HEUR-Trojan[.]Win32[.]Cosmu[.]gen-87f60e5da6b689b655eb7c6c1b0561d45429adf56b34ea8c65707881ca5d62d4

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan.Win32.Cosmu.gen-87f60e5da6b689b655eb7c6c1b0561d45429adf56b34ea8c65707881ca5d62d4
Size

268KB
MD5

5d4cb2155be6f77e8c28413f3df9bc96
SHA1

33c45096d76080ec17176f9b6720683213aa2ef2
SHA256

87f60e5da6b689b655eb7c6c1b0561d45429adf56b34ea8c65707881ca5d62d4
SHA512

5e4aaf85ac63b0e90e48ab7c458cce1983858d709b699f06b9de79190e4bc06c961f0338009fa5b9523203498af46a3315a5bb5d4d30bbc13c30eb4f2670c968
SSDEEP

3072:wfbbtGXRvjxCb5NgXDY7uSlkJcUa7kYQTcqW2NdQQGH/UDhSCUc4aqTB3RtPgmQ+:UQlKgzelZNQSBQGH/CSpWqTKmQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Cosmu.gen-87f60e5da6b689b655eb7c6c1b0561d45429adf56b34ea8c65707881ca5d62d4

Files

HEUR-Trojan.Win32.Cosmu.gen-87f60e5da6b689b655eb7c6c1b0561d45429adf56b34ea8c65707881ca5d62d4
.exe windows:4 windows x86 arch:x86

b6096454c0b0666c7e487d2e3e0cbf92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetFileSize
FindResourceA
SetFilePointer
FreeLibrary
LoadResource
UpdateResourceA
SetFileTime
WriteFile
GetDriveTypeA
SizeofResource
GetFileAttributesA
ReadFile
MultiByteToWideChar
FindFirstFileA
GetLastError
CopyFileA
SetFileAttributesA
FindClose
LockResource
BeginUpdateResourceA
GetModuleFileNameA
FindNextFileA
LoadLibraryExA
EnumResourceNamesA
GetFileTime
EndUpdateResourceA
WinExec
CloseHandle
DeleteFileA
CompareStringW
CompareStringA
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
Sleep
WideCharToMultiByte
GetTimeZoneInformation
RaiseException
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSection
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

rpcrt4

RpcMgmtEpUnregister

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6096454c0b0666c7e487d2e3e0cbf92

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

rpcrt4

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 140KB - Virtual size: 146KB

.rmnet Size: 4KB - Virtual size: 1KB

.l1 Size: 8KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 140KB - Virtual size: 146KB

.rmnet
Size: 4KB - Virtual size: 1KB

.l1
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 11KB