chainsaw_x86_64-pc-windows-msvc[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

chainsaw_x86_64-pc-windows-msvc.zip
Size

2.1MB
MD5

72e7f93ffd43b710768a0a75b58ac887
SHA1

d392428b1094b71368fcacd7014956a5fae6be8a
SHA256

ca1f94309a9e588c3ac1a61beb1b1dede20b814dfaca70d86d16eb26b50bc55a
SHA512

f1073f235f2613e9400308ee5776991dc3b1c8663abec2671b15b3f919ffdeb5f761e8d7028bb63144f1b71fc02ecc7000b05bb1b949c93f93e1e2ce9b674545
SSDEEP

49152:1IXbv1RZM5hxQog+MwSuKmlCqXp2nzlTyA0NzzRdpug7rEytx:1Irv1HWzQog+jcPxWNzzLpTtx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/chainsaw/chainsaw.exe

Files

chainsaw_x86_64-pc-windows-msvc.zip
.zip
chainsaw/LICENCE
chainsaw/README.md
chainsaw/chainsaw.exe
.exe windows:6 windows x64 arch:x64

3317bab7975b81448823d500cd7cdfb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\chainsaw\chainsaw\target\release\deps\chainsaw.pdb

Imports

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

kernel32

SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetLastError
GetCurrentThreadId
GetCommandLineW
SetFilePointerEx
CreateDirectoryW
FindClose
ReleaseMutex
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
FindFirstFileW
GetFinalPathNameByHandleW
SetUnhandledExceptionFilter
lstrlenW
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
FillConsoleOutputCharacterW
CreateFileA
GetFileInformationByHandleEx
AcquireSRWLockShared
ReleaseSRWLockShared
GetSystemInfo
SleepConditionVariableSRW
WriteConsoleW
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
CreateFileW
SetConsoleCursorPosition
TryAcquireSRWLockExclusive
GetStdHandle
SetConsoleMode
GetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
AddVectoredExceptionHandler
IsProcessorFeaturePresent

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

vcruntime140

memmove
__current_exception_context
__CxxFrameHandler3
memcpy
memcmp
memset
_CxxThrowException
__C_specific_handler
__current_exception

api-ms-win-crt-math-l1-1-0

round
log
trunc
__setusermatherr
ceil
truncf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_narrow_environment
_get_initial_narrow_environment
_configure_narrow_argv
_exit
_set_app_type
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
exit
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chainsaw/mappings/sigma-event-logs-all.yml
chainsaw/mappings/sigma-event-logs-legacy.yml
chainsaw/mappings/sigma-mft-logs-all.yml

Sharing

General

Malware Config

Signatures

Files

3317bab7975b81448823d500cd7cdfb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

kernel32

shell32

ole32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 172KB - Virtual size: 172KB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 172KB - Virtual size: 172KB

.reloc
Size: 107KB - Virtual size: 106KB