cuckoomon_x64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cuckoomon_x64.dll
Size

1.1MB
MD5

6f7771c685084e198b5beca2a01620f0
SHA1

0bd34bb09993f5310820c7bf7f722d2126fab854
SHA256

2b2fa1481675246d3ea6208428bdc094795a7e1b1df2b07cf96950c32fb61aba
SHA512

ab24bed53f1852a9381e244c84c3724ff2631005cfe6cd4b1ded62e2df22803bba5717d20a6f2acd0f7206e81d06c5162a467d36982c49a9d9fc531486e74944
SSDEEP

24576:7eOQP0KCyiQb1bBM71Ju+juUmHXhGikAuQ57albY0MrNK53gqgZ6mUMA4H9r:pS0KCyiQb1bBM71Ju+juUmHxGiF7albg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cuckoomon_x64.dll

Files

cuckoomon_x64.dll
.dll windows:5 windows x64 arch:x64

021dbc3ad34649d09b2adb8cf1ae9e76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dev\daily-cuckoomon\private-cuckoomon\x64\Release\cuckoomon_x64.pdb

Imports

kernel32

HeapFree
HeapReAlloc
HeapAlloc
ReadFile
GetCommandLineW
MultiByteToWideChar
CreateFileA
DeleteFileA
CloseHandle
GetFileSize
GetCurrentProcessId
GetModuleFileNameA
HeapCreate
VirtualProtect
GetCurrentProcess
WaitForDebugEvent
GetModuleFileNameW
InitializeCriticalSection
RtlLookupFunctionEntry
SetErrorMode
GetEnvironmentVariableA
CreateFileW
GetModuleHandleA
GetCommandLineA
OpenMutexA
AddVectoredExceptionHandler
GetProcAddress
SetEnvironmentVariableA
OpenFileMappingA
MapViewOfFile
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlAddFunctionTable
GetModuleHandleW
GetLastError
FindNextFileW
lstrlenW
FindNextFileA
FindClose
GetSystemInfo
EnterCriticalSection
TerminateProcess
LeaveCriticalSection
ExitThread
Sleep
LoadLibraryA
GetThreadContext
GlobalLock
GetComputerNameW
GlobalUnlock
FileTimeToSystemTime
GetSystemTimeAsFileTime
ResumeThread
ContinueDebugEvent
OpenProcess
IsBadReadPtr
IsDebuggerPresent
VirtualQueryEx
SystemTimeToFileTime
CreatePipe
GetFileAttributesW
SuspendThread
DebugActiveProcess
ReadProcessMemory
GetSystemTime
VirtualQuery
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GlobalGetAtomNameA
WriteFile
GetVolumeInformationA
GetVolumeNameForVolumeMountPointA
GlobalGetAtomNameW
GetTempPathA
GetWindowsDirectoryA
GetProcessTimes
GetComputerNameA
FlushFileBuffers
GetFullPathNameW
GetLongPathNameW
GetProcessId
SetFilePointer
GetFullPathNameA
QueryDosDeviceA
WaitForSingleObject
ReleaseMutex
DuplicateHandle
GetFileAttributesA
CreateThread
DecodePointer
GetTimeFormatW
GetProcessHeap
GetLongPathNameA
GetDateFormatW
OpenThread
CallNamedPipeW
SetEndOfFile
OpenEventA
DeviceIoControl
SetEvent
GetCurrentThread
CreateEventA
HeapSize
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
RtlCaptureContext
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetStdHandle
GetModuleHandleExW
WriteConsoleW
ExitProcess
WideCharToMultiByte
GetACP
GetCurrentDirectoryW
CompareStringW
LCMapStringW
SetStdHandle
GetStringTypeW
OutputDebugStringW
WaitForSingleObjectEx
SetFilePointerEx
GetConsoleCP
GetConsoleMode
ReadConsoleW
RaiseException

user32

GetSystemMetrics

shell32

CommandLineToArgvW

oleaut32

SafeArrayUnlock
SafeArrayLock
SysFreeString
SafeArrayGetVartype
SysAllocString

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

021dbc3ad34649d09b2adb8cf1ae9e76

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 749KB - Virtual size: 749KB

.rdata Size: 213KB - Virtual size: 212KB

.data Size: 90KB - Virtual size: 9.0MB

.pdata Size: 26KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 156B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 749KB - Virtual size: 749KB

.rdata
Size: 213KB - Virtual size: 212KB

.data
Size: 90KB - Virtual size: 9.0MB

.pdata
Size: 26KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 156B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB