Chronos Sorter 2024[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Chronos Sorter 2024.rar
Size

4.1MB
MD5

7720f5f1001927feadf9ba97e870d05d
SHA1

3a47e40f5be4c1834cfe4c41e19fd8e36a58d669
SHA256

f350a9067adec83256cdaa50471c08d354085975e6da9e7cc4cd4ff4dd6c3f5d
SHA512

3bc0f1cde4166d7b5fa81a6a52d3737394ab90a064f587cef9d53e79b2aa3dd77f709fec42db520f84e8e64eaba1da600b29220beb5d4a4567a2a2a1e7a8acd0
SSDEEP

98304:126gIKNlouWUXcZWbmgJcmKumM7WOjjUziG8jgN1F8biBdrn:12VlBRcZo7RKumuWgjUudEfcqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/00/g29ehg29g2g892e98g289.exe

Files

Chronos Sorter 2024.rar
.rar
00/Uninstall chronos.lnk
.lnk
00/g29ehg29g2g892e98g289.exe
.exe windows:6 windows x64 arch:x64

0b772066edeabf7610308e35ce3470a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetConsoleMode
GetShortPathNameW
DeleteFileW
CreateHardLinkW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
CreateThread
GetProcessAffinityMask
GetSystemInfo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DuplicateHandle
VirtualProtect
SleepConditionVariableSRW
CreateFileW
ReleaseSRWLockShared
AcquireSRWLockShared
GetModuleHandleA
LoadLibraryExA
GetUserDefaultLocaleName
CreateDirectoryW
GetVersionExW
SetThreadExecutionState
LoadLibraryW
GetSystemDirectoryW
SetThreadPriority
GlobalLock
GlobalSize
GlobalUnlock
GetCurrentThread
GetFileAttributesW
RemoveDirectoryW
GetFileType
GlobalAlloc
FoldStringW
GlobalFree
GetModuleFileNameW
FindNextFileW
GetFullPathNameW
GetCurrentDirectoryW
GetSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetCurrentProcessId
GetUserDefaultUILanguage
LCIDToLocaleName
Sleep
SetLastError
IsDBCSLeadByte
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
AreFileApisANSI
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FindClose
TzSpecificLocalTimeToSystemTime
lstrlenW
MoveFileW
FlushFileBuffers
FormatMessageW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetSystemTimeAsFileTime
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
DeviceIoControl
ReadFileEx
CreateNamedPipeW
ExitProcess
GetStdHandle
CopyFileExW
MoveFileExW
GetFileInformationByHandleEx
ReleaseMutex
HeapReAlloc
QueryPerformanceFrequency
WakeConditionVariable
WakeAllConditionVariable
GetProcessId
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
TryAcquireSRWLockExclusive
SetEnvironmentVariableW
GetEnvironmentStringsW
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
OutputDebugStringA
OutputDebugStringW
WaitForSingleObject
SetEvent
CreateEventW
HeapAlloc
LoadLibraryExW
GetLastError
GetEnvironmentVariableW
QueryPerformanceCounter
FreeLibrary
GetProcAddress
CreatePipe
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
LoadLibraryA
HeapFree
DeleteProcThreadAttributeList
GetProcessHeap
CheckRemoteDebuggerPresent
IsDebuggerPresent
GetCurrentProcess
GetFinalPathNameByHandleW
SetFileTime
CompareStringW
SetFileAttributesW
GetModuleHandleW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
LocalFree
TlsFree
AcquireSRWLockExclusive
CloseHandle
ReleaseSRWLockExclusive
GetLongPathNameW
GetFileInformationByHandle
SetFileCompletionNotificationModes
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetHandleInformation

user32

GetKeyboardLayout
PostQuitMessage
AppendMenuW
CreateMenu
SetMenuItemInfoW
CreateWindowExW
GetRawInputData
UnregisterHotKey
RegisterHotKey
SendInput
SetForegroundWindow
SetCursor
LoadCursorW
IsWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
IsProcessDPIAware
GetSystemMetrics
SystemParametersInfoA
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
GetWindowLongPtrW
SetWindowDisplayAffinity
SetCursorPos
ShowCursor
GetForegroundWindow
RegisterTouchWindow
ClipCursor
GetClipCursor
GetSystemMenu
MapVirtualKeyExW
InvalidateRgn
ShowWindow
GetKeyState
ToUnicodeEx
IsIconic
SetWindowLongW
ClientToScreen
SendMessageW
CreateAcceleratorTableW
FlashWindowEx
DestroyAcceleratorTable
GetKeyboardState
MessageBoxA
GetActiveWindow
DestroyIcon
CreateIcon
CheckMenuItem
EnableMenuItem
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
SetMenu
EnumChildWindows
SetWindowPos
RegisterClipboardFormatW
GetAsyncKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
GetDC
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
VkKeyScanW
ReleaseCapture
GetCursorPos
MapVirtualKeyW
PostMessageW
GetClientRect
GetMessageA
DispatchMessageA
GetMessageW
CharToOemBuffW
SetWindowPlacement
GetWindowPlacement
PeekMessageW
CharLowerW
CharUpperW
OemToCharBuffA
OemToCharA
CharToOemA
RedrawWindow
GetAncestor
DestroyWindow
ChangeDisplaySettingsExW
DefWindowProcW
PostThreadMessageW
TranslateAcceleratorW
DispatchMessageW
GetUpdateRect
ValidateRect
GetMonitorInfoW
MonitorFromWindow
TranslateMessage
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
GetMenu

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
TaskDialogIndirect

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
OleInitialize

shell32

ShellExecuteW
SHCreateItemFromParsingName
DragQueryFileW
DragFinish
SHGetKnownFolderPath
SHAppBarMessage

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
SetFileSecurityW
RegCloseKey
RegGetValueW
SystemFunction036
GetTokenInformation
OpenProcessToken
SetSecurityInfo
AddAccessAllowedAce
InitializeAcl
GetLengthSid

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SetErrorInfo
SysAllocString
VariantClear

uxtheme

SetWindowTheme

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlGetNtVersionNumbers
NtWriteFile
NtReadFile
NtCreateFile

bcrypt

BCryptGenRandom

secur32

AcquireCredentialsHandleA
DeleteSecurityContext
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
EncryptMessage
FreeCredentialsHandle
ApplyControlToken
QueryContextAttributesW

ws2_32

getaddrinfo
freeaddrinfo
getsockopt
closesocket
WSACleanup
WSAStartup
getsockname
getpeername
WSASocketW
bind
WSAGetLastError
connect
ioctlsocket
WSAIoctl
setsockopt
WSASend
send
recv
shutdown

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateChain
CertCloseStore

api-ms-win-crt-math-l1-1-0

round
pow
floor
trunc
fmod
__setusermatherr

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcspbrk
wcslen
_wcsdup
strcpy_s
strlen
wcsncpy
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
abort
terminate
_configure_narrow_argv
_get_initial_narrow_environment
_initterm
_crt_atexit
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_c_exit
_cexit
_set_app_type
_initialize_narrow_environment
exit
__p___argv
_initterm_e
__p___argc
_exit

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
realloc
calloc
malloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
00/resources/av_passwords.txt
00/resources/config.toml

Sharing

General

Malware Config

Signatures

Files

0b772066edeabf7610308e35ce3470a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

gdi32

dwmapi

ole32

shell32

advapi32

oleaut32

uxtheme

ntdll

bcrypt

secur32

ws2_32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcp140

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 19KB - Virtual size: 56KB

.pdata Size: 422KB - Virtual size: 422KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 401KB - Virtual size: 400KB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 8.5MB - Virtual size: 8.5MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 19KB - Virtual size: 56KB

.pdata
Size: 422KB - Virtual size: 422KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 401KB - Virtual size: 400KB

.reloc
Size: 62KB - Virtual size: 62KB