HEUR-Backdoor[.]Win32[.]CosmicDuke[.]gen-7ffdb9fad92365625db1eac637086cf65b9083362234065a47f6a166c75173ba

General

Target

HEUR-Backdoor.Win32.CosmicDuke.gen-7ffdb9fad92365625db1eac637086cf65b9083362234065a47f6a166c75173ba
Size

394KB
MD5

6c97d9180b838329a7adbfc1c6b0a586
SHA1

c58a1c835fae779ca42a158c70605935d587e228
SHA256

7ffdb9fad92365625db1eac637086cf65b9083362234065a47f6a166c75173ba
SHA512

ac2d5025c926bb83e9acb22f4795fbc69b2227e197f33883cc0f257614b2321f19c1fe3fd5c5a0340067d8349f71d39b18db218ceb0e439573f671d9734b62ae
SSDEEP

3072:ntwizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOylqwvKuiU2i1CLp5jEwg:Nuj8NDF3OR9/Qe2HdJfxPwl5jEwg

Score

10^/10

Malware Config

Signatures

Detects executables packed with ASPack 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ASPack

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Backdoor.Win32.CosmicDuke.gen-7ffdb9fad92365625db1eac637086cf65b9083362234065a47f6a166c75173ba

Files

HEUR-Backdoor.Win32.CosmicDuke.gen-7ffdb9fad92365625db1eac637086cf65b9083362234065a47f6a166c75173ba
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 91KB - Virtual size: 92KB

DATA Size: 2KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 8KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

CODE
Size: 91KB - Virtual size: 92KB

DATA
Size: 2KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 8KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB