aa8f25c38959c0d9e78ead6e0b8e66dc3baac6e3e76cb92a4ff2a43389048bd9

Sharing

Copy URL Twitter E-mail

General

Target

aa8f25c38959c0d9e78ead6e0b8e66dc3baac6e3e76cb92a4ff2a43389048bd9
Size

4.9MB
MD5

1972bdd9ad192b07d71c939fe0d9eef5
SHA1

d652d0dcc2217019e75e18555a40a9f8a71d81d8
SHA256

aa8f25c38959c0d9e78ead6e0b8e66dc3baac6e3e76cb92a4ff2a43389048bd9
SHA512

cc29f88034365c74f4d0d023743eae3065a6b46da113e20a77a11304324b5e577c652205bf225156168e12746a33ec5392f1c68b690b3e3c01ab9884e14f1347
SSDEEP

98304:elITlwJG8S4radnh9y16IyK85TaosSYpThlvnB:elQwXS4w9ywzXTaMOThlvB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa8f25c38959c0d9e78ead6e0b8e66dc3baac6e3e76cb92a4ff2a43389048bd9

Files

aa8f25c38959c0d9e78ead6e0b8e66dc3baac6e3e76cb92a4ff2a43389048bd9
.dll windows:6 windows x64 arch:x64

ef8a371c1bea467e9ce2fc016ad505c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Gitlab-Runner\builds\WLSb-GDt\0\acs\ac\lic\sdk\salt\_build-Release\windows-64-Release\cmake\bin\salt_clt.pdb

Imports

kernel32

FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
CreateFileA
DeviceIoControl
ReadFile
WriteFile
SetNamedPipeHandleState
SleepEx
WaitNamedPipeA
DefineDosDeviceA
QueryDosDeviceA
LoadLibraryExA
DuplicateHandle
RaiseException
WaitForMultipleObjects
GetCurrentThread
GetCurrentThreadId
GetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadContext
SetThreadContext
GetProcessAffinityMask
SetThreadAffinityMask
SetLastError
ResetEvent
GetCurrentProcess
GetProcessTimes
GetTickCount
GetCurrentProcessId
GetDriveTypeA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
LoadLibraryW
HeapSize
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetCPInfo
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
CreateMutexA
HeapReAlloc
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStdHandle
GetACP
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetFullPathNameA
GetFullPathNameW
GetStringTypeW
FreeLibraryAndExitThread
ExitThread
ReleaseMutex
GetTimeZoneInformation
GetLocalTime
lstrlenA
GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetWindowsDirectoryA
GetVersion
SetErrorMode
FindNextFileA
FindFirstFileA
FindClose
LocalFree
CreateThread
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
MultiByteToWideChar
GetModuleHandleA
FormatMessageA
GetVolumeInformationA
GetSystemFirmwareTable
GetSystemDirectoryA
Sleep
FindFirstFileExW
GetModuleHandleExW
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
CreateDirectoryW
GetFileAttributesExW
DeleteFileW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
SetEnvironmentVariableW
GetComputerNameA
InitializeSListHead
GetModuleHandleW
WideCharToMultiByte
GetLastError
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTime
VerifyVersionInfoA
VerSetConditionMask
OpenFileMappingA
UnmapViewOfFile
FlushViewOfFile
GetTempPathA
GetExitCodeThread
TerminateThread
OpenEventA
GlobalFree
GlobalAlloc
CreateFileMappingA
lstrcmpA
LocalAlloc
GetModuleFileNameA
MapViewOfFile
GetFileSize
LoadLibraryA
GetProcAddress
GetSystemInfo
VirtualQuery
VirtualProtect

user32

DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetSystemMetrics
GetParent
GetWindowLongA
ScreenToClient
GetActiveWindow
wsprintfA
SendMessageA
ShowWindow
MoveWindow
EndDialog
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
GetDlgItemTextW
MessageBoxA
GetClientRect
SetFocus
GetFocus
EnableWindow
SetWindowTextA
GetWindowRect
MessageBeep

ws2_32

ioctlsocket
__WSAFDIsSet
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
inet_pton
socket
shutdown
send
recv
htons
connect
closesocket
WSACleanup
WSAStartup
gethostname
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
select
setsockopt
WSAGetLastError
htonl
getpeername
getsockname
bind
sendto

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
GetUserNameW
RegEnumValueA
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
RegGetValueA
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegOpenKeyA

netapi32

Netbios

crypt32

CryptStringToBinaryA
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CryptDecodeObjectEx
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CryptQueryObject

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
SysAllocStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

comctl32

ord17

shlwapi

PathRemoveBackslashW

comdlg32

GetOpenFileNameA

shell32

SHGetKnownFolderPath
ord680

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptImportKeyPair
BCryptDestroyKey
BCryptVerifySignature

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

wintrust

WinVerifyTrust

Exports

Exports

CobaltLoader

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef8a371c1bea467e9ce2fc016ad505c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

advapi32

netapi32

crypt32

oleaut32

ole32

comctl32

shlwapi

comdlg32

shell32

winhttp

bcrypt

iphlpapi

wintrust

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.textidx Size: 637KB - Virtual size: 637KB

.rdata Size: 252KB - Virtual size: 252KB

.data Size: 54KB - Virtual size: 131KB

.pdata Size: 67KB - Virtual size: 67KB

.gfids Size: 512B - Virtual size: 512B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.crdata Size: 512B - Virtual size: 512B

.idata Size: 10KB - Virtual size: 10KB

.text Size: 2.8MB - Virtual size: 2.8MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.textidx
Size: 637KB - Virtual size: 637KB

.rdata
Size: 252KB - Virtual size: 252KB

.data
Size: 54KB - Virtual size: 131KB

.pdata
Size: 67KB - Virtual size: 67KB

.gfids
Size: 512B - Virtual size: 512B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.crdata
Size: 512B - Virtual size: 512B

.idata
Size: 10KB - Virtual size: 10KB

.text
Size: 2.8MB - Virtual size: 2.8MB