C:\Users\fasbe\source\repos\ImCytox\Cherax\bin\Final\CheraxLoader.pdb
Resubmissions
26/05/2024, 23:03
240526-21s9mafc9t 3Static task
static1
1 signatures
General
-
Target
CheraxLoader.exe
-
Size
3.0MB
-
MD5
f1f01acf159f224111b2ec36f9b9b77e
-
SHA1
4bf571addd40668efbe6ee16cfb2af319140c2b2
-
SHA256
9851f21e4e867551c28b7d3f18adea737eedc948584a27acda7f10cab4804952
-
SHA512
54d85fa62f056abe9d3c4ef30040bae031566923f4e30223255075ba15f39b3897ebd92921f46df10bc379af082f55a2eaa6daa5dc8b8ba3d22a1d8889328eff
-
SSDEEP
49152:9bcVvq1KvFWNO2+i2jYRYSX2ysjO7LW8edOMuMB5rqM:9QufsPwXOjOmO
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CheraxLoader.exe
Files
-
CheraxLoader.exe.exe windows:6 windows x64 arch:x64
Password: chergay
29fd3b2d8af71fa4b64c3a130e075df7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
UnmapViewOfFile
MapViewOfFile
HeapFree
HeapAlloc
CreateFileA
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
RtlVirtualUnwind
CreateProcessW
VirtualAllocEx
GetProcAddress
Process32FirstW
Process32NextW
RtlLookupFunctionEntry
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileSizeEx
WaitForSingleObjectEx
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetStdHandle
ReadFile
SleepEx
GetEnvironmentVariableA
VerifyVersionInfoW
GetTickCount
DeleteCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateToolhelp32Snapshot
LoadLibraryW
GetSystemDirectoryW
FormatMessageW
SetLastError
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
QueryPerformanceFrequency
LoadLibraryA
Sleep
CreateRemoteThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
OpenProcess
GetModuleHandleA
WriteProcessMemory
SetUnhandledExceptionFilter
GetModuleHandleW
UnhandledExceptionFilter
AddVectoredExceptionHandler
GetCurrentThread
GetModuleHandleExA
GetCurrentThreadId
GetCurrentProcess
RtlCaptureContext
RemoveVectoredExceptionHandler
GetLastError
CreateProcessA
GetCurrentProcessId
GetComputerNameW
ExitProcess
SetFileAttributesA
CloseHandle
GetModuleFileNameA
GetFileAttributesA
GetVolumeInformationA
CreateFileMappingA
VirtualFreeEx
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
WriteFile
EnterCriticalSection
user32
GetActiveWindow
DefWindowProcW
GetWindowRect
DestroyWindow
SetWindowPos
SetActiveWindow
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
GetForegroundWindow
SetFocus
GetCursorPos
SetCursorPos
MessageBoxA
FindWindowA
SetForegroundWindow
UpdateWindow
PostQuitMessage
TranslateMessage
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
CreateWindowExW
ReleaseCapture
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
LoadCursorW
GetClientRect
SetCursor
SetCapture
advapi32
CryptHashData
CryptGetHashParam
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameA
CryptCreateHash
CryptAcquireContextW
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
shell32
SHGetFolderPathA
ShellExecuteW
msvcp140
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@ios_base@std@@IEAAXXZ
??0ios_base@std@@IEAA@XZ
??1ios_base@std@@UEAA@XZ
?clear@ios_base@std@@QEAAXH_N@Z
??1ctype_base@std@@UEAA@XZ
??0ctype_base@std@@QEAA@_K@Z
?do_encoding@codecvt_base@std@@MEBAHXZ
?do_max_length@codecvt_base@std@@MEBAHXZ
??1codecvt_base@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0codecvt_base@std@@QEAA@_K@Z
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??1facet@locale@std@@MEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0facet@locale@std@@IEAA@_K@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Toupper
_Tolower
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bios_base@std@@QEBA_NXZ
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Thrd_yield
??0_Locinfo@std@@QEAA@PEBD@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Locinfo@std@@QEAA@XZ
_Mtx_unlock
_Thrd_join
?good@ios_base@std@@QEBA_NXZ
_Thrd_detach
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Query_perf_counter
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
d3d11
D3D11CreateDeviceAndSwapChain
winhttp
WinHttpConnect
WinHttpWebSocketClose
WinHttpSendRequest
WinHttpCloseHandle
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketReceive
WinHttpSetOption
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpWebSocketSend
dbghelp
SymCleanup
SymSetOptions
SymInitialize
StackWalk64
SymGetLineFromAddr64
ImageNtHeader
SymFunctionTableAccess64
SymGetModuleBase64
d3dcompiler_47
D3DCompile
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext
bcrypt
BCryptGenRandom
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcmp
memchr
memmove
memcpy
longjmp
__std_exception_copy
__std_terminate
strstr
strrchr
wcschr
__current_exception
__current_exception_context
__C_specific_handler
strchr
_CxxThrowException
memset
__intrinsic_setjmp
__std_exception_destroy
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
realloc
free
calloc
malloc
api-ms-win-crt-math-l1-1-0
_dclass
_dsign
_ldclass
_fdsign
acosf
ceilf
_ldsign
fmodf
_fdopen
cosf
ldexp
sqrtf
__setusermatherr
powf
sinf
_fdclass
api-ms-win-crt-convert-l1-1-0
wcstombs
strtoull
atoi
strtod
strtoll
strtoul
strtol
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
__sys_nerr
system
__sys_errlist
_register_onexit_function
_errno
terminate
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
abort
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
localeconv
_configthreadlocale
api-ms-win-crt-stdio-l1-1-0
__p__commode
_read
_write
_fileno
_lseeki64
fputc
_close
fgets
fflush
fclose
_wopen
__stdio_common_vswprintf
fgetc
fputs
_set_fmode
fgetpos
fopen
fwrite
setvbuf
_wfopen
ungetc
__acrt_iob_func
fsetpos
__stdio_common_vsprintf
fseek
__stdio_common_vsscanf
feof
fopen_s
fread
ferror
ftell
_get_stream_buffer_pointers
_fseeki64
api-ms-win-crt-filesystem-l1-1-0
_stat64i32
_unlock_file
_waccess
_fstat64
_lock_file
_unlink
remove
_wstat64
api-ms-win-crt-time-l1-1-0
_mktime64
_localtime64
_gmtime64
strftime
_time64
api-ms-win-crt-string-l1-1-0
strncpy
_wcsdup
wcspbrk
strcspn
strspn
wcsncmp
strpbrk
_strdup
strncmp
strcmp
wcsncpy
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
qsort
ws2_32
bind
sendto
recvfrom
connect
recv
listen
accept
__WSAFDIsSet
htonl
freeaddrinfo
socket
ioctlsocket
select
gethostname
htons
WSAIoctl
setsockopt
closesocket
WSAGetLastError
WSASetLastError
ntohs
WSACloseEvent
getaddrinfo
getpeername
WSACreateEvent
WSASetEvent
WSAEventSelect
WSAResetEvent
send
WSAWaitForMultipleEvents
getsockopt
WSAEnumNetworkEvents
WSACleanup
WSAStartup
getsockname
wldap32
ord142
ord145
ord301
ord219
ord133
ord73
ord208
ord167
ord127
ord26
ord41
ord46
ord14
ord27
ord79
ord117
ord216
ord147
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertOpenStore
PFXImportCertStore
CryptStringToBinaryW
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringW
CertFindExtension
CertFreeCertificateContext
Exports
Exports
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_ws_meta
curl_ws_recv
curl_ws_send
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 999KB - Virtual size: 999KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ