chrome_elf[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

chrome_elf.zip
Size

376KB
MD5

47a3b57d58603315f8f05e6a41ce046d
SHA1

bb160831f94c5dd705922772eb818dc4d9658b3a
SHA256

21a66d5fc7d31fb99200162a111ae011010c6192d3b1be14d8b8d400fb57fd87
SHA512

23014328b4024c16c3a57e5d16985793a9ac0e68bfdb0307d22e34e7b1ca693344799c7337a472f761aa4353e50bf28f3190fb903cfdd98f8cd27f19b0992419
SSDEEP

6144:UsF9V0RCYoynaC8bX0nSQX8JEiKss3EXE9wuyz56sqqunXCmuJESD5Dw89CFqK/4:1d0tcJQXHiU3EE9wuy43quSmu+SD5DCq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dpapi.dll

Files

chrome_elf.zip
.zip
config.ini
dpapi.dll
.dll windows:6 windows x64 arch:x64

9931226b7925625c5569ed28a2c82ebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\blockthespot\src\x64\Release\dpapi.pdb

Imports

kernel32

GetCurrentThread
VirtualProtect
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
K32GetModuleInformation
GetProcAddress
GetModuleHandleW
WritePrivateProfileStringW
MultiByteToWideChar
GetPrivateProfileStringW
WideCharToMultiByte
LoadLibraryW
GetCommandLineW
DisableThreadLibraryCalls
CloseHandle
CreateThread
GetLastError
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
LoadLibraryExW
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
ReadConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SleepConditionVariableSRW
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
ReadFile
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
RtlUnwind

user32

MessageBoxW

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpOpen
WinHttpSendRequest

Exports

Exports

CryptProtectData
CryptProtectMemory
CryptUnprotectData
CryptUnprotectMemory
CryptUpdateProtectedState

Sections

.text
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9931226b7925625c5569ed28a2c82ebb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winhttp

Exports

Exports

Sections

.text Size: 553KB - Virtual size: 553KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 23KB - Virtual size: 23KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 553KB - Virtual size: 553KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 23KB - Virtual size: 23KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB