lnchr_ch33tHUB_lat3st_v[.]3[.]2[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

lnchr_ch33tHUB_lat3st_v.3.2.rar
Size

917KB
MD5

926d3282ddfa791c800f31f1a66e87e9
SHA1

1aaff459c35098bcb4a30fb0fa35bf3d0c2a53c1
SHA256

2e31b2fc4c371437c9c2b6df0f86fc1bce564bc69067b50ae6ba4f980ca5d2e9
SHA512

9afcc40ccaa6191fe691af2e3025f0cf5ab34cc289308a4f6a2350d4700f4f2a97cef1b7e96b67097dc83193f38395034b60625baed10813298646ce37020ded
SSDEEP

24576:tBb8K9uUk0lz3KguU4o4lcrMtjnzEkLdSDVi03+K:XwK9w0lz3KgT4lcWzPdSRH3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/apds.dll
unpack001/cr.dll
unpack001/lnchr_ch33tHUB_lat3st_v.3.2.1.exe
unpack001/microsoft.msxml.dll

Files

lnchr_ch33tHUB_lat3st_v.3.2.rar
.rar
Microsoft.VsDesigner.DataServices.Adapter.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/10/2011, 20:32

Not After

10/01/2013, 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:19:96:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:62:49:ca:6f:9a:d9:cb:81:a6:54:a7:d9:6c:1b:a8:e2:be:1d:10
Signer

Actual PE Digest

bf:62:49:ca:6f:9a:d9:cb:81:a6:54:a7:d9:6c:1b:a8:e2:be:1d:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\DMG_1102CTP\src\ndp\fx\src\DataWeb\SingleFileGenerator\Adapter\objr\i386\Microsoft.VSDesigner.DataServices.Adapter.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WCF Data Services 5.0 English License.rtf
.rtf
apds.dll
.dll regsvr32 windows:10 windows x86 arch:x86

4b6e55fedd480a6993bc0663caae28a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

apds.pdb

Imports

msvcrt

_onexit
wcstok_s
wcsstr
wcscat_s
wcscpy_s
__dllonexit
_unlock
_lock
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_errno
_wcslwr_s
iswspace
wcschr
_vscwprintf
vswprintf_s
??0exception@@QAE@ABQBD@Z
wcsncpy_s
malloc
calloc
free
_ui64toa_s
_strtoui64
_XcptFilter
_purecall
_wcsicmp
memmove_s
memcpy_s
realloc
memcmp
__CxxFrameHandler3
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
memset

kernel32

FindResourceW
GetProductInfo
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetVersionExW
GetProcAddress
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceExW
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
CloseHandle
GetTempPathW
GetTempFileNameW
WriteFile
GetLocaleInfoEx
FindClose
FindFirstFileExW
FindNextFileW
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
GetWindowsDirectoryW
FreeLibrary
lstrcmpiW
MultiByteToWideChar
ExpandEnvironmentStringsW
LocalFree
LocalAlloc
LoadLibraryW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
OutputDebugStringA

user32

UnregisterClassA
CharNextW

advapi32

RegisterTraceGuidsW
RegOpenKeyW
TraceEvent
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
UnregisterTraceGuids
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

oleaut32

VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
VariantInit
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SysAllocStringLen
VarBstrCat
VariantClear
LoadRegTypeLi

shlwapi

SHRegGetValueW
PathFileExistsW
PathFindExtensionW
PathCombineW
UrlUnescapeW
AssocQueryStringW
SHCreateStreamOnFileEx
ord12
PathAppendW

cabinet

ord20
ord23
ord21
ord22

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cr.dll
.dll windows:4 windows x86 arch:x86

17174832dbedfb8eccc57c58e1be80bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
WriteConsoleW
CancelThreadpoolIo
FindFirstVolumeA
GetStringTypeA
GetSystemDEPPolicy
RegCreateKeyExW
VerSetConditionMask
WaitCommEvent

imm32

ImmCreateContext
ImmGetCandidateListW
ImmGetDefaultIMEWnd
ImmInstallIMEW
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetStatusWindowPos

mf

MFCreateAggregateSource
MFCreateMPEG4MediaSink
MFCreateNetSchemePlugin
MFGetService
MFGetSupportedMimeTypes
MFRequireProtectedEnvironment

netapi32

DsGetDcNameW
DsValidateSubnetNameW
NetAccessEnum
NetDfsAddFtRoot
NetDfsAddRootTarget
NetUseGetInfo

pdh

PdhCalculateCounterFromRawValue
PdhEnumObjectItemsHW
PdhGetFormattedCounterValue
PdhLookupPerfIndexByNameA
PdhLookupPerfIndexByNameW
PdhOpenQueryA

powrprof

PowerDeterminePlatformRole
PowerReadACValueIndex
PowerReadValueIncrement
PowerReadValueMin
PowerWritePossibleFriendlyName
PowerWriteSettingAttributes

secur32

DecryptMessage
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaRegisterPolicyChangeNotification
RevertSecurityContext
SaslGetContextOption
SspiCompareAuthIdentities
SspiPrepareForCredWrite

shlwapi

ColorHLSToRGB
PathIsDirectoryEmptyW
PathParseIconLocationA
PathUnmakeSystemFolderW
QISearch
SHOpenRegStreamW
StrCSpnA
StrCpyNW

snmpapi

SnmpSvcSetLogType
SnmpUtilAsnAnyCpy
SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilPrintAsnAny
SnmpUtilPrintOid
SnmpUtilVarBindFree
SnmpUtilVarBindListCpy

tapi32

lineGetAgentStatusW
lineGetAppPriorityA
lineGetTranslateCapsW
lineParkA
lineSetAgentSessionState
lineSetupTransfer
lineTranslateDialog

ws2_32

FreeAddrInfoW
WSAAddressToStringA
WSAInstallServiceClassW
WSASocketW
WSAStringToAddressW
WSCSetProviderInfo
WSCUnInstallNameSpace

Exports

Exports

FJhoAYGKTVQbYDGP

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 44B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
joust.vhd
lnchr_ch33tHUB_lat3st_v.3.2.1.exe
.exe windows:4 windows x86 arch:x86

dcbe0d43dbb255b9c9138b7c134dcf8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

imm32

ImmCreateContext
ImmGetCandidateListW
ImmGetDefaultIMEWnd
ImmInstallIMEW
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetStatusWindowPos

kernel32

CancelThreadpoolIo
FindFirstVolumeA
GetStringTypeA
GetSystemDEPPolicy
RegCreateKeyExW
VerSetConditionMask
WaitCommEvent

mf

MFCreateAggregateSource
MFCreateMPEG4MediaSink
MFCreateNetSchemePlugin
MFGetService
MFGetSupportedMimeTypes
MFRequireProtectedEnvironment

netapi32

DsGetDcNameW
DsValidateSubnetNameW
NetAccessEnum
NetDfsAddFtRoot
NetDfsAddRootTarget
NetUseGetInfo

pdh

PdhCalculateCounterFromRawValue
PdhEnumObjectItemsHW
PdhGetFormattedCounterValue
PdhLookupPerfIndexByNameA
PdhLookupPerfIndexByNameW
PdhOpenQueryA

powrprof

PowerDeterminePlatformRole
PowerReadACValueIndex
PowerReadValueIncrement
PowerReadValueMin
PowerWritePossibleFriendlyName
PowerWriteSettingAttributes

secur32

DecryptMessage
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaRegisterPolicyChangeNotification
RevertSecurityContext
SaslGetContextOption
SspiCompareAuthIdentities
SspiPrepareForCredWrite

shlwapi

ColorHLSToRGB
PathIsDirectoryEmptyW
PathParseIconLocationA
PathUnmakeSystemFolderW
QISearch
SHOpenRegStreamW
StrCSpnA
StrCpyNW

snmpapi

SnmpSvcSetLogType
SnmpUtilAsnAnyCpy
SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilPrintAsnAny
SnmpUtilPrintOid
SnmpUtilVarBindFree
SnmpUtilVarBindListCpy

tapi32

lineGetAgentStatusW
lineGetAppPriorityA
lineGetTranslateCapsW
lineParkA
lineSetAgentSessionState
lineSetupTransfer
lineTranslateDialog

ws2_32

FreeAddrInfoW
WSAAddressToStringA
WSAInstallServiceClassW
WSASocketW
WSAStringToAddressW
WSCSetProviderInfo
WSCUnInstallNameSpace

cr

FJhoAYGKTVQbYDGP

Sections

.text
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
microsoft.msxml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

61:19:cc:93:00:01:00:00:00:66Certificate

Extended Key Usages

Key Usages

61:05:19:96:00:00:00:00:00:1bCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

bf:62:49:ca:6f:9a:d9:cb:81:a6:54:a7:d9:6c:1b:a8:e2:be:1d:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 19KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

4b6e55fedd480a6993bc0663caae28a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

oleaut32

shlwapi

cabinet

api-ms-win-core-com-l1-1-0

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 7KB - Virtual size: 7KB

17174832dbedfb8eccc57c58e1be80bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imm32

mf

netapi32

pdh

powrprof

secur32

shlwapi

snmpapi

tapi32

ws2_32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 576KB - Virtual size: 576KB

.bss Size: - Virtual size: 44B

.edata Size: 512B - Virtual size: 82B

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 100B

dcbe0d43dbb255b9c9138b7c134dcf8e

Headers

DLL Characteristics

File Characteristics

61:19:cc:93:00:01:00:00:00:66
Certificate

61:05:19:96:00:00:00:00:00:1b
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

bf:62:49:ca:6f:9a:d9:cb:81:a6:54:a7:d9:6c:1b:a8:e2:be:1d:10
Signer

.text
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 99KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 576KB - Virtual size: 576KB

.bss
Size: - Virtual size: 44B

.edata
Size: 512B - Virtual size: 82B

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 100B

.text
Size: 512B - Virtual size: 92B

.eh_fram
Size: 512B - Virtual size: 56B

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 12B