C:\Users\fasbe\source\repos\ImCytox\Cherax\bin\Final\CheraxLoader.pdb
Static task
static1
1 signatures
General
-
Target
CheraxLoader.exe
-
Size
2.9MB
-
MD5
9ccb807ef4854074772e5e9f9b0ee9dc
-
SHA1
138b2e05a9980f9aa120be3eecb3f98029e61138
-
SHA256
5fb02448837400c9660d19276d86de85cce4332556684bc0a6dbfa81b207d0d2
-
SHA512
38f40761b5c515659e16b620516c379d86ab246f702ff582261cdb7ba347d01233d83930a14a419a23f22ee615b6245863cf36e1306fa916c24e3bf9e6ae2eda
-
SSDEEP
49152:p2N/MpqBXqoOTow3U6AXNTd/D2CUONEWTYcOM2MB5rj8:pA9k3Tb30/lUOzO
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CheraxLoader.exe
Files
-
CheraxLoader.exe.exe windows:6 windows x64 arch:x64
dd9bfd63f8c51affcf45502bb51cb76d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
GetModuleHandleW
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
DisconnectNamedPipe
WriteFile
CreateNamedPipeA
VirtualFreeEx
CreateRemoteThread
HeapFree
HeapAlloc
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
SetFileInformationByHandle
CreateProcessW
AreFileApisANSI
VirtualAllocEx
GetProcAddress
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
WriteProcessMemory
GetLastError
CreateProcessA
FormatMessageA
MoveFileExW
GetComputerNameW
ExitProcess
SetFileAttributesA
CloseHandle
GetFileAttributesA
GetFileInformationByHandleEx
GetVolumeInformationA
MultiByteToWideChar
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
Sleep
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
SetLastError
FormatMessageW
GetSystemDirectoryW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
CreateEventW
SetEvent
DeleteCriticalSection
GetTickCount
VerifyVersionInfoW
GetEnvironmentVariableA
SleepEx
ReadFile
ConnectNamedPipe
GetLocaleInfoEx
GetCurrentProcessId
CreateDirectoryW
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetModuleFileNameA
WaitForSingleObjectEx
GetFileSizeEx
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileA
user32
FindWindowA
SetForegroundWindow
UpdateWindow
PostQuitMessage
TranslateMessage
SetFocus
GetForegroundWindow
PeekMessageW
DispatchMessageW
ShowWindow
RegisterClassExW
UnregisterClassW
CreateWindowExW
SetActiveWindow
SetWindowPos
DestroyWindow
OpenClipboard
CloseClipboard
MessageBoxA
GetClipboardData
SetClipboardData
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
GetWindowRect
DefWindowProcW
GetActiveWindow
EmptyClipboard
advapi32
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameA
CryptImportKey
CryptAcquireContextW
shell32
SHGetFolderPathA
ShellExecuteW
msvcp140
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@ios_base@std@@IEAAXXZ
??0ios_base@std@@IEAA@XZ
??1ios_base@std@@UEAA@XZ
?clear@ios_base@std@@QEAAXH_N@Z
??1ctype_base@std@@UEAA@XZ
??0ctype_base@std@@QEAA@_K@Z
?do_encoding@codecvt_base@std@@MEBAHXZ
?do_max_length@codecvt_base@std@@MEBAHXZ
??1codecvt_base@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0codecvt_base@std@@QEAA@_K@Z
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
_Toupper
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
_Thrd_yield
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Mtx_unlock
_Thrd_join
_Thrd_detach
_Query_perf_counter
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
_Tolower
d3d11
D3D11CreateDeviceAndSwapChain
winhttp
WinHttpQueryDataAvailable
WinHttpWebSocketCompleteUpgrade
WinHttpReadData
WinHttpWebSocketClose
WinHttpWebSocketSend
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpOpen
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpWebSocketReceive
WinHttpOpenRequest
WinHttpSetOption
WinHttpConnect
d3dcompiler_47
D3DCompile
imm32
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmAssociateContextEx
bcrypt
BCryptGenRandom
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
__intrinsic_setjmp
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
memcmp
wcschr
memchr
strrchr
strchr
strstr
__std_terminate
memmove
memcpy
longjmp
__std_exception_copy
__std_exception_destroy
api-ms-win-crt-heap-l1-1-0
realloc
_callnewh
malloc
calloc
_set_new_mode
free
api-ms-win-crt-math-l1-1-0
powf
sqrtf
sinf
_fdopen
ldexp
fmodf
cosf
ceilf
acosf
_ldclass
_fdclass
_ldsign
_fdsign
_dclass
_dsign
__setusermatherr
api-ms-win-crt-convert-l1-1-0
wcstombs
atoi
strtoull
strtoul
strtoll
strtod
strtol
api-ms-win-crt-runtime-l1-1-0
terminate
_errno
__sys_errlist
_beginthreadex
__sys_nerr
system
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
abort
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
localeconv
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf
_read
_write
__stdio_common_vsscanf
_lseeki64
_fileno
fopen
fgets
__p__commode
fwrite
_wopen
__stdio_common_vswprintf
fputc
fflush
fputs
fgetc
_close
_wfopen
fclose
fgetpos
setvbuf
__acrt_iob_func
ungetc
fsetpos
_set_fmode
fread
feof
fopen_s
_fseeki64
fseek
ferror
ftell
_get_stream_buffer_pointers
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_fstat64
_stat64i32
remove
_wstat64
_waccess
_lock_file
_unlink
api-ms-win-crt-string-l1-1-0
strncmp
strcmp
strncpy
_wcsdup
wcspbrk
strcspn
_strdup
strspn
wcsncpy
wcsncmp
strpbrk
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
_time64
_mktime64
strftime
_gmtime64
api-ms-win-crt-utility-l1-1-0
qsort
ws2_32
__WSAFDIsSet
connect
select
htons
WSAIoctl
setsockopt
closesocket
WSAGetLastError
WSASetLastError
ntohs
socket
WSACloseEvent
WSACreateEvent
WSASetEvent
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
htonl
WSAEventSelect
send
WSAResetEvent
getsockname
getpeername
accept
listen
WSAWaitForMultipleEvents
getsockopt
bind
WSAStartup
recv
WSACleanup
sendto
WSAEnumNetworkEvents
recvfrom
wldap32
ord127
ord46
ord117
ord301
ord219
ord27
ord26
ord133
ord145
ord73
ord216
ord142
ord41
ord167
ord208
ord14
ord147
ord79
crypt32
CertOpenStore
CertFreeCertificateContext
PFXImportCertStore
CryptStringToBinaryW
CertCloseStore
CertFindCertificateInStore
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringW
CertFindExtension
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
Exports
Exports
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_ws_meta
curl_ws_recv
curl_ws_send
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 996KB - Virtual size: 995KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ