2023-03-07_73edf11e61fcd4446cd6c9dc3dab1a76_cerber[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-03-07_73edf11e61fcd4446cd6c9dc3dab1a76_cerber.exe
Size

1.1MB
MD5

73edf11e61fcd4446cd6c9dc3dab1a76
SHA1

93c73a193fd8940eb194c8c2eb31d37f7abc5812
SHA256

db47addc5d20966badd482543d67e70a1ef5e719a2c907e80bc1d3a9080c22d4
SHA512

86588890005cca9ea1096226d3feeb2db4e57cfa0bd98d04f3f4b2afe7c72fbe13ef50dc0bdf57daf1607c4a7dcd4e09c0bdcef83451f15962435e85283d9e23
SSDEEP

3072:p+PkbTWYtBzNgnbRh6JuB/ffDkjjdqxEIeeD91+UB77:As2cBCbRdB/ffDkjXIjRx7

Score

1^/10

Malware Config

Signatures

Files

2023-03-07_73edf11e61fcd4446cd6c9dc3dab1a76_cerber.exe
.exe windows x86

ae80b4ecb14ba8e602aaba0e2180c87d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
InternetOpenA
HttpSendRequestA

shlwapi

PathRemoveExtensionW
StrCmpNIA
StrToIntA
StrChrA
StrToInt64ExA
StrSpnA
PathFindFileNameW
StrStrIA
StrCmpNW
StrChrIA
StrCpyNW
PathMatchSpecW
StrCmpNIW
StrPBrkA
PathCombineW
PathSkipRootW
StrStrIW
PathUnquoteSpacesW
StrChrW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoA

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

imagehlp

CheckSumMappedFile

ws2_32

htons
sendto
socket
WSAStartup
inet_ntoa
inet_addr
htonl
shutdown
closesocket
gethostbyname

kernel32

WaitForSingleObject
SetEvent
OutputDebugStringW
SetFileTime
WriteFile
InitializeCriticalSection
Sleep
LeaveCriticalSection
GetTimeFormatW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
GetFileSizeEx
MoveFileW
EnterCriticalSection
CreateEventW
SizeofResource
GetFileTime
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
lstrcpyW
CreateThread
LoadResource
FindResourceW
FreeResource
LocalFree
ExitProcess
lstrcpynA
MultiByteToWideChar
GetTempFileNameW
GetFileSize
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateProcessW
LoadLibraryExW
LoadLibraryW
CopyFileW
ReadProcessMemory
GetSystemWow64DirectoryW
lstrcpynW
TerminateProcess
FlushInstructionCache
SetFilePointerEx
GetTempPathW
VirtualAllocEx
CreateFileMappingW
OpenEventW
WinExec
GetWindowsDirectoryW
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
WideCharToMultiByte
CreateMutexW
GetCurrentProcess
GetCurrentThreadId
SetFilePointer
SetThreadPriority
WaitForMultipleObjects
SetCurrentDirectoryW
OutputDebugStringA
SetProcessShutdownParameters
GetFileAttributesA
lstrlenA
SearchPathW
lstrcpyA
GetEnvironmentVariableW
IsBadWritePtr
TlsAlloc
GetVersionExW
lstrcmpiA
GetTickCount
GetModuleFileNameA
GetDateFormatW
GetProcAddress
lstrlenW
lstrcatW
MulDiv
GetSystemDirectoryW
CreateToolhelp32Snapshot
LockResource
SetErrorMode
GetSystemWindowsDirectoryW
GetModuleHandleW
GetVolumeInformationW
GetLastError
OpenMutexW
VirtualProtect
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
GetModuleHandleA
QueryDosDeviceW
FindNextFileW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
GetComputerNameA
lstrcmpiW
ExpandEnvironmentStringsW
CreateDirectoryW
Process32NextW
GetSystemInfo
OpenProcess
GetCurrentThread
IsBadStringPtrA
GetHandleInformation
IsBadCodePtr
IsBadStringPtrW
RtlUnwind
CreateFileW
FlushFileBuffers
Process32FirstW
IsBadReadPtr

advapi32

RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetKernelObjectSecurity
LookupPrivilegeValueW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
GetLengthSid
RegSetValueExW
RegFlushKey
RegOpenKeyW
AdjustTokenPrivileges
RegCreateKeyExW
RegEnumValueW
RegEnumKeyW
CryptDestroyKey
CryptAcquireContextW
CryptGetKeyParam
RegDeleteValueW
CryptEncrypt
RegQueryValueExW

user32

wsprintfW
DispatchMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
PeekMessageW
TranslateMessage
wsprintfA
CharLowerBuffA
GetSystemMetrics
GetKeyboardLayoutList
ReleaseDC
SystemParametersInfoW
GetDC
DrawTextA
FillRect
GetLastInputInfo
RegisterClassExW
UnregisterClassW
GetForegroundWindow

ole32

CoCreateInstance
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoUninitialize

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHChangeNotify

ntdll

ZwOpenSection
RtlFreeUnicodeString
NtDeleteFile
isspace
RtlDosPathNameToNtPathName_U
memmove
ZwOpenProcess
ZwClose
ZwOpenDirectoryObject
ZwQuerySystemInformation
_chkstk
ZwQueryInformationProcess
_allmul
memcpy
_alldiv
memset
_aulldvrm
NtQueryVirtualMemory

oleaut32

SysAllocString
SysFreeString

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
SetBkColor
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
GetStockObject

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae80b4ecb14ba8e602aaba0e2180c87d

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wininet

shlwapi

version

mpr

imagehlp

ws2_32

kernel32

advapi32

user32

ole32

shell32

ntdll

oleaut32

gdi32

netapi32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 32KB - Virtual size: 30KB