Chakra[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Chakra.dll
Size

5.8MB
MD5

470870f4ae21f36f0e9a12446826ff6b
SHA1

10f90ce9fbe5824b54705796186f51b7fcbb1b2c
SHA256

5fa200c758855587d703901ec66da24bedfff1c1ae4102cfbfa762107de1a1dc
SHA512

f575194c80ed438dbb892d8fcbd4c6f5717bda28b09da9df28d0239ec74be2f4ac9206cad7ce224ab59b7a1696cb3b6e6334e0ba882b6a1f8dffe9f5d1c4e9dc
SSDEEP

98304:exJLXw63XZZsMPtKeHryVy1W94yyL4pc:exJLXw63XZxLLCy1wY4u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Chakra.dll

Files

Chakra.dll
.dll regsvr32 windows:10 windows x86 arch:x86

f0449909bfc529f25b22cc2d85e69294

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

chakra.pdb

Imports

msvcrt

_lock
__libm_sse2_acos
_onexit
__libm_sse2_asin
rand_s
__dllonexit
_clearfp
_statusfp
_control87
__libm_sse2_atan
wcsstr
__libm_sse2_atan2
__libm_sse2_log10
__libm_sse2_cos
wcstok_s
_ui64tow_s
_wsplitpath_s
memcmp
memcpy
_unlock
_wcstoui64
_i64tow_s
vswprintf_s
_vsnwprintf
_ltow
_wcsdup
memmove
_ltow_s
_ultow_s
wcscpy_s
wcsncmp
realloc
wcscat_s
_vsnwprintf_s
memcpy_s
wcsncpy_s
wcstoul
malloc
wcschr
__CxxFrameHandler3
__libm_sse2_pow
_except_handler4_common
free
__libm_sse2_exp
qsort_s
__libm_sse2_log
wcsrchr
_wfsopen
fclose
memmove_s
fwprintf_s
fflush
isdigit
rand
_set_SSE2_enable
_tzset
isalpha
_wcslwr_s
towupper
_vscwprintf
??1type_info@@UAE@XZ
_hypot
qsort
?terminate@@YAXXZ
floor
ceil
_flushall
fwprintf
_beginthreadex
_snwprintf_s
modf
__iob_func
strncmp
wcsncat_s
tolower
swprintf_s
_stricmp
_purecall
_wcsicmp
__libm_sse2_sin
__libm_sse2_tan
_XcptFilter
_initterm
_itow_s
_amsg_exit
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_ftol2
_ftol2_sse
_setjmp3
memset

api-ms-win-core-atoms-l1-1-0

AddAtomW
FindAtomW
DeleteAtom

api-ms-win-core-normalization-l1-1-0

IsNormalizedString
NormalizeString

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
FreeLibraryAndExitThread
GetProcAddress
FindResourceExW
LoadResource
LockResource
LoadLibraryExW
GetModuleHandleW
SizeofResource
FreeLibrary
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
SetEvent
EnterCriticalSection
CreateEventW
ResetEvent
WaitForMultipleObjectsEx
WaitForSingleObject
LeaveCriticalSection
TryEnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapLock
HeapCreate
HeapUnlock
HeapDestroy
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW
ResolveLocaleName
GetUserDefaultLocaleName
IsValidCodePage
GetLocaleInfoW
IsValidLocale
GetACP
GetUserDefaultLCID

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetStdHandle

api-ms-win-core-processthreads-l1-1-0

SwitchToThread
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
SetThreadStackGuarantee
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegSetValueExW
RegGetValueW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect
VirtualFree

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsFileSpecW
PathGetDriveNumberW
PathIsLFNFileSpecW
PathIsUNCW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTime
GetLogicalProcessorInformation
GetSystemTimeAdjustment
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformationForYear
GetTimeZoneInformation

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-1

ResetWriteWatch
GetWriteWatch

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-kernel32-legacy-l1-1-0

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
FlushInstructionCache
GetThreadContext

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW
CompareStringEx
MultiByteToWideChar

api-ms-win-core-string-l2-1-0

CharUpperBuffW
CharLowerW
CharLowerBuffW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessIoCounters

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW
StrCmpICW
StrCmpLogicalW

rpcrt4

NdrDllGetClassObject
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
IUnknown_Release_Proxy

api-ms-win-core-memory-l1-1-4

SetProcessValidCallTargets

bcrypt

BCryptGenRandom

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

iertutil

ord650

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JsAddRef
JsBoolToBoolean
JsBooleanToBool
JsCallFunction
JsCollectGarbage
JsConstructObject
JsConvertValueToBoolean
JsConvertValueToNumber
JsConvertValueToObject
JsConvertValueToString
JsCreateArray
JsCreateArrayBuffer
JsCreateContext
JsCreateDataView
JsCreateError
JsCreateExternalArrayBuffer
JsCreateExternalObject
JsCreateFunction
JsCreateNamedFunction
JsCreateObject
JsCreateRangeError
JsCreateReferenceError
JsCreateRuntime
JsCreateSymbol
JsCreateSyntaxError
JsCreateTypeError
JsCreateTypedArray
JsCreateURIError
JsDefineProperty
JsDeleteIndexedProperty
JsDeleteProperty
JsDisableRuntimeExecution
JsDisposeRuntime
JsDoubleToNumber
JsEnableRuntimeExecution
JsEnumerateHeap
JsEquals
JsExperimentalApiRunModule
JsGetAndClearException
JsGetArrayBufferStorage
JsGetContextData
JsGetContextOfObject
JsGetCurrentContext
JsGetDataViewStorage
JsGetExtensionAllowed
JsGetExternalData
JsGetFalseValue
JsGetGlobalObject
JsGetIndexedPropertiesExternalData
JsGetIndexedProperty
JsGetNullValue
JsGetOwnPropertyDescriptor
JsGetOwnPropertyNames
JsGetOwnPropertySymbols
JsGetProperty
JsGetPropertyIdFromName
JsGetPropertyIdFromSymbol
JsGetPropertyIdType
JsGetPropertyNameFromId
JsGetPrototype
JsGetRuntime
JsGetRuntimeMemoryLimit
JsGetRuntimeMemoryUsage
JsGetStringLength
JsGetSymbolFromPropertyId
JsGetTrueValue
JsGetTypedArrayInfo
JsGetTypedArrayStorage
JsGetUndefinedValue
JsGetValueType
JsHasException
JsHasExternalData
JsHasIndexedPropertiesExternalData
JsHasIndexedProperty
JsHasProperty
JsIdle
JsInspectableToObject
JsInstanceOf
JsIntToNumber
JsIsEnumeratingHeap
JsIsRuntimeExecutionDisabled
JsNumberToDouble
JsNumberToInt
JsObjectToInspectable
JsParseScript
JsParseScriptWithAttributes
JsParseSerializedScript
JsParseSerializedScriptWithCallback
JsPointerToString
JsPreventExtension
JsProjectWinRTNamespace
JsRelease
JsRunScript
JsRunSerializedScript
JsRunSerializedScriptWithCallback
JsSerializeScript
JsSetContextData
JsSetCurrentContext
JsSetException
JsSetExternalData
JsSetIndexedPropertiesToExternalData
JsSetIndexedProperty
JsSetObjectBeforeCollectCallback
JsSetProjectionEnqueueCallback
JsSetPromiseContinuationCallback
JsSetProperty
JsSetPrototype
JsSetRuntimeBeforeCollectCallback
JsSetRuntimeMemoryAllocationCallback
JsSetRuntimeMemoryLimit
JsStartDebugging
JsStartProfiling
JsStopProfiling
JsStrictEquals
JsStringToPointer
JsValueToVariant
JsVarAddRef
JsVarRelease
JsVarToExtension
JsVarToScriptDirect
JsVariantToValue
MemProtectHeapAddRootSection
MemProtectHeapCollect
MemProtectHeapCreate
MemProtectHeapDestroy
MemProtectHeapDisableCollection
MemProtectHeapIsValidObject
MemProtectHeapMemSize
MemProtectHeapNotifyCurrentThreadDetach
MemProtectHeapProtectCurrentThread
MemProtectHeapRemoveRootSection
MemProtectHeapReportHeapSize
MemProtectHeapRootAlloc
MemProtectHeapRootAllocLeaf
MemProtectHeapRootRealloc
MemProtectHeapRootReallocLeaf
MemProtectHeapSynchronizeWithCollector
MemProtectHeapUnprotectCurrentThread
MemProtectHeapUnrootAndZero

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0449909bfc529f25b22cc2d85e69294

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-normalization-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-localization-l2-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

rpcrt4

api-ms-win-core-memory-l1-1-4

bcrypt

api-ms-win-core-path-l1-1-0

iertutil

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

Exports

Exports

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.data Size: 76KB - Virtual size: 1.1MB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 192B

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 234KB - Virtual size: 234KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 76KB - Virtual size: 1.1MB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 192B

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 234KB - Virtual size: 234KB