2024-05-24_dfec55c304fe90c641d46f57b825f172_cerber | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_dfec55c304fe90c641d46f57b825f172_cerber
Size

211KB
MD5

dfec55c304fe90c641d46f57b825f172
SHA1

85230c0ed7f8a9418a001e2816f79098e89a49cf
SHA256

e693f11d3c9678b491c708535e08c952c779cc3d4e220999763bd36ba0c81a7a
SHA512

8d6bd0ac3a791ad0ded7ae62e6d3af081d0f23d71ec0040cea062f1710715070878143f946b91041ff0b904b84411ef524e902f560f227a1c6504806f8e38746
SSDEEP

6144:k8GWB6dVTB+3e8E1r83MqEFRVh5Sq/XZTb:1GWB6Xouvr88qEF/hHZTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_dfec55c304fe90c641d46f57b825f172_cerber

Files

2024-05-24_dfec55c304fe90c641d46f57b825f172_cerber
.exe windows:5 windows x86 arch:x86

4dea4c797ee60200bc15cc086e95412d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntW
PathFindFileNameW

ntdll

isspace
memmove
tolower
_aulldvrm
_allmul
memset
memcpy
_alldiv
RtlUnwind
NtQueryVirtualMemory

kernel32

GetLastError
CloseHandle
GetCurrentProcessId
GetCurrentThreadId

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ