf29eabadc04d
SSDEEP

49152:4ypKlzcau8VZqbgRe1xm7agFKvc4clwYF:4yAlzs8RwcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Chess.exe

Files

Chess.exe
.exe windows:6 windows x86

48d11bb5a5cab5ce1ad99ecf66cedb40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameW

kernel32

FindResourceW
LocalFree
CreateDirectoryW
OutputDebugStringW
MoveFileW
LoadResource
SizeofResource
LockResource
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
GetLocaleInfoW
CompareStringA
GetProcessHeap
HeapAlloc
HeapFree
GlobalAlloc
GlobalFree
ExitProcess
GetModuleHandleW
InterlockedCompareExchange
InterlockedExchange
lstrlenW
FreeLibrary
GetStartupInfoA
GetCommandLineW
GetModuleHandleA
LoadLibraryA
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
DebugBreak
OutputDebugStringA
WideCharToMultiByte
GetSystemInfo
IsProcessorFeaturePresent
WriteFile
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
UnmapViewOfFile
FindResourceA
VirtualFree
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
RegisterApplicationRestart
GetCurrentThreadId
MulDiv
DeleteFileA
ReadFile
GetTempFileNameA
GetTempPathA
FreeResource
SetFilePointer
GetFullPathNameA
GlobalMemoryStatus
SetEndOfFile
lstrcmpiA
LoadLibraryExW
EnumResourceNamesW
EnumResourceTypesW
ExpandEnvironmentStringsW
FormatMessageW
LocalAlloc
GetThreadLocale
FindResourceExW
CreateThread
GetTickCount64
WriteConsoleW
GetFileType
GetStdHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
GetSystemDirectoryW
LoadLibraryW
MultiByteToWideChar
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
SetEvent
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
GetVersionExA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSetInformation
CreateMutexW
GetTickCount
GetLastError
DeleteFileW
CreateFileW
SetUnhandledExceptionFilter
CloseHandle
GetModuleFileNameW

gdi32

CreateRoundRectRgn
GetTextColor
MoveToEx
ExtTextOutA
SetMapMode
SetTextAlign
CreateFontIndirectA
GetFontLanguageInfo
GetBkColor
SetBkMode
GetCharacterPlacementW
GetCharacterPlacementA
DeleteDC
CreateDIBSection
GetGlyphOutlineA
GetTextMetricsA
GetObjectA
Rectangle
GetTextMetricsW
CreatePen
GetObjectW
GetStockObject
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
SetTextColor
SetBkColor
ExtTextOutW
CreateCompatibleDC
CreateBitmap
BitBlt
ExcludeClipRect
DeleteObject
CreateSolidBrush

user32

DestroyAcceleratorTable
SetWindowLongW
SetWindowTextW
DialogBoxParamW
GetCursorInfo
RegisterClassW
CreateWindowExW
DestroyMenu
GetWindowTextW
GetDoubleClickTime
GetProcessDefaultLayout
GetSysColorBrush
DrawTextW
LoadIconW
GetIconInfo
CreateDialogIndirectParamW
CreateDialogParamW
GetNextDlgTabItem
IsDialogMessageW
SetWindowRgn
EnumChildWindows
IsWindowEnabled
DrawEdge
BeginPaint
EndPaint
CallWindowProcW
EndDialog
GetDlgCtrlID
SetFocus
GetNextDlgGroupItem
GetClassNameW
GetWindow
GetForegroundWindow
GetParent
SendInput
MessageBoxW
GetKeyboardLayoutList
UnregisterClassW
InvalidateRect
PostQuitMessage
GetClassLongW
GetMessageExtraInfo
PostMessageW
KillTimer
DefWindowProcW
GetWindowLongW
IsWindowVisible
SetRectEmpty
AdjustWindowRect
MonitorFromRect
UnionRect
EqualRect
SetTimer
FindWindowW
ShowWindow
BringWindowToTop
SetForegroundWindow
LoadMenuW
RemoveMenu
SetWindowsHookExW
GetKeyState
MonitorFromWindow
GetWindowPlacement
SetWindowPlacement
UpdateWindow
RegisterRawInputDevices
SetWindowPos
LoadAcceleratorsW
UnhookWindowsHookEx
EnumDisplayMonitors
GetMonitorInfoW
GetDC
SystemParametersInfoW
GetFocus
GetKeyboardLayout
ReleaseDC
LoadCursorW
SetCursor
LoadStringW
CheckMenuItem
GetSysColor
DrawFrameControl
TranslateAcceleratorW
OffsetRect
PtInRect
SetCapture
DestroyWindow
RegisterWindowMessageW
GetRawInputData
GetCursorPos
SetRect
CheckRadioButton
SetDlgItemTextW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
EnableWindow
CallNextHookEx
SetCursorPos
MapWindowPoints
ShowCursor
TrackPopupMenu
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuInfo
GetWindowRect
IsZoomed
IsIconic
NotifyWinEvent
GetMenu
EnableMenuItem
GetSubMenu
GetSystemMetrics
SendMessageW
GetClientRect
ClientToScreen
ReleaseCapture

msvcrt

??0exception@@QAE@XZ
frexp
wcstombs_s
fgetwc
fread
fseek
ftell
mbtowc
_wfopen_s
fwrite
fclose
fputwc
fgetc
strchr
strncmp
strcat_s
wcsstr
wcstoul
towlower
_ftol2
memmove
_CIpow
qsort
_stricmp
_wcsnicmp
wcstod
time
swprintf_s
wcscat_s
srand
rand
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
wcsrchr
wcschr
_CxxThrowException
_CItan
_CIsin
?what@exception@@UBEPBDXZ
_wtoi
mbstowcs_s
realloc
_purecall
_vsnprintf
??1exception@@UAE@XZ
_CIatan2
_CIsqrt
_finite
_clearfp
_strdup
setlocale
sscanf
_CIlog
_CIasin
_CIatan
iswpunct
iswdigit
iswalpha
iswspace
ceil
wcstombs
atof
tolower
isdigit
isalnum
isalpha
isxdigit
atoi
_fpclass
_isnan
_CItanh
_CIsinh
_CIfmod
_CIexp
_CIcosh
_ultoa
isspace
atol
toupper
wcsncpy_s
_vsnwprintf_s
_vscwprintf
_errno
_wcsdup
_beginthreadex
wcsspn
wcscspn
memmove_s
wcsncmp
wcstol
_snwprintf_s
??0exception@@QAE@ABV0@@Z
_callnewh
wcscpy_s
_wcsicmp
free
malloc
floor
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_controlfp
memcpy
sscanf_s
_ftol2_sse
memset
_CIcos
_CIacos
__CxxFrameHandler3

oleaut32

VariantInit
VariantClear
SysStringLen
SysFreeString
SysAllocString

ntdll

WinSqmAddToStream
WinSqmIncrementDWORD

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal

shell32

ShellAboutW
SHGetFolderPathEx
CommandLineToArgvW
SHSetLocalizedName
SHGetKnownFolderPath
ExtractIconW
ShellExecuteW
SHGetFolderPathW

comctl32

ImageList_Add
ImageList_Destroy
InitCommonControlsEx
ImageList_Create

gdiplus

GdipDrawImageRectRectI
GdipMeasureString
GdipCloneImage
GdipCloneBrush
GdipCreateFont
GdipDrawImageRectI
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipCreateBitmapFromResource
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipFillRegion
GdipFillRectangleI
GdipDrawRectangleI
GdipCreateHBITMAPFromBitmap
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangle
GdipDrawLineI
GdipReleaseDC
GdipGetDC
GdipGetImageGraphicsContext
GdipSetStringFormatHotkeyPrefix
GdipSetPenDashStyle
GdipCreateLineBrushFromRectI
GdipSetImageAttributesWrapMode
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteRegion
GdipDeletePen
GdipCreatePen1
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetClipRectI
GdipSetClipRegion
GdipCreateRegionHrgn
GdipDrawImagePointRectI

dsound

ord11

winmm

mmioClose
mmioOpenW
mmioCreateChunk
mmioWrite
mmioDescend
mmioRead
mmioAscend
mmioAdvance
timeGetTime
mmioSetInfo
mmioGetInfo
mmioSeek

oleacc

LresultFromObject
CreateStdAccessibleObject

slc

SLGetWindowsInformationDWORD

dinput8

DirectInput8Create

usp10

ScriptBreak
ScriptItemize

shlwapi

PathFileExistsW

secur32

GetUserNameExW

xinput9_1_0

XInputGetState

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d11bb5a5cab5ce1ad99ecf66cedb40

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

ntdll

ole32

shell32

comctl32

gdiplus

dsound

winmm

oleacc

slc

dinput8

usp10

shlwapi

secur32

xinput9_1_0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 39KB - Virtual size: 96KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 87KB - Virtual size: 86KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 39KB - Virtual size: 96KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 87KB - Virtual size: 86KB