chrgetpdsi[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

chrgetpdsi.exe
Size

6.5MB
MD5

14dabb2cfbe1dd5f4ca4bf0395be92ed
SHA1

08620f0cf607d962ed23518fc37b65be6918c49a
SHA256

28a56ea1847ea41d63ec52dc576cc4d2925d56c8674ea65d46d7d29f87d1a279
SHA512

5ba5715ec62a89dea82a09e527f338dc10e4fc4a1b42b2ac154bd4063ddea5887ef9f72051440af8d5525ffca6886248720c54b97a014984cda49081fd47cd1e
SSDEEP

196608:At2gXsgBFEEawW4Nhrafx5t/lLPcrkmD/I:6b33auNhrafx5/coZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chrgetpdsi.exe

Files

chrgetpdsi.exe
.exe windows:6 windows x64 arch:x64

6e43baa11b175b58b590c8c9f6cc9abb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SophosUpdate.pdb

Imports

ole32

CoCreateGuid
CoTaskMemFree
CoInitialize
CoUninitialize
CLSIDFromString

user32

CharLowerBuffW
CharUpperBuffW

crypt32

CertCreateCRLContext
CryptImportPublicKeyInfo
CertAddCertificateContextToStore
CertAddCRLContextToStore
CertFreeCRLContext
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CertRemoveStoreFromCollection
CertAddStoreToCollection
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetNameStringW
CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CryptStringToBinaryA
CryptBinaryToStringA

kernel32

RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetStdHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
GetExitCodeProcess
DeleteProcThreadAttributeList
GetFileInformationByHandleEx
DeviceIoControl
UnlockFileEx
GetCurrentThreadId
GetModuleHandleA
GetConsoleMode
GetFileInformationByHandle
CancelIoEx
GetOverlappedResult
WriteConsoleW
LockFileEx
GetFinalPathNameByHandleW
GetSystemDirectoryW
GetModuleHandleExW
GetModuleFileNameW
CreateWaitableTimerW
CreateEventW
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
CreateDirectoryW
QueryPerformanceCounter
GetSystemInfo
VirtualProtect
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
GetFileAttributesExW
SetFileInformationByHandle
SetFilePointerEx
GetTempPathW
AreFileApisANSI
CopyFileW
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetStringTypeW
GetExitCodeThread
GetLocaleInfoEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwind
CompareStringEx
GetCPInfo
OutputDebugStringW
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetConsoleOutputCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
CancelWaitableTimer
SetWaitableTimer
ResetEvent
WaitForMultipleObjects
ExpandEnvironmentStringsW
LocalFree
GetTickCount
WritePrivateProfileStringW
FreeLibrary
GetFileSize
LoadLibraryW
ReadFile
GetFileTime
FileTimeToSystemTime
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
SetFileTime
SetEvent
WaitForSingleObject
GlobalFree
LoadLibraryExA
SetDllDirectoryW
HeapSetInformation
SetSearchPathMode
OpenProcess
LoadLibraryExW
GetCurrentProcessId
TerminateProcess
OutputDebugStringA
GetCurrentProcess
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
FlushFileBuffers
ReplaceFileW
MoveFileExW
Sleep
CloseHandle
GetEnvironmentStringsW
SetEnvironmentVariableW
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
FindFirstFileExW
CreateFileW
CreateHardLinkW
WriteFile
GetModuleHandleW
GetProcAddress
GetDateFormatW
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlPcToFileHeader
RtlUnwindEx
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
GetCommandLineW
FindFirstFileW
GetOEMCP
SetStdHandle
GetCommandLineA

shlwapi

PathFileExistsW

ws2_32

getaddrinfo
WSAStartup
socket
freeaddrinfo
WSAGetLastError
closesocket
WSAIoctl
WSACleanup

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
CryptReleaseContext
CryptGetHashParam
CryptImportKey
CryptSetKeyParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptDestroyKey
GetTokenInformation
CryptDuplicateHash
CryptGenRandom
CryptSetHashParam
CloseServiceHandle
CreateProcessAsUserW
RegOpenKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CryptVerifySignatureW
RegDeleteKeyExW
RegDeleteTreeW
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
ConvertSidToStringSidA
IsWellKnownSid
OpenProcessToken

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHGetFolderPathW

winhttp

WinHttpConnect
WinHttpOpen
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpTimeFromSystemTime
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpCrackUrl

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e43baa11b175b58b590c8c9f6cc9abb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

user32

crypt32

kernel32

shlwapi

ws2_32

advapi32

shell32

winhttp

version

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 354KB - Virtual size: 354KB

.data Size: 28KB - Virtual size: 36KB

.pdata Size: 60KB - Virtual size: 60KB

.didat Size: 512B - Virtual size: 48B

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 354KB - Virtual size: 354KB

.data
Size: 28KB - Virtual size: 36KB

.pdata
Size: 60KB - Virtual size: 60KB

.didat
Size: 512B - Virtual size: 48B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 6KB - Virtual size: 6KB