mc chet[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

mc chet.rar
Size

1.8MB
MD5

c018f3e3d4875c81573a07dfc1592a67
SHA1

df29237eb634f8c623df2df2b4b4a3c0a4949ae3
SHA256

b9973ba3407e32e942f5873c609b4552ce787e79df192f6588292f23080e08b8
SHA512

327fc53692d465c121300d2ee53184481568b425da18fb58629463a5e81cf512a974d6ff9d610f68ba2a6180d6ab046b9f8a040017fbb9eccba0ccd381ec6d08
SSDEEP

49152:nr/iKWTvVa63FEGUNl65vPHZWL7cxDSKFLHMfj:judP+65vPHmcl7O7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/mc chet/Project4.hl.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mc chet/Project4.dll
unpack001/mc chet/Project4.hl.exe
unpack002/out.upx
unpack001/mc chet/shiza.dll

Files

mc chet.rar
.rar
mc chet/Project4.dll
.dll windows:6 windows x86 arch:x86

d138ad463df811ff4aee43c9dd23d75a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetConsoleTitleA
VirtualAlloc
LoadLibraryA
FreeConsole
CreateThread
GetConsoleWindow
AllocConsole
VirtualQuery
WriteConsoleW
SetEndOfFile
CloseHandle
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetModuleHandleW
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
CreateFileW
HeapSize
ReadFile
ReadConsoleW
DecodePointer

user32

ShowWindow

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mc chet/Project4.hl.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mc chet/injmthd.ini
mc chet/mycfg.cfg
mc chet/shiza.dll
.dll windows:6 windows x86 arch:x86

e9f33c34083c46b80b14ca02be1d51fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
WideCharToMultiByte
GetTickCount64
GetProcessHeap
IsBadReadPtr
FreeLibraryAndExitThread
CreateThread
DisableThreadLibraryCalls
FindFirstFileA
QueryPerformanceCounter
FindClose
DeleteFileA
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
QueryPerformanceFrequency
MultiByteToWideChar
FindNextFileA
GetModuleHandleA
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFullPathNameW
GetDriveTypeW
ReadFile
LoadLibraryExW
FreeLibrary
SetLastError
GetLastError
InterlockedFlushSList
RtlUnwind
RaiseException
TlsFree
TlsGetValue
CreateSemaphoreW
TlsAlloc
InitializeCriticalSection
ReleaseSemaphore
TlsSetValue
TerminateProcess
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime

user32

ReleaseCapture
SetCursorPos
GetCursorPos
GetActiveWindow
SetWindowLongA
CallWindowProcA
DefWindowProcA
FindWindowA
ShowCursor
GetWindowRect
GetDesktopWindow
GetAsyncKeyState
GetKeyState
mouse_event
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect

gdi32

SelectObject
GetTextExtentPointA
DeleteObject
CreateFontA

shell32

SHGetKnownFolderPath

opengl32

glPolygonMode
glPopMatrix
glVertex2f
glVertex2i
glBegin
glColor3f
glEnd
glListBase
glColor4ub
glRasterPos2i
glHint
wglUseFontBitmapsA
glCallLists
glGenLists
wglGetCurrentDC
glColor4f
glDepthFunc
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glShadeModel
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glTexCoordPointer
glDeleteTextures
glTexParameteri
glLoadIdentity
glBlendFunc
glMatrixMode
glDisableClientState
glScissor
glEnable
glVertexPointer
glGenTextures
glBindTexture
glLineWidth
glPopAttrib
glEnableClientState
glViewport

winmm

timeGetTime

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d138ad463df811ff4aee43c9dd23d75a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 168KB - Virtual size: 168KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 2KB - Virtual size: 1KB

e9f33c34083c46b80b14ca02be1d51fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

opengl32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 489KB - Virtual size: 489KB

.data Size: 10KB - Virtual size: 25KB

.0 Size: 463KB - Virtual size: 463KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 489KB - Virtual size: 489KB

.data
Size: 10KB - Virtual size: 25KB

.0
Size: 463KB - Virtual size: 463KB

.reloc
Size: 54KB - Virtual size: 53KB