Chakra[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Chakra.dll
Size

5.6MB
MD5

ebd4c7cedc03cc8b1e7febe379ab952d
SHA1

3ea7aa2601bcf0ccdd0429dce802533a2d3a3dcf
SHA256

13ff80c8376ab765069a6f5bc521795917da4548f641723ad3060a2d2192b526
SHA512

1da622174f94f78d965ac1fbf4014dd6c27f8092ac0845165b8abd7b2f5c192041a2212b270b0dde6c0bdf4e81f2d2997a401d52a8adc39e5b504d88b5d154f3
SSDEEP

98304:Kqnuespt9otSpvpKwgp7Pqvr4EO1ZYwsNxOt1L:KKujfotSRpKwgp7Pqvr4EO1Cgtp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Chakra.dll

Files

Chakra.dll
.dll regsvr32 windows:10 windows x86 arch:x86

bafb2f3adf68bd3840e62512165d7c40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

chakra.pdb

Imports

msvcrt

??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
memmove_s
qsort_s
_vsnwprintf_s
wcscat_s
realloc
??1exception@@UAE@XZ
wcscpy_s
_ultow_s
_ltow_s
_wcsdup
wprintf
wcsncpy_s
_i64tow_s
vswprintf_s
_wcstoui64
_ui64tow_s
wcsncmp
strnlen
wcstok_s
wcsstr
_control87
_statusfp
_clearfp
rand_s
fclose
fwprintf_s
fflush
_flushall
fwprintf
_itow_s
_wsplitpath_s
_wcsnicmp
wcsrchr
_wfsopen
_aligned_malloc
_beginthreadex
_tzset
_snwprintf_s
modf
ceil
floor
qsort
_vscwprintf
towupper
_wcslwr_s
isalpha
__CxxFrameHandler3
isdigit
__libm_sse2_pow
__iob_func
strncmp
wcsncat_s
wcstoul
tolower
memcpy_s
_vsnwprintf
_wcsicmp
_set_SSE2_enable
malloc
__libm_sse2_acos
__libm_sse2_asin
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_cos
__libm_sse2_exp
__libm_sse2_log
__libm_sse2_sin
__libm_sse2_tan
__libm_sse2_log10
wcschr
free
swprintf_s
memcpy
_XcptFilter
_amsg_exit
_purecall
_initterm
_except_handler4_common
memcmp
_setjmp3
_hypot
_ftol2_sse
_ftol2
_CxxThrowException
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
memmove
_aligned_free
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
memset

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomW
FindAtomW

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapFree
HeapAlloc
HeapUnlock
HeapCreate
HeapLock
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
WaitForSingleObject
SetEvent
CreateSemaphoreExW
AcquireSRWLockShared
EnterCriticalSection
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventW
TryEnterCriticalSection
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared

api-ms-win-core-libraryloader-l1-1-0

SizeofResource
GetProcAddress
LockResource
GetModuleHandleW
FreeLibraryAndExitThread
LoadResource
LoadLibraryExW
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetProcessId
SetThreadStackGuarantee
TlsFree
TlsGetValue
SwitchToThread
TlsAlloc
ResumeThread
SuspendThread
TlsSetValue
GetCurrentProcessId
TerminateProcess
GetProcessTimes
SetThreadPriority
GetCurrentThread
GetCurrentProcess

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetLogicalProcessorInformation
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemTimeAdjustment
GetSystemTime
GlobalMemoryStatusEx

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
GetUserDefaultLocaleName
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualFree
VirtualAlloc
CreateFileMappingW
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
VirtualQuery

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
StrCmpLogicalW
StrTrimW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW
PathGetDriveNumberW
PathFileExistsW
PathIsLFNFileSpecW
PathIsFileSpecW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetSystemTimePreciseAsFileTime

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation
K32GetProcessMemoryInfo

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
QueryDepthSList
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-memory-l1-1-1

GetWriteWatch
ResetWriteWatch

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-kernel32-legacy-l1-1-0

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
GetThreadContext
GetProcessMitigationPolicy

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessIoCounters

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

RpcExceptionFilter
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrServerCall2
I_RpcBindingInqLocalClientPID
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqW
NdrClientCall2
NdrDllRegisterProxy
RpcBindingBind
RpcBindingCreateW
RpcBindingFree
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrOleFree

api-ms-win-core-memory-l1-1-5

MapViewOfFileNuma2
VirtualUnlockEx
UnmapViewOfFile2

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

icuuc

uloc_getBaseName
uloc_getName
uloc_toUnicodeLocaleType
uenum_next
uenum_count
uenum_close
u_charType
uloc_addLikelySubtags
u_hasBinaryProperty
unorm2_isNormalized
u_strlen
uloc_countAvailable
u_strToUpper
unorm2_normalize
unorm2_getInstance
uenum_unext
u_strToLower
uloc_forLanguageTag
uloc_toLanguageTag
uloc_getAvailable

icuin

udatpg_open
ucal_getCanonicalTimeZoneID
ucal_openTimeZoneIDEnumeration
ucol_close
udatpg_getBestPatternWithOptions
uplrules_openForType
uplrules_getKeywords
unum_close
ucal_setGregorianChange
unumsys_close
udat_getCalendar
ufieldpositer_close
udat_formatForFields
uplrules_close
ufieldpositer_next
ufieldpositer_open
unum_formatDoubleForFields
unum_formatDouble
unum_getAttribute
ucol_strcoll
ucol_setAttribute
ucol_setStrength
unum_setTextAttribute
unum_open
unum_setAttribute
unumsys_getName
unumsys_open
udatpg_close
ucal_getDefaultTimeZone
udat_close
udat_open
uplrules_select
ucal_getKeywordValuesForLocale
ucol_getAttribute
ucol_open
ucol_getKeywordValuesForLocale
udat_countAvailable
udat_getAvailable
unum_countAvailable
unum_getAvailable
ucol_countAvailable
ucol_getAvailable
ulocdata_getCLDRVersion
udat_format
unum_parseDouble

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

CompareStringEx
MultiByteToWideChar

api-ms-win-core-string-l2-1-0

CharUpperBuffW
CharLowerBuffW
CharLowerW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

bcrypt

BCryptGenRandom

Exports

Exports

CreateChakraEngine
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DumpDiagInfo
JsAddRef
JsBoolToBoolean
JsBooleanToBool
JsCallFunction
JsCollectGarbage
JsConstructObject
JsConvertValueToBoolean
JsConvertValueToNumber
JsConvertValueToObject
JsConvertValueToString
JsCreateArray
JsCreateArrayBuffer
JsCreateContext
JsCreateDataView
JsCreateError
JsCreateExternalArrayBuffer
JsCreateExternalObject
JsCreateFunction
JsCreateNamedFunction
JsCreateObject
JsCreateRangeError
JsCreateReferenceError
JsCreateRuntime
JsCreateSymbol
JsCreateSyntaxError
JsCreateThreadService
JsCreateTypeError
JsCreateTypedArray
JsCreateURIError
JsDefineProperty
JsDeleteIndexedProperty
JsDeleteProperty
JsDisableRuntimeExecution
JsDiscardBackgroundParse
JsDisposeRuntime
JsDoubleToNumber
JsEnableRuntimeExecution
JsEnumerateHeap
JsEquals
JsGetAndClearException
JsGetArrayBufferStorage
JsGetContextData
JsGetContextOfObject
JsGetCurrentContext
JsGetDataViewStorage
JsGetExtensionAllowed
JsGetExternalData
JsGetFalseValue
JsGetGlobalObject
JsGetIndexedPropertiesExternalData
JsGetIndexedProperty
JsGetNullValue
JsGetOwnPropertyDescriptor
JsGetOwnPropertyNames
JsGetOwnPropertySymbols
JsGetProperty
JsGetPropertyIdFromName
JsGetPropertyIdFromSymbol
JsGetPropertyIdType
JsGetPropertyNameFromId
JsGetPrototype
JsGetRuntime
JsGetRuntimeMemoryLimit
JsGetRuntimeMemoryUsage
JsGetStringLength
JsGetSymbolFromPropertyId
JsGetTrueValue
JsGetTypedArrayInfo
JsGetTypedArrayStorage
JsGetUndefinedValue
JsGetValueType
JsHasException
JsHasExternalData
JsHasIndexedPropertiesExternalData
JsHasIndexedProperty
JsHasProperty
JsIdle
JsInitializeJITServer
JsInspectableToObject
JsInstanceOf
JsIntToNumber
JsIsEnumeratingHeap
JsIsRuntimeExecutionDisabled
JsNumberToDouble
JsNumberToInt
JsObjectToInspectable
JsParseScript
JsParseScriptWithAttributes
JsParseSerializedScript
JsParseSerializedScriptWithCallback
JsPointerToString
JsPreventExtension
JsProjectWinRTNamespace
JsQueueBackgroundParse
JsRelease
JsRunScript
JsRunSerializedScript
JsRunSerializedScriptWithCallback
JsSerializeScript
JsSetContextData
JsSetCurrentContext
JsSetException
JsSetExternalData
JsSetIndexedPropertiesToExternalData
JsSetIndexedProperty
JsSetObjectBeforeCollectCallback
JsSetProjectionEnqueueCallback
JsSetPromiseContinuationCallback
JsSetProperty
JsSetPrototype
JsSetRuntimeBeforeCollectCallback
JsSetRuntimeMemoryAllocationCallback
JsSetRuntimeMemoryLimit
JsStartDebugging
JsStartProfiling
JsStopProfiling
JsStrictEquals
JsStringToPointer
JsValueToVariant
JsVarAddRef
JsVarRelease
JsVarToExtension
JsVarToScriptDirect
JsVariantToValue
MemProtectHeapAddRootSection
MemProtectHeapCollect
MemProtectHeapCreate
MemProtectHeapDestroy
MemProtectHeapDisableCollection
MemProtectHeapIsValidObject
MemProtectHeapMemSize
MemProtectHeapNotifyCurrentThreadDetach
MemProtectHeapProtectCurrentThread
MemProtectHeapRemoveRootSection
MemProtectHeapReportHeapSize
MemProtectHeapRootAlloc
MemProtectHeapRootAllocLeaf
MemProtectHeapRootRealloc
MemProtectHeapRootReallocLeaf
MemProtectHeapSynchronizeWithCollector
MemProtectHeapUnprotectCurrentThread
MemProtectHeapUnrootAndZero
RecyclerNativeHeapAddExternalMemoryUsage
RecyclerNativeHeapAllocLeaf
RecyclerNativeHeapAllocLeafFinalized
RecyclerNativeHeapAllocTraced
RecyclerNativeHeapAllocTracedFinalized
RecyclerNativeHeapCollectGarbageInThread
RecyclerNativeHeapCreateWeakReference
RecyclerNativeHeapGetRealAddressFromInterior
RecyclerNativeHeapGetStrongReference
RecyclerNativeHeapHasWeakReferenceCleanupOccurred
RecyclerNativeHeapRootAddRef
RecyclerNativeHeapRootRelease

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bafb2f3adf68bd3840e62512165d7c40

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-util-l1-1-0

rpcrt4

api-ms-win-core-memory-l1-1-5

api-ms-win-core-memory-l1-1-3

api-ms-win-core-path-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

icuuc

icuin

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-localization-l2-1-0

bcrypt

Exports

Exports

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.data Size: 59KB - Virtual size: 1.1MB

.idata Size: 13KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 168B

.mrdata Size: 512B - Virtual size: 1B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 215KB - Virtual size: 214KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 59KB - Virtual size: 1.1MB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 168B

.mrdata
Size: 512B - Virtual size: 1B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 215KB - Virtual size: 214KB