HEUR-Backdoor[.]Win32[.]CosmicDuke[.]gen-988f745a586b032d140b9e5931787ac1ac586a9e0bf878773906cae789f82452

General

Target

HEUR-Backdoor.Win32.CosmicDuke.gen-988f745a586b032d140b9e5931787ac1ac586a9e0bf878773906cae789f82452
Size

496KB
MD5

421e507e71a20ceeab0a66d185071c1a
SHA1

5c145daf82953578a8210a76af4909d47f002987
SHA256

988f745a586b032d140b9e5931787ac1ac586a9e0bf878773906cae789f82452
SHA512

88c69988995578f1af8f7cfcc0246d43e15442bf5cd0f395b395e7af5910e164f1c78050d4de5e1c8e0a8140a0fdc223bced2f9cd46f1ac8f6be40b1cb9d898c
SSDEEP

6144:Ouj8NDF3OR9/Qe2HdJfwKO5huejbq0Cleco:xOF3ORK3dC5hue7Cleco

Score

10^/10

Malware Config

Signatures

Detects executables packed with ASPack 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ASPack

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Backdoor.Win32.CosmicDuke.gen-988f745a586b032d140b9e5931787ac1ac586a9e0bf878773906cae789f82452

Files

HEUR-Backdoor.Win32.CosmicDuke.gen-988f745a586b032d140b9e5931787ac1ac586a9e0bf878773906cae789f82452
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 91KB - Virtual size: 92KB

DATA Size: 2KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 8KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

CODE
Size: 91KB - Virtual size: 92KB

DATA
Size: 2KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 8KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB