chglogon[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

chglogon.exe
Size

40KB
MD5

eb60a6a2ebe2a827585474244bda5c3d
SHA1

5eed486949bb70d2961fa604c79cbe4f8cf4d02c
SHA256

f08b274b88cca456e57c5fc26bc349f123a9123dac73aae49385e6e47c6daabf
SHA512

c3e130d6544a5a0d740e013f6982bf4447c51a9da636cf90c2b2f626602c989c40c280dee807fea6f5ca2410bff88bcc49bd975021da9677a1bb1715a0f00625
SSDEEP

384:64h+KNg4Tqqq0tduYy6l1xZ5FIe1rvgIgHSu8VH5S6x7yWyEW:5h+9qq0M6lxzDYIg4537O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chglogon.exe

Files

chglogon.exe
.exe windows:10 windows x64 arch:x64

39cdc867b4449192c880f526495b2b10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

LoadStringW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
RtlVirtualUnwind

kernel32

GetConsoleOutputCP
SetThreadUILanguage
RegOpenKeyExW
LocalAlloc
RegSetValueExW
GetVersionExW
RegCreateKeyExW
HeapSetInformation
LocalFree
RegCloseKey
SetLastError
GetStdHandle
MultiByteToWideChar
FormatMessageW
GetLastError
GetCurrentThreadId
LoadLibraryW
WriteConsoleW
GetModuleHandleW
FreeLibrary
GetFileType
GetCommandLineW
VerifyVersionInfoW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
RegQueryValueExW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTickCount
GetCurrentProcess
Sleep
UnhandledExceptionFilter

regapi

RegGetMachinePolicyNew

msvcrt

wcscpy_s
wcscat_s
vswprintf_s
wcschr
free
vfwprintf
fwprintf
malloc
wcstol
wcstoul
_wcsnicmp
_wcsdup
_wsetlocale
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
swprintf_s
_wtoi
setlocale
__iob_func
memmove
_ultoa
_wcslwr
memset

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39cdc867b4449192c880f526495b2b10

Headers

DLL Characteristics

File Characteristics

Imports

user32

ntdll

kernel32

regapi

msvcrt

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 528B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 84B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 528B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 84B