2024-05-16_811eaba45aa80bc1cc63f2aab4d18da3_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-16_811eaba45aa80bc1cc63f2aab4d18da3_avoslocker_cobalt-strike
Size

801KB
MD5

811eaba45aa80bc1cc63f2aab4d18da3
SHA1

a7544c226b9630ae0955e85ca768596d8aeec53f
SHA256

fa09a8ec415bb496b00c376d554383c0762966760132acb45ac411201ae27da7
SHA512

b78021c92853c2d84f9faf140497a0715bc83f3c5e6d493ab750c37eb3027eb949438505b698631691d77fb753a86646ae453c689dc5d1b8d42ded8dd4c2aa47
SSDEEP

24576:qzHZDE1D9rJS1Gg7xFT5XlKTKK4KKOQK5VcZ1EEVmEEE1EEEEEEEEEEEsKK1KKKH:9ndg7xn1KTKK4KKOQK5VcZ1EEVmEEE1S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-16_811eaba45aa80bc1cc63f2aab4d18da3_avoslocker_cobalt-strike

Files

2024-05-16_811eaba45aa80bc1cc63f2aab4d18da3_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

9df7a8a483f288e038df91448db5e792

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qucltqziu.pdb

Imports

advapi32

GetUserNameA
CopySid
EqualSid
GetLengthSid
RegCloseKey
RegEnumKeyA
RegOpenKeyA
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

comdlg32

GetSaveFileNameA
GetOpenFileNameA

gdi32

GetStockObject

shell32

ShellExecuteA
Shell_NotifyIconA

user32

IsDialogMessageA
DestroyIcon
LoadIconA
LoadCursorA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetCursorPos
MessageBeep
MessageBoxA
GetWindowRect
SetForegroundWindow
SetActiveWindow
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoA
InsertMenuItemA
TrackPopupMenu
RemoveMenu
AppendMenuA
GetMenuItemCount
DestroyMenu
CreatePopupMenu
GetDlgItemTextA
EnableWindow
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
CreateDialogParamA
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
WinHelpA
FindWindowA
MessageBoxIndirectA
CreateMenu

kernel32

WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
FlushFileBuffers
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ReadFile
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
HeapReAlloc
GetCurrentThread
HeapAlloc
HeapFree
GetFileType
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
FreeLibrary
GetModuleFileNameA
GetProcAddress
GetLastError
GetSystemDirectoryA
GetVersionExA
LoadLibraryA
FormatMessageA
CloseHandle
GetCurrentProcessId
OpenProcess
VirtualProtect
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
LocalFree
OpenFileMappingA
GetCurrentThreadId
LocalAlloc
CreateFileMappingA
GetCurrentProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
TlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9df7a8a483f288e038df91448db5e792

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

comdlg32

gdi32

shell32

user32

kernel32

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 300KB - Virtual size: 299KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 300KB - Virtual size: 299KB

.reloc
Size: 14KB - Virtual size: 13KB