Trojan.Chapak.HCH

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Chapak.HCH
Signature status:	Modified signature

Known Samples

MD5: 6f8ac79cf191fc3c9adc73bfb11e3d22

SHA1: 84d55ada1ac6473761bea2f5535c993acf158bd0

SHA256: 4DB6A8C66712915DF478B8E5A441F5411E520FCBD58FB7F8CB7DE1B54BB23313

File Size: 86.30 KB, 86304 bytes

MD5: 96a6621c2da7b219a9fc56acf34be927

SHA1: d1583dcf1fdf4587939d335e3489bc63b124b2c4

SHA256: 5D2DC29F7B39294EC2E3729B115D52EE2700BDAB8EB660E793EBBDEAF55E55B8

File Size: 86.30 KB, 86304 bytes

MD5: 22b6c6b8ee02c8734a9406374659aacf

SHA1: 2d458ef0163fbbc965e02d03e2c349578fb6b586

SHA256: C44C16E4FD84D66458217BB64D9B6D55D91A24572A4E19CA48744088FAF0E7B9

File Size: 86.29 KB, 86288 bytes

MD5: c9ed40bdbff5e41df669d04bfe76b790

SHA1: cf6d8c1b8aede35a55ba26ddf84f9de22afbae82

SHA256: 93176CFC1731CDEFEDB06A1200180FD83B5ED269FB520AD45CB382C1963F24BA

File Size: 86.30 KB, 86304 bytes

MD5: 463969d3abcf362e806a0236977b8ca3

SHA1: a56e70d5611df0635690bbc36de32dd0099e7d05

SHA256: CE5586AED42E54BD524B2D308404D582295C933AF1421C223BCDD737DFB22B00

File Size: 86.30 KB, 86304 bytes

MD5: 5a06e156b7144b3313ac6f723ebe5f0b

SHA1: 87520290863c71c11fc69f77fd0c2753453c9e0c

SHA256: 6B0AF1C398C705E6F0E3E00FA3E444E5FFE1A4EDF2062C48C8A0829C728ADA84

File Size: 86.29 KB, 86288 bytes

MD5: f80f150b4c5979e07c81792d151068e5

SHA1: 8d8254111a42b7c9d5db85f873b698d5fab63c0b

SHA256: 19273581485B3D0D2244296F15B60DC544126893841807DE0E4615AB5470B2B3

File Size: 86.30 KB, 86304 bytes

MD5: 78a7436606966abcda1c39a335d1e7c9

SHA1: 7d811edb6ba85ef6fd2c924660bde5d6e74ceb25

SHA256: 547EF80D6CFA3190BC14C2775858A5ECB38C42078F95BC7DDF3F0BE09E3C4FBE

File Size: 86.30 KB, 86304 bytes

MD5: aade43570622d8a2ae67f19b85cd92c1

SHA1: a7879d67840db58abfbf1e758e41a9fe3f44c9e4

SHA256: 2AB8BED116913D5B9203C3D5A77EE4CAC3EB3417A8F65D42ECE944FE8A04ED12

File Size: 86.30 KB, 86304 bytes

MD5: 25ee4630c250a3c71e1e95abfacf2483

SHA1: 15d5f24bf775535838f650edad15d6cbeda47697

SHA256: 195515236C8B402EAA800ABA47D6A209E502D1083ED659703C1DAAACE3D69B29

File Size: 86.29 KB, 86288 bytes

MD5: 1bc0990c6ee47ad632b9a05da95aeb45

SHA1: 91dcb7d49b3381933fd16211b949a20c49f17f76

SHA256: 2EE67CDE99E80253C662D203C99A656AB119382F9C0369D4B0AAFA63F8C50A89

File Size: 86.30 KB, 86304 bytes

MD5: d563b436826bc34f076e4a8f26734d05

SHA1: 4641bf9b07d318a90d832e26aabb7c175c8b9ef4

SHA256: 2AFEED66F32AE4628AF840CE60CD71A57F632F2BAC8EF54F3E739D062AE9F690

File Size: 86.30 KB, 86304 bytes

MD5: 7996176635107232439e27750de8fdcb

SHA1: 7c247132c3f470fa46f93368c71f18090f6b696c

SHA256: E0147300B42A9177E547E7BB6177E6E7B7F5C46C3035F20CBE9305461FE34F5B

File Size: 86.30 KB, 86304 bytes

MD5: afafd6fb4d0db6157856cbe0a6edf714

SHA1: 0fe0920f31f359c432c07c39a79bb754c5bc120a

SHA256: BEE84820DC354C0D70E26A8FAE29D4DF7B99A8D0F9A683332F1BAF8D15131886

File Size: 86.29 KB, 86288 bytes

MD5: 547adec95cad3addf4ce4beba910887e

SHA1: 2b69e5a49d1f7c6fc2e5b92f29da953bfaf476c0

SHA256: 7BECD7BB32EB1836905FE4347B186F2A3C9B1256CEA5A01D3516ED46B7A52D32

File Size: 86.29 KB, 86288 bytes

MD5: 8d57eb6bdd173eaad3e0740d1c2b772b

SHA1: 4d912acd1a5679bc9aa7ad81ce2ef50d211c803d

SHA256: FF8C4A2F5587F5CF60083F2332C9563066449365B6CA1AA2CD912469CD5A899F

File Size: 86.30 KB, 86304 bytes

MD5: b72fd491e34b15916ae4f33be3bdce6f

SHA1: 49b8dc017b2c7c989e595bf8aecdfd34ebec1d12

SHA256: 60B9EE6A5267A5364BE6A83AC8258DBCB69B80FB80EF2EBDB076FF094598688A

File Size: 86.30 KB, 86304 bytes

MD5: 33e7ac0e25d2fdff28ad3e0f4099336f

SHA1: 9781fbba1cbf3b787cd75bce794cd10e2302f649

SHA256: E8281B0852A889BE15FFBF92A112033E48CBD5EC1DB0B3355CE35F74C789BC27

File Size: 86.30 KB, 86304 bytes

MD5: 93b2672af11bd5164f5d7bde1cea031b

SHA1: 54906e6aa960d05b75ce3924fae52d1c19f38ed0

SHA256: 9FD26C44DA08892B07D5091D1FBF3487F4A9D80F4B944A2E3E91D5BE603C9927

File Size: 86.30 KB, 86304 bytes

MD5: 0401498a6e94ecca69e1dd2496ffb8a4

SHA1: d4e95788b596ed98e8ae0cd1dcf1200649ea4c2b

SHA256: 48D757E1753D47EB65D3B3F864D1EC4A54C30F8E011A28D6402299AC9AD7CD93

File Size: 86.30 KB, 86304 bytes

MD5: 9e84f6a8c5cc7ebdf4e3c53ceca2abff

SHA1: 4ae07ef4dab766b2e47acccbec42f82d8d656560

SHA256: 3DDA1C2608E3264DBFBF75D21194D4F1F7DFEFD2B037F9B22D6AFD2C91023F1E

File Size: 86.28 KB, 86280 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

No Version Info
x86

Block Information

Total Blocks:	333
Potentially Malicious Blocks:	1
Whitelisted Blocks:	332
Unknown Blocks:	0

Visual Map

x 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 2 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Chapak.HCG
Chapak.HCH
Dropper.Agent.O
Kryptik.AHCA
Kryptik.VI

Trojan.Agent.Gen.GS

Windows API Usage

Category	API
Cert Store Read	CertOpenSystemStore
Cert Store Write	CertAddCertificateContextToStore
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCreateEvent ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore Show More ntdll.dll!NtCreateThreadEx ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe (NULL)

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Chapak.HCH

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

TeamPCP Worm

Trump Crypto Giveaway Scam

Winyourprize36.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen