HiddenCobra[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HiddenCobra.exe
Size

104KB
MD5

143cb4f16dcfc16a02812718acd32c8f
SHA1

f8397d940a204a2261dba2babd6e0718dd87574c
SHA256

ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd
SHA512

562af23521691125b99f727dcca8014ec687217104d2b1c407d6d167cc4531f93a107a83999dd2903e339fd5d1a3878709063a2a1696076db1ab0a0b3faa8ab9
SSDEEP

1536:GvSjInlBLrYOyzlgZdQ0OTigNDFxu/7zS5o3tRShIYQtl5ye:GvSjIPrmgZdQ00NHoKUShctl5ye

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HiddenCobra.exe

Files

HiddenCobra.exe
.dll windows:4 windows x86 arch:x86

5e9c8819379d7bcee6003e9bdf4e6701

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
WriteFile
SetFilePointer
GetLastError
CreateFileW
GetSystemInfo
GetComputerNameW
InitializeCriticalSection
ReadFile
WaitForSingleObject
CreateProcessW
GetProcAddress
GetModuleHandleW
InterlockedDecrement
GetTickCount
GetFileAttributesW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetSystemTime
FileTimeToSystemTime
GetFileSize
MoveFileW
FlushFileBuffers
GetFileSizeEx
CompareStringW
CompareStringA
LocalAlloc
LocalFree
Sleep
CloseHandle
GetVersionExW
CreateThread
LCMapStringW
LCMapStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
SetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapCreate
GetTimeZoneInformation
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy

user32

GetSystemMetrics

advapi32

RegQueryValueExW
RegCloseKey
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyExW

oleaut32

SystemTimeToVariantTime

ws2_32

recv
send
WSAGetLastError
ioctlsocket
connect
socket
setsockopt
shutdown
closesocket
listen
WSAStartup
WSACleanup
select
__WSAFDIsSet
accept
htons
bind

iphlpapi

GetAdaptersInfo

Exports

Exports

ServiceMain

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e9c8819379d7bcee6003e9bdf4e6701

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 4KB