Chimera[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Chimera.zip
Size

53.1MB
MD5

4765db89b5f48cc59f1d42919ceb90f4
SHA1

4324a1d22ec9f8f770121e16fb5a8a0167aa379a
SHA256

eca55890dc9d9d3291cfc6992c3ba405e0962c5135ed076d80d30f1dcf28f1ad
SHA512

18c414aa232cfe21ddce4bbcb9a145259b881f79f9f858117b275e5a3ee29b8c7f6909edb7661b1be039c4b7f9cd224afe025a3885d5ccad452d94f7b28ed8bc
SSDEEP

1572864:8GkOjI61Ioq2rGtMNfvfysKYONkwa7VW5yui:8OE61FrP3fdONkDsi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Chimera/uninstall.exe	upx

Files

Chimera.zip
.zip
Chimera/Chimera.exe
.exe windows:6 windows x86 arch:x86

Code Sign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/07/2021, 00:00

Not After

27/07/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:2c:9e:2f:65:95:7c:bb:63:9c:55:77:9d:4b:64:c6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/10/2022, 00:00

Not After

26/09/2024, 23:59

Subject

SERIALNUMBER=202042237W,CN=Griff Gate Pte. Ltd.,O=Griff Gate Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:ce:9b:ad:bd:ac:0d:49:b6:94:9c:93:3e:64:eb:b4:29:0c:3e:d5:6a:de:21:16:00:e0:db:71:a2:2b:32:06
Signer

Actual PE Digest

0a:ce:9b:ad:bd:ac:0d:49:b6:94:9c:93:3e:64:eb:b4:29:0c:3e:d5:6a:de:21:16:00:e0:db:71:a2:2b:32:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite

Sections

Size: 18.2MB - Virtual size: 44.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.1MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 282KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 87KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.winlice
Size: - Virtual size: 32.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 21.0MB - Virtual size: 21.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Chimera/uninstall.exe
.exe windows:5 windows x86 arch:x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:29:26:25:16:af:38:a3:67:20:4f:ff:fd:57:29:21
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2020, 00:00

Not After

02/11/2023, 23:59

Subject

SERIALNUMBER=201728221C,CN=ASTUTE SIGHT SINGAPORE PTE. LTD.,O=ASTUTE SIGHT SINGAPORE PTE. LTD.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:38:c3:aa:7b:26:b4:8b:a8:25:ac:1a:ee:c8:37:90
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2020, 00:00

Not After

02/11/2023, 23:59

Subject

SERIALNUMBER=201728221C,CN=ASTUTE SIGHT SINGAPORE PTE. LTD.,O=ASTUTE SIGHT SINGAPORE PTE. LTD.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:49:b5:01:4e:b7:92:8f:d0:26:14:36:9e:21:0f:b0:07:86:85:ab:7c:12:05:69:2b:1e:ac:70:e0:0b:a0:cd
Signer

Actual PE Digest

0c:49:b5:01:4e:b7:92:8f:d0:26:14:36:9e:21:0f:b0:07:86:85:ab:7c:12:05:69:2b:1e:ac:70:e0:0b:a0:cd

Digest Algorithm

sha256

PE Digest Matches

true

f4:e5:48:ba:26:46:1f:75:f9:f5:e0:cb:50:b4:9b:92:06:54:49:7b
Signer

Actual PE Digest

f4:e5:48:ba:26:46:1f:75:f9:f5:e0:cb:50:b4:9b:92:06:54:49:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 19.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8fCertificate

Extended Key Usages

Key Usages

01:2c:9e:2f:65:95:7c:bb:63:9c:55:77:9d:4b:64:c6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0a:ce:9b:ad:bd:ac:0d:49:b6:94:9c:93:3e:64:eb:b4:29:0c:3e:d5:6a:de:21:16:00:e0:db:71:a2:2b:32:06Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 18.2MB - Virtual size: 44.9MB

Size: 4.1MB - Virtual size: 10.9MB

Size: 282KB - Virtual size: 1.2MB

Size: 1024B - Virtual size: 2KB

Size: 87KB - Virtual size: 486KB

.edata Size: 1024B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.rsrc Size: 487KB - Virtual size: 487KB

.winlice Size: - Virtual size: 32.2MB

.boot Size: 21.0MB - Virtual size: 21.0MB

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

05:29:26:25:16:af:38:a3:67:20:4f:ff:fd:57:29:21Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

04:38:c3:aa:7b:26:b4:8b:a8:25:ac:1a:ee:c8:37:90Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0c:49:b5:01:4e:b7:92:8f:d0:26:14:36:9e:21:0f:b0:07:86:85:ab:7c:12:05:69:2b:1e:ac:70:e0:0b:a0:cdSigner

f4:e5:48:ba:26:46:1f:75:f9:f5:e0:cb:50:b4:9b:92:06:54:49:7bSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 19.5MB

UPX1 Size: 7.5MB - Virtual size: 7.5MB

.rsrc Size: 83KB - Virtual size: 84KB

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

01:2c:9e:2f:65:95:7c:bb:63:9c:55:77:9d:4b:64:c6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0a:ce:9b:ad:bd:ac:0d:49:b6:94:9c:93:3e:64:eb:b4:29:0c:3e:d5:6a:de:21:16:00:e0:db:71:a2:2b:32:06
Signer

.edata
Size: 1024B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 487KB - Virtual size: 487KB

.winlice
Size: - Virtual size: 32.2MB

.boot
Size: 21.0MB - Virtual size: 21.0MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

05:29:26:25:16:af:38:a3:67:20:4f:ff:fd:57:29:21
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

04:38:c3:aa:7b:26:b4:8b:a8:25:ac:1a:ee:c8:37:90
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0c:49:b5:01:4e:b7:92:8f:d0:26:14:36:9e:21:0f:b0:07:86:85:ab:7c:12:05:69:2b:1e:ac:70:e0:0b:a0:cd
Signer

f4:e5:48:ba:26:46:1f:75:f9:f5:e0:cb:50:b4:9b:92:06:54:49:7b
Signer

UPX0
Size: - Virtual size: 19.5MB

UPX1
Size: 7.5MB - Virtual size: 7.5MB

.rsrc
Size: 83KB - Virtual size: 84KB