2024-04-28_8395117cac1ab70649e3a43d80e65bac_avoslocker_cobalt-strike_floxif

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-28_8395117cac1ab70649e3a43d80e65bac_avoslocker_cobalt-strike_floxif
Size

194KB
MD5

8395117cac1ab70649e3a43d80e65bac
SHA1

20a4263295f8954704ebb2bb25fe9e291716715d
SHA256

fd5cba1c78963fbd06d4adad4837416c1c8b2c5a402046bd113918f64e32e008
SHA512

b99430b027f5f3cd8981bfa67c089f503d7abaefd39b1b9675ca4c4ceeb402c158ad70b4520516bc41b0f46feba144458ebfc9e9d2d67d6329d2204ad6287407
SSDEEP

6144:gBRpcSxyHYG2lFUtZo3BV+UdvrEFp7hKw+:2ROSxyHYGbG3BjvrEH7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-28_8395117cac1ab70649e3a43d80e65bac_avoslocker_cobalt-strike_floxif

Files

2024-04-28_8395117cac1ab70649e3a43d80e65bac_avoslocker_cobalt-strike_floxif
.exe windows:6 windows x86 arch:x86

a988ba9833b8cb3be8391239f961c8c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventW
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
StartServiceA

shlwapi

PathQuoteSpacesA

kernel32

WriteConsoleW
CreateFileW
SetEnvironmentVariableA
SetCurrentDirectoryA
CreateFileA
WriteFile
CloseHandle
DuplicateHandle
GetLastError
WaitForSingleObject
Sleep
GetCurrentProcess
ExitProcess
TerminateProcess
GetExitCodeProcess
CreateThread
CreateProcessA
GetModuleFileNameA
LocalFree
FormatMessageW
MoveFileExA
RegisterWaitForSingleObject
UnregisterWait
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
DecodePointer

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a988ba9833b8cb3be8391239f961c8c2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

kernel32

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 128B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 128B

.reloc
Size: 4KB - Virtual size: 4KB