ch3tHUB_lnchr_n3w_v[.]3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ch3tHUB_lnchr_n3w_v.3.exe
Size

700.0MB
MD5

4efb34b0153ce2c03478b0c902089679
SHA1

0a9e903452306ef909d9fdb3398cedb885dfb2e7
SHA256

1b66dda66ebb49a282aa3736fb2c8b36853b98b437d12da86a760cccdccfc7b4
SHA512

a4edd6259b6cc2d6a3185ae60dccc90289279c11152a634553478d170b73083c019cec18670852ab983920af5f9c48519890ed16027d85532d8e2f97827d1960
SSDEEP

48:3a9a3+wOCfGHAgWAgU7m/JpULvBxWFqOlt98Une1gmz8z7XUPIthL:qN7HcUZvBxWFzlP8Ue1bzEgA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ch3tHUB_lnchr_n3w_v.3.exe

Files

ch3tHUB_lnchr_n3w_v.3.exe
.exe windows:4 windows x86 arch:x86

a8dfa3a902d895480b0ec1bd12f3d538

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

bcrypt

BCryptAddContextFunction
BCryptDeleteContext
BCryptEncrypt
BCryptEnumAlgorithms
BCryptFinalizeKeyPair
BCryptRegisterConfigChangeNotify
BCryptSetProperty

clusapi

ClusterNodeEnum
ClusterNodeOpenEnum
ClusterRegDeleteKey
ClusterResourceControl
ClusterResourceGetEnumCount
ClusterResourceTypeEnum
GetClusterNetworkState
RemoveResourceFromClusterSharedVolumes

crypt32

CertCompareIntegerBlob
CertNameToStrA
CertOIDToAlgId
CryptEncryptMessage
CryptExportPublicKeyInfoEx
CryptGetDefaultOIDFunctionAddress
CryptImportPublicKeyInfoEx
CryptVerifyDetachedMessageHash

kernel32

CreateFileW
GetComputerNameW
GetWindowsDirectoryA
GlobalAddAtomW
IdnToNameprepUnicode
RegEnumValueA
SetErrorMode
SetWaitableTimerEx

mf

MFCreateASFMultiplexer
MFCreatePMPMediaSession
MFCreateSampleCopierMFT
MFCreateTopologyNode
MFGetSupportedMimeTypes
MFShutdownObject

rtm

MgmGetNextMfe
MgmGroupEnumerationStart
RtmBlockMethods
RtmCreateDestEnum
RtmCreateNextHopEnum
RtmCreateRouteEnum
RtmDeleteRouteList
RtmMarkDestForChangeNotification

shlwapi

ChrCmpIA
PathFindExtensionW
SHRegCloseUSKey
StrCSpnIA
StrChrIW
StrStrA

tapi32

lineGetAgentStatusA
lineHandoffA
linePrepareAddToConferenceW
lineRemoveFromConference
lineSetTollList
lineTranslateAddress
phoneOpen
phoneSetButtonInfoW

usp10

ScriptApplyLogicalWidth
ScriptFreeCache
ScriptGetFontFeatureTags
ScriptGetFontScriptTags
ScriptGetGlyphABCWidth
ScriptShapeOpenType
ScriptStringGetLogicalWidths
ScriptStringValidate
ScriptString_pSize

webservices

WsAbortListener
WsCopyNode
WsDecodeUrl
WsGetNamespaceFromPrefix
WsGetPolicyAlternativeCount
WsMoveReader
WsOpenListener
WsSetMessageProperty
WsWriteEndAttribute

cr

zeJgmuLAhjlNogtb

Sections

.text
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8dfa3a902d895480b0ec1bd12f3d538

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

clusapi

crypt32

kernel32

mf

rtm

shlwapi

tapi32

usp10

webservices

cr

Sections

.text Size: 512B - Virtual size: 92B

.eh_fram Size: 512B - Virtual size: 56B

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 512B - Virtual size: 92B

.eh_fram
Size: 512B - Virtual size: 56B

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B