2024-05-14_b7acd4e5bf4012f4aad7f40cb59cbb5e_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_b7acd4e5bf4012f4aad7f40cb59cbb5e_avoslocker_cobalt-strike
Size

366KB
MD5

b7acd4e5bf4012f4aad7f40cb59cbb5e
SHA1

8537ba17b045f5b5c9bb7293dee6db9ebe7c649e
SHA256

43337d58416dfb215fc70e1d8c00c18f1a446d2bbd279f2f86a5808019cf2521
SHA512

acfc18ac5a6074b4d2a1486ab9255bdde460a61babfc0cda9586deda0d8bbcdacdef141af1e4f549a752acb70de0854935b93a6c37a71a077bc65cdd3e48a03c
SSDEEP

6144:6IKqPb2L3+CY+9xQ4LJ+2JN221HsaE99xOAzJH393Niapu/ExHw090I1BIugGN02:zbONHsaE99xOA1H393jI06hdAaLbM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-14_b7acd4e5bf4012f4aad7f40cb59cbb5e_avoslocker_cobalt-strike

Files

2024-05-14_b7acd4e5bf4012f4aad7f40cb59cbb5e_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

b58296767e9b125fd8eb595015e2e7b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ishii\Desktop\MirrorDTC_1431Src\追加ソフト\MCRelaySrv\Release\MCRelaySrv.pdb

Imports

kernel32

SystemTimeToTzSpecificLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
LCMapStringW
GetFileType
ExitProcess
GetStdHandle
HeapQueryInformation
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
RaiseException
OutputDebugStringW
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetCurrentProcess
WriteFile
SetEndOfFile
ReadFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringW
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
FormatMessageW
LocalFree
MulDiv
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
CloseHandle
GlobalFree
GlobalUnlock
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
CreateMutexW
FindResourceW
LoadResource
LockResource
GetEnvironmentStringsW
SizeofResource
WriteConsoleW

user32

GetClassLongW
SetWindowLongW
PtInRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetClassNameW
RegisterWindowMessageW
GetMenuItemCount
GetMenuItemID
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
LoadCursorW
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
GetClientRect
InvalidateRect
GetKeyState
EnableWindow
SetCursor
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetTopWindow
GetWindow
UnhookWindowsHookEx
WinHelpW
MonitorFromWindow
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
ShowWindow
GetMessagePos
LoadIconW
GetSystemMenu
AppendMenuW
SendMessageW
IsIconic
GetSystemMetrics
DrawIcon
MessageBoxA
UnregisterClassW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
PostMessageW
PostQuitMessage
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
GetSubMenu
GetWindowRect
GetFocus
SetWindowTextW
IsDialogMessageW
DestroyMenu
CharUpperW
GetSysColorBrush
KillTimer
SetTimer
RealChildWindowFromPoint
GetDC

gdi32

GetDeviceCaps
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SetBkColor
SetBkMode
SetMapMode
SetTextColor
GetObjectW
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
Escape
DeleteObject
CreateBitmap
DeleteDC
CreateFontW
SelectObject

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

ole32

CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CoTaskMemFree

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

ws2_32

WSAStartup

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b58296767e9b125fd8eb595015e2e7b9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

oleacc

Sections

.text Size: 237KB - Virtual size: 236KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 7KB - Virtual size: 18KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 237KB - Virtual size: 236KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 7KB - Virtual size: 18KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 16KB - Virtual size: 16KB