7c8f4157b42bbd5a98a8ba8b9305026a_cerber_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7c8f4157b42bbd5a98a8ba8b9305026a_cerber_JC.exe
Size

125KB
MD5

7c8f4157b42bbd5a98a8ba8b9305026a
SHA1

e6d04cb00bf9651c10059200c446f7df7c957d35
SHA256

d131802bc19f57aee12fe2a03159b783f4f6eb51110c8e8ac6d576e6da644bcf
SHA512

5a0d7ed959cc3224d212238ff9755da003fcc777d27654b285d76b4db30103a11d7668f9d203f0c72d5e2b6d6923307e0bd00055a7b1ebf7693c5329b9fed8fa
SSDEEP

3072:BgseV9sA1HtPE3IU5O2H4V3ZBT6MhoKdFqxIIe/0D9Xcldz3rIS:BnC3c3bw2YVJBT6MSKRIRRGdzcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c8f4157b42bbd5a98a8ba8b9305026a_cerber_JC.exe

Files

7c8f4157b42bbd5a98a8ba8b9305026a_cerber_JC.exe
.exe windows x86

4308be656cb0f2732f1cac82dfc87ef0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
InternetOpenA
HttpSendRequestA

shlwapi

PathUnquoteSpacesW
PathCombineW
StrStrIW
StrCmpNIW
StrCpyNW
StrChrIA
StrStrIA
PathFindFileNameW
StrSpnA
StrCmpNIA
PathRemoveExtensionW
StrCmpIW
StrToIntA
StrChrA
StrChrW
StrCmpNW
PathMatchSpecW
StrPBrkA
StrToInt64ExA
PathSkipRootW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoA

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

imagehlp

CheckSumMappedFile

ws2_32

htons
sendto
socket
WSAStartup
inet_ntoa
inet_addr
htonl
shutdown
closesocket
gethostbyname

kernel32

WaitForSingleObject
SetEvent
OutputDebugStringW
SetFileTime
WriteFile
InitializeCriticalSection
Sleep
LeaveCriticalSection
GetTimeFormatW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
GetFileSizeEx
MoveFileW
EnterCriticalSection
CreateEventW
SizeofResource
GetFileTime
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
lstrcpyW
CreateThread
LoadResource
FindResourceW
FreeResource
LocalFree
ExitProcess
lstrcpynA
GetTempFileNameW
GetFileSize
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateProcessW
LoadLibraryExW
LoadLibraryW
CopyFileW
ReadProcessMemory
GetSystemWow64DirectoryW
lstrcpynW
TerminateProcess
GetSystemDirectoryA
FlushInstructionCache
SetFilePointerEx
GetTempPathW
VirtualAllocEx
CreateFileMappingW
OpenEventW
WinExec
GetWindowsDirectoryW
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
MultiByteToWideChar
CreateMutexW
SetFilePointer
GetCurrentProcess
GetCurrentThread
SetThreadPriority
WaitForMultipleObjects
SetCurrentDirectoryW
OutputDebugStringA
SetProcessShutdownParameters
GetFileAttributesA
lstrlenA
SearchPathW
lstrcpyA
GetEnvironmentVariableW
GetCurrentThreadId
TlsAlloc
GetVersionExW
lstrcmpiA
GetTickCount
GetModuleFileNameA
GetDateFormatW
GetProcAddress
lstrlenW
lstrcatW
MulDiv
GetSystemDirectoryW
CreateToolhelp32Snapshot
IsBadWritePtr
LockResource
SetErrorMode
GetSystemWindowsDirectoryW
GetModuleHandleW
GetVolumeInformationW
GetLastError
OpenMutexW
VirtualProtect
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
GetModuleHandleA
QueryDosDeviceW
FindNextFileW
ExpandEnvironmentStringsW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
GetComputerNameA
lstrcmpiW
CreateDirectoryW
Process32NextW
GetSystemInfo
OpenProcess
WideCharToMultiByte
IsBadStringPtrA
GetHandleInformation
IsBadCodePtr
IsBadStringPtrW
RtlUnwind
CreateFileW
FlushFileBuffers
Process32FirstW
IsBadReadPtr

advapi32

RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetKernelObjectSecurity
LookupPrivilegeValueW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
RegSetValueExW
ConvertSidToStringSidW
GetLengthSid
RegFlushKey
RegOpenKeyW
AdjustTokenPrivileges
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegEnumKeyW
CryptDestroyKey
CryptAcquireContextW
CryptGetKeyParam
CryptEncrypt
RegQueryValueExW

user32

GetLastInputInfo
GetForegroundWindow
DispatchMessageW
DefWindowProcW
ReleaseDC
RegisterClassW
CreateWindowExW
PeekMessageW
TranslateMessage
wsprintfA
FillRect
DrawTextA
GetDC
CharLowerBuffA
GetSystemMetrics
RegisterClassExW
UnregisterClassW
GetKeyboardLayoutList
SystemParametersInfoW
wsprintfW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoUninitialize

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
SHChangeNotify

ntdll

ZwOpenSection
RtlFreeUnicodeString
NtDeleteFile
isspace
RtlDosPathNameToNtPathName_U
memmove
ZwOpenProcess
ZwClose
ZwOpenDirectoryObject
ZwQuerySystemInformation
_chkstk
ZwQueryInformationProcess
_aullshr
_allshl
_alldiv
_allmul
memset
_aulldvrm
memcpy
NtQueryVirtualMemory

oleaut32

SysAllocString
SysFreeString

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
SetBkColor
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
GetStockObject

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4308be656cb0f2732f1cac82dfc87ef0

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wininet

shlwapi

version

mpr

imagehlp

ws2_32

kernel32

advapi32

user32

ole32

shell32

ntdll

oleaut32

gdi32

netapi32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 11KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 11KB

.rsrc
Size: 30KB - Virtual size: 30KB