fc21dd5a90b16f7de43fc871976df165c31ca5a4fe504faf87a71a6b1051b6fb

Sharing

Copy URL Twitter E-mail

General

Target

fc21dd5a90b16f7de43fc871976df165c31ca5a4fe504faf87a71a6b1051b6fb
Size

4.8MB
MD5

a2d298e2b8502abe1722a9867a76d846
SHA1

4e05f578169b3dd09173691a2cf77beb00f42bd3
SHA256

fc21dd5a90b16f7de43fc871976df165c31ca5a4fe504faf87a71a6b1051b6fb
SHA512

a20f86b7477e5b02fad899f421277ad1608c452ba421cf962f33bd51c12fe6b040cc40d80e9b33b6bee615b01956ca718fcdeea1839e5760d6d665ecfe862626
SSDEEP

98304:MRxG+wlR/J2Vb6osSYcXThJpmgy16IygAktn6:Mi+wD/ceM9ThJpmgywzgAs6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc21dd5a90b16f7de43fc871976df165c31ca5a4fe504faf87a71a6b1051b6fb

Files

fc21dd5a90b16f7de43fc871976df165c31ca5a4fe504faf87a71a6b1051b6fb
.dll windows:6 windows x64

05416d1fd2a2339555e984c294a376be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
CreateFileA
DeviceIoControl
ReadFile
WriteFile
SetNamedPipeHandleState
SleepEx
WaitNamedPipeA
DefineDosDeviceA
QueryDosDeviceA
LoadLibraryExA
DuplicateHandle
RaiseException
WaitForMultipleObjects
GetCurrentThread
GetCurrentThreadId
GetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadContext
SetThreadContext
GetProcessAffinityMask
SetThreadAffinityMask
SetLastError
ResetEvent
GetCurrentProcess
GetProcessTimes
GetTickCount
GetCurrentProcessId
GetDriveTypeA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
LoadLibraryW
HeapSize
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetCPInfo
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
CreateMutexA
HeapReAlloc
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStdHandle
GetACP
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetFullPathNameA
GetFullPathNameW
GetStringTypeW
FreeLibraryAndExitThread
ExitThread
ReleaseMutex
GetTimeZoneInformation
GetLocalTime
lstrlenA
GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetWindowsDirectoryA
GetVersion
SetErrorMode
FindNextFileA
FindFirstFileA
FindClose
LocalFree
CreateThread
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetModuleHandleA
MultiByteToWideChar
FormatMessageA
GetVolumeInformationA
GetSystemFirmwareTable
GetSystemDirectoryA
GetComputerNameA
FindFirstFileExW
GetModuleHandleExW
GetLastError
Sleep
QueryPerformanceFrequency
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
CreateDirectoryW
GetFileAttributesExW
DeleteFileW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
QueryPerformanceCounter
SetEnvironmentVariableW
InitializeSListHead
GetModuleHandleW
LoadLibraryA
GetProcAddress
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTime
VerifyVersionInfoA
VerSetConditionMask
OpenFileMappingA
UnmapViewOfFile
FlushViewOfFile
GetTempPathA
GetExitCodeThread
TerminateThread
OpenEventA
GlobalFree
GlobalAlloc
CreateFileMappingA
lstrcmpA
LocalAlloc
GetModuleFileNameA
MapViewOfFile
GetFileSize
FreeLibrary
WideCharToMultiByte
GetSystemInfo
VirtualQuery
VirtualProtect

user32

DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetSystemMetrics
GetParent
GetWindowLongA
ScreenToClient
GetActiveWindow
wsprintfA
SendMessageA
ShowWindow
MoveWindow
EndDialog
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
GetDlgItemTextW
MessageBoxA
GetClientRect
SetFocus
GetFocus
EnableWindow
SetWindowTextA
GetWindowRect
MessageBeep

ws2_32

ioctlsocket
__WSAFDIsSet
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
inet_pton
socket
shutdown
send
recv
htons
connect
closesocket
WSACleanup
WSAStartup
gethostname
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
select
setsockopt
WSAGetLastError
htonl
getpeername
getsockname
bind
sendto

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
GetUserNameW
RegEnumValueA
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
RegGetValueA
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegOpenKeyA

netapi32

Netbios

crypt32

CryptStringToBinaryA
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CryptDecodeObjectEx
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CryptQueryObject

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
SysAllocStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

comctl32

ord17

shlwapi

PathRemoveBackslashW

comdlg32

GetOpenFileNameA

shell32

SHGetKnownFolderPath
ord680

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptImportKeyPair
BCryptDestroyKey
BCryptVerifySignature

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

wintrust

WinVerifyTrust

Exports

Exports

CobaltLoader

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05416d1fd2a2339555e984c294a376be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

advapi32

netapi32

crypt32

oleaut32

ole32

comctl32

shlwapi

comdlg32

shell32

winhttp

bcrypt

iphlpapi

wintrust

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.textidx Size: 637KB - Virtual size: 637KB

.rdata Size: 245KB - Virtual size: 245KB

.data Size: 53KB - Virtual size: 128KB

.pdata Size: 66KB - Virtual size: 66KB

.gfids Size: 512B - Virtual size: 512B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.crdata Size: 512B - Virtual size: 512B

.idata Size: 10KB - Virtual size: 10KB

.text Size: 2.8MB - Virtual size: 2.8MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.textidx
Size: 637KB - Virtual size: 637KB

.rdata
Size: 245KB - Virtual size: 245KB

.data
Size: 53KB - Virtual size: 128KB

.pdata
Size: 66KB - Virtual size: 66KB

.gfids
Size: 512B - Virtual size: 512B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.crdata
Size: 512B - Virtual size: 512B

.idata
Size: 10KB - Virtual size: 10KB

.text
Size: 2.8MB - Virtual size: 2.8MB