HEUR-Trojan[.]Win32[.]Cosmu[.]gen-b79b7283224df0b76031a4401f8da1a51a9a3d644f1cc894b509d254926955aa

Sharing

Copy URL

Twitter E-mail

General

Target

HEUR-Trojan.Win32.Cosmu.gen-b79b7283224df0b76031a4401f8da1a51a9a3d644f1cc894b509d254926955aa
Size

1.5MB
MD5

76e5788bb5997043ee18df9d2986f18e
SHA1

728741aed43278eff9b53831e689fb434b80b1a3
SHA256

b79b7283224df0b76031a4401f8da1a51a9a3d644f1cc894b509d254926955aa
SHA512

152b18a25bdd88aebdc654b03653478fa3c7098f842f2a17c6b3e0d27678830a7467f45e032ef08cc94d400a990a03be428a011f389726edf737d19155c3aa2d
SSDEEP

6144:31XlKgzelZNQSBQGH/CSpWqTKmQpmQCs0P1v5:3UfBQGH6SfrQkQCs0P15

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Cosmu.gen-b79b7283224df0b76031a4401f8da1a51a9a3d644f1cc894b509d254926955aa

Files

HEUR-Trojan.Win32.Cosmu.gen-b79b7283224df0b76031a4401f8da1a51a9a3d644f1cc894b509d254926955aa
.exe windows:4 windows x86 arch:x86

5aa33c577ffd8431ff254de85dee5e7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\workplace\c++\hannibal\release\hannibal.pdb

Imports

kernel32

CreateFileA
GetFileSize
FindResourceA
SetFilePointer
FreeLibrary
LoadResource
UpdateResourceA
SetFileTime
WriteFile
GetDriveTypeA
SizeofResource
GetFileAttributesA
ReadFile
MultiByteToWideChar
FindFirstFileA
GetLastError
CopyFileA
SetFileAttributesA
FindClose
LockResource
BeginUpdateResourceA
GetModuleFileNameA
FindNextFileA
LoadLibraryExA
EnumResourceNamesA
GetFileTime
EndUpdateResourceA
WinExec
CloseHandle
DeleteFileA
CompareStringW
CompareStringA
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
Sleep
WideCharToMultiByte
GetTimeZoneInformation
RaiseException
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSection
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l2
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

xvvlHlRu
Size: 4KB - Virtual size: 1KB

YKpFahQF
Size: 16KB - Virtual size: 12KB

TqhYAiAC
Size: 24KB - Virtual size: 22KB

FuKbGSSw
Size: 12KB - Virtual size: 11KB

wXkvyDQb
Size: 4KB - Virtual size: 1KB

lbNbuHqy
Size: 4KB - Virtual size: 322B

wEAcSHiK
Size: 48KB - Virtual size: 44KB

aunbUYUU
Size: 4KB - Virtual size: 1KB

ZqRQyNUB
Size: 48KB - Virtual size: 47KB

qNMePCeo
Size: 20KB - Virtual size: 16KB

Sharing

General

Malware Config

Signatures

Files

5aa33c577ffd8431ff254de85dee5e7b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 140KB - Virtual size: 146KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 12KB - Virtual size: 11KB

.l2 Size: 12KB - Virtual size: 12KB

xvvlHlRu Size: 4KB - Virtual size: 1KB

YKpFahQF Size: 16KB - Virtual size: 12KB

TqhYAiAC Size: 24KB - Virtual size: 22KB

FuKbGSSw Size: 12KB - Virtual size: 11KB

wXkvyDQb Size: 4KB - Virtual size: 1KB

lbNbuHqy Size: 4KB - Virtual size: 322B

wEAcSHiK Size: 48KB - Virtual size: 44KB

aunbUYUU Size: 4KB - Virtual size: 1KB

ZqRQyNUB Size: 48KB - Virtual size: 47KB

qNMePCeo Size: 20KB - Virtual size: 16KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 140KB - Virtual size: 146KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 11KB

.l2
Size: 12KB - Virtual size: 12KB

xvvlHlRu
Size: 4KB - Virtual size: 1KB

YKpFahQF
Size: 16KB - Virtual size: 12KB

TqhYAiAC
Size: 24KB - Virtual size: 22KB

FuKbGSSw
Size: 12KB - Virtual size: 11KB

wXkvyDQb
Size: 4KB - Virtual size: 1KB

lbNbuHqy
Size: 4KB - Virtual size: 322B

wEAcSHiK
Size: 48KB - Virtual size: 44KB

aunbUYUU
Size: 4KB - Virtual size: 1KB

ZqRQyNUB
Size: 48KB - Virtual size: 47KB

qNMePCeo
Size: 20KB - Virtual size: 16KB