Cobaltbghdbghich18_browsingExe[.]exe

General

Target

Cobaltbghdbghich18_browsingExe.exe
Size

28KB
MD5

10f3679384a03cb487bda9621ceb5f90
SHA1

31cc8718894d6e6ce8c132f68b8caaba39b5ba7a
SHA256

0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc
SHA512

5867b4b19720425e001db74079ceec339d153d858296f8d14422683176109474b5cd88ebfd8255f7cee439b8667fd8806460f764a64d2497d8beab2daffe0e26
SSDEEP

384:WcQ4ZQULdSpvmhrd5TWSicdxs2QUHeMme+pwKbAQsIlk4i/8E9VF0Nylb:WSrscb9IlkeE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cobaltbghdbghich18_browsingExe.exe

Files

Cobaltbghdbghich18_browsingExe.exe
.exe windows x64

832219eb71b8bdb771f1d29d27b0acf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

rand
srand
RtlInitUnicodeString
RtlGetVersion
KeDelayExecutionThread
ExAllocatePoolWithTag
ExFreePoolWithTag
ExSystemTimeToLocalTime
MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoGetCurrentProcess
ObReferenceObjectByHandleWithTag
ObfDereferenceObject
ObfDereferenceObjectWithTag
MmIsAddressValid
PsGetProcessExitStatus
PsIsThreadTerminating
PsLookupProcessByProcessId
PsLookupThreadByThreadId
PsGetThreadProcess
PsIsSystemThread
ObOpenObjectByPointerWithTag
KeBugCheckEx

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

832219eb71b8bdb771f1d29d27b0acf4

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 272B

.pdata Size: 512B - Virtual size: 348B

INIT Size: 1024B - Virtual size: 1006B

.reloc Size: 512B - Virtual size: 32B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 348B

INIT
Size: 1024B - Virtual size: 1006B

.reloc
Size: 512B - Virtual size: 32B