chrome_elf[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

chrome_elf.zip
Size

164KB
MD5

8e1f55799fedbb44ccca1d7ca64093d9
SHA1

73158d98613b6d9a2aeb9009cbc330e6bfd72cae
SHA256

d0006946eb571434b3be7ab568080afd9fd3c98d7a4a1b3c64841482ae456380
SHA512

c4cc53dfba213d353164bee75b48a9a62b165c36a5a60bc8a58cbfbec7b9330b2a39920aee9ba2f7552de5bc438fa420ba90af96b686798380d52830d36cd269
SSDEEP

3072:n84QzPrcKsQkkLfcsEh1iGEHzPin8yWll9qBjIKyEeSF8psfsmn20M:8FzIRQke5y1ilH7inPWgN0EeSeykd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dpapi.dll

Files

chrome_elf.zip
.zip
config.ini
dpapi.dll
.dll windows:6 windows x64 arch:x64

69ad6ecafdd479472caa26ecc2fdcc4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\blockthespot\src\x64\Release\dpapi.pdb

Imports

kernel32

GetCurrentThread
VirtualProtect
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
K32GetModuleInformation
GetProcAddress
GetModuleHandleW
WritePrivateProfileStringW
MultiByteToWideChar
GetPrivateProfileStringW
WideCharToMultiByte
LoadLibraryW
GetCommandLineW
DisableThreadLibraryCalls
CloseHandle
CreateThread
GetLastError
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockExclusive

msvcp140

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@AEA_W@Z
?unget@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?fail@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Xtime_get_ticks
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEA_W_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Mbrtowc
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?is@?$ctype@_W@std@@QEBA_NF_W@Z

winhttp

WinHttpReadData
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
memcmp
memmove
memcpy
__std_terminate
__std_exception_copy
__std_exception_destroy
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
terminate
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit
_register_onexit_function
_errno
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

_ldsign
_ldclass
ceilf
_fdsign
_fdclass
_dclass
_dsign

api-ms-win-crt-convert-l1-1-0

wcstol

api-ms-win-crt-string-l1-1-0

iswdigit

api-ms-win-crt-stdio-l1-1-0

fclose
fputwc
ungetwc
_fseeki64
fsetpos
ungetc
fwrite
setvbuf
fgetpos
fgetc
fgetwc
fflush

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64

Exports

Exports

CryptProtectData
CryptProtectMemory
CryptUnprotectData
CryptUnprotectMemory
CryptUpdateProtectedState

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69ad6ecafdd479472caa26ecc2fdcc4e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

winhttp

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 189KB - Virtual size: 188KB

.rdata Size: 170KB - Virtual size: 169KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 9KB - Virtual size: 9KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 189KB - Virtual size: 188KB

.rdata
Size: 170KB - Virtual size: 169KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 9KB - Virtual size: 9KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB