2024-05-05_eafc1678892f6b7923a4920d8192f939_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-05_eafc1678892f6b7923a4920d8192f939_avoslocker_cobalt-strike
Size

843KB
MD5

eafc1678892f6b7923a4920d8192f939
SHA1

1925bd63d95c768faaebef00a43a86a7240f7115
SHA256

4bcbe5b16a65fb486f4b79bb06a0781fa4e1b59db974e86f9c76497787547f05
SHA512

9dd5a8b3787240ed7b777658eaebec2e69e42672f986b5d6bd243dcdfbca2b89d82f68f2354a1ddf1ff7569e49d9857325d97e7b65a1d6303a6b3d278be71503
SSDEEP

12288:y1oaLc5G17uWBsa55sT0ft67PERMXc1KUgNeqsEe+84575hTmb7AK3fID75EKYBZ:70qqt67c4CNgNeNELXK/pIDVxIc8sE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-05_eafc1678892f6b7923a4920d8192f939_avoslocker_cobalt-strike

Files

2024-05-05_eafc1678892f6b7923a4920d8192f939_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

43f08a53095cba0cb69dfd892294f33d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\AC_ASUSDriverUpdateClient\ArmouryCrateWin32\ASUSGCDriverInitialClient\Release\ASUSGCDriverInitialClient.pdb

Imports

kernel32

HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
CopyFileW
WideCharToMultiByte
lstrcmpW
SizeofResource
MultiByteToWideChar
OutputDebugStringW
LockResource
DeleteFileW
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
GetProcAddress
FreeLibrary
RaiseException
OutputDebugStringA
CreateFileW
CloseHandle
FlushFileBuffers
CreateDirectoryW
ReadFile
GetFileSizeEx
FindNextFileW
GetModuleFileNameW
FindClose
GetFileAttributesW
GetFileSize
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
GetCommandLineW
WriteFile
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileType
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile

shell32

CommandLineToArgvW

userenv

GetAllUsersProfileDirectoryW

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43f08a53095cba0cb69dfd892294f33d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

userenv

Sections

.text Size: 195KB - Virtual size: 194KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 195KB - Virtual size: 194KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 576KB - Virtual size: 580KB