Chara[.]zip | Triage

Resubmissions

14-10-2024 11:51

241014-nz677sygql 7

14-10-2024 11:44

241014-nv7yyayfrq 7

Sharing

Copy URL

Twitter E-mail

General

Target

Chara.zip
Size

1.3MB
MD5

d10d5089fc2c60684696d9976941f948
SHA1

0e12a848bacf5b3c0b52e590c926d6b58ac4a644
SHA256

04bf6e981fc332c25aa893a7f071f3974f58292cb334570a558764f9f097967e
SHA512

feb44df6b9908bd8e5bdf48939ef75a544e34e9dc8ea3697720dddb6ef6ac7b5e71c1c489d1fd633e8cd1aab981af884e67b81ef08e5cefcd7acfeeafef40997
SSDEEP

24576:e+/uMrftiEjbOMd6vkWx9QIIxUouUegzT/N+jkGGjpmPJcT:e+/uIYEfd68WcIIxLXgjtBcT

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Chara/HackTool/CharaDLL.dll

Files

Chara.zip
.zip
Chara/HackTool/....txt
Chara/HackTool/CharaDLL.dll
.dll windows:4 windows x64 arch:x64

4634626f65d1259996bf5fc5d324a3d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

Exports

Exports

EnableStartButton
KeyboardProc
UnhookKeyboard
keyboardHook
startButtonDisabled

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Chara/HackTool/CharaWares/CharaJumpscare.png
.png
Chara/HackTool/CharaWares/Scan.png.png
.png
- https://pastebin.com/raw/YRdAwctA
Chara/HackTool/CharaWares/img0_3840x2160.jpg.jpg
Chara/HackTool/CharaWares/windowsGlitch.gif
.gif
Chara/HackTool/Crypt.dll
Chara/HackTool/InjectPUP.dll
Chara/HackTool/Shutdown.bat
Chara/HackTool/SyspnSc.dll
Chara/HackTool/Y0k9j8h76g5f4d3sdf56g7h8j9k.ps1
.ps1
Chara/InjectStart.vbs
.vbs
Chara/README.txt
Chara/Run.bat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

4634626f65d1259996bf5fc5d324a3d7

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 96B

.rdata Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 504B

.xdata Size: 512B - Virtual size: 436B

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 182B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 104B

.reloc Size: 512B - Virtual size: 92B

/4 Size: 1024B - Virtual size: 784B

/19 Size: 39KB - Virtual size: 38KB

/31 Size: 6KB - Virtual size: 5KB

/45 Size: 5KB - Virtual size: 5KB

/57 Size: 3KB - Virtual size: 2KB

/70 Size: 512B - Virtual size: 302B

/81 Size: 12KB - Virtual size: 11KB

/92 Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 96B

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 504B

.xdata
Size: 512B - Virtual size: 436B

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 182B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 92B

/4
Size: 1024B - Virtual size: 784B

/19
Size: 39KB - Virtual size: 38KB

/31
Size: 6KB - Virtual size: 5KB

/45
Size: 5KB - Virtual size: 5KB

/57
Size: 3KB - Virtual size: 2KB

/70
Size: 512B - Virtual size: 302B

/81
Size: 12KB - Virtual size: 11KB

/92
Size: 1KB - Virtual size: 1KB