chsbrkr[.]dll | Triage

General

Target

chsbrkr.dll
Size

1.6MB
MD5

65c2f2a191905da1baada9804e4c2c3c
SHA1

c3e57753e307b11e8a01877c6743c0381e57e39b
SHA256

bb57b063df3ee1c598deca174d750dbf54cfbea0aac2ae69e03da3e16d89d9da
SHA512

227866fdcdf0c22678eab4be5e5b905355f47c7b1ffe91c7906db77f9f846f0b8175b3ef30073a6ae09ad6fe2286548e14435a9cfdc4b790d48373475fbe5652
SSDEEP

24576:288888/CQ2fXEG5DTyLOlWOOOJXol46l:288888/J2LGHOJXE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chsbrkr.dll

Files

chsbrkr.dll
.dll regsvr32 windows:6 windows x86 arch:x86

b7a86c821bef56b8ce128f4fb1d0d5ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ChsBrkr.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_amsg_exit
_initterm
free
malloc
_XcptFilter
__CxxFrameHandler
wcsncmp
memcpy
memset
??_U@YAPAXI@Z
??2@YAPAXI@Z
iswctype
iswspace
??_V@YAXPAX@Z
??3@YAXPAX@Z

api-ms-win-core-localregistry-l1-1-0

RegDeleteKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

GetTickCount
QueryPerformanceCounter
RtlUnwind
Sleep
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetLastError
GetCurrentThreadId
DelayLoadFailureHook
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetStringTypeW
InterlockedIncrement
InterlockedDecrement
FindResourceW
LoadResource
LockResource
GetModuleFileNameW
GetFileAttributesExW
CompareFileTime
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetProcAddress
SetUnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7a86c821bef56b8ce128f4fb1d0d5ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-localregistry-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 6KB - Virtual size: 5KB