ch3tHUB[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ch3tHUB.exe
Size

701.3MB
MD5

98f10ea3eef3613ad47429ef11f05044
SHA1

b4ff816982a1e79b1c5155ad619193e170bbbefb
SHA256

20b14d128adcff0a610a1fba1bc86f101ae2ced05f093df4773bf7fba03f1238
SHA512

2379835583f3cf29ccacb22d8976b97a481d9568f9fc57c5f3d7b682c366a0dbd87b518d2934c21d9ca12a6b18be5ab5d692ea0d79a2126c9a59679ac59cb9f8
SSDEEP

24576:4bFq/S6iHkUfkw1d5cNOLmPJ298zkXwiz:AFq/S1kUfkwQ298Udz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ch3tHUB.exe

Files

ch3tHUB.exe
.exe windows:4 windows x86 arch:x86

7aabeda7364a497805b90b74ff06f432

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
WriteConsoleW

comctl32

CreateMRUListW

compstui

CommonPropertySheetUIA
SetCPSUIUserData

crypt32

CryptRegisterOIDFunction

gdi32

SetDCBrushColor

netshell

DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
NcIsValidConnectionName

ntdll

RtlCompareString

propsys

VariantToBooleanArrayAlloc
VariantToInt16WithDefault

rpcrt4

NdrTypeFree

userenv

GetUserProfileDirectoryW

version

VerFindFileW

ws2_32

WSALookupServiceNextA

cr

xIPcebbgjdLubXkx

Sections

.text
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mKnhuX
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FMhbRPW
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.C
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KDPqLo
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rbdal
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jwlbLhf
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.krhwuSC
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AHZBS
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rRSJ
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PwxrbLh
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Pvr
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VPpM
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JGpSH
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.luRYnI
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.F
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bsNAF
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TFiRr
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vhWjeW
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QycCbY
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7aabeda7364a497805b90b74ff06f432

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

compstui

crypt32

gdi32

netshell

ntdll

propsys

rpcrt4

userenv

version

ws2_32

cr

Sections

.text Size: 680KB - Virtual size: 680KB

.mKnhuX Size: 32KB - Virtual size: 32KB

.FMhbRPW Size: 32KB - Virtual size: 32KB

.C Size: 32KB - Virtual size: 32KB

.KDPqLo Size: 32KB - Virtual size: 32KB

.rbdal Size: 32KB - Virtual size: 32KB

.kc Size: 32KB - Virtual size: 32KB

.jwlbLhf Size: 32KB - Virtual size: 32KB

.krhwuSC Size: 32KB - Virtual size: 32KB

.AHZBS Size: 32KB - Virtual size: 32KB

.rRSJ Size: 32KB - Virtual size: 32KB

.PwxrbLh Size: 32KB - Virtual size: 32KB

.Pvr Size: 32KB - Virtual size: 32KB

.VPpM Size: 32KB - Virtual size: 32KB

.JGpSH Size: 32KB - Virtual size: 32KB

.luRYnI Size: 32KB - Virtual size: 32KB

.F Size: 32KB - Virtual size: 32KB

.bsNAF Size: 32KB - Virtual size: 32KB

.TFiRr Size: 32KB - Virtual size: 32KB

.vhWjeW Size: 32KB - Virtual size: 32KB

.QycCbY Size: 32KB - Virtual size: 32KB

.eh_fram Size: 512B - Virtual size: 56B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 680KB - Virtual size: 680KB

.mKnhuX
Size: 32KB - Virtual size: 32KB

.FMhbRPW
Size: 32KB - Virtual size: 32KB

.C
Size: 32KB - Virtual size: 32KB

.KDPqLo
Size: 32KB - Virtual size: 32KB

.rbdal
Size: 32KB - Virtual size: 32KB

.kc
Size: 32KB - Virtual size: 32KB

.jwlbLhf
Size: 32KB - Virtual size: 32KB

.krhwuSC
Size: 32KB - Virtual size: 32KB

.AHZBS
Size: 32KB - Virtual size: 32KB

.rRSJ
Size: 32KB - Virtual size: 32KB

.PwxrbLh
Size: 32KB - Virtual size: 32KB

.Pvr
Size: 32KB - Virtual size: 32KB

.VPpM
Size: 32KB - Virtual size: 32KB

.JGpSH
Size: 32KB - Virtual size: 32KB

.luRYnI
Size: 32KB - Virtual size: 32KB

.F
Size: 32KB - Virtual size: 32KB

.bsNAF
Size: 32KB - Virtual size: 32KB

.TFiRr
Size: 32KB - Virtual size: 32KB

.vhWjeW
Size: 32KB - Virtual size: 32KB

.QycCbY
Size: 32KB - Virtual size: 32KB

.eh_fram
Size: 512B - Virtual size: 56B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B