2024-05-27_4612fbda398e6d7570975a3b122849d8_cerber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-27_4612fbda398e6d7570975a3b122849d8_cerber
Size

177KB
MD5

4612fbda398e6d7570975a3b122849d8
SHA1

0b044922439de8838eb6c0dcf604c47dd36dd4dd
SHA256

d7401acbe93358af3649a47f80a178df497f699d8d430b8400b008dec894b1b9
SHA512

5f3f223067e4cb5c40b5ded590b877d6644762f5c4ffd14414ad9430721b8418a674b3e74ba7d5fa3e7339c4a73f2eca27370c1f2de51641e721f4f22a15d803
SSDEEP

3072:7UtN1FlUqaTkJPFAJwt33qFS2Ac/koKJFfFlo4U7ipdS8TZGVZ+Fbvc97:o1F9EkJPyG3qqchjD7u6OvO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-27_4612fbda398e6d7570975a3b122849d8_cerber

Files

2024-05-27_4612fbda398e6d7570975a3b122849d8_cerber
.exe windows:5 windows x86 arch:x86

e75c88457f3fe8fb8b9b75c0aa2b5d69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
TerminateThread
UnhandledExceptionFilter
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
_lclose
_llseek
Sleep
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
SizeofResource
SetUnhandledExceptionFilter
SetSystemTimeAdjustment
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetCurrentDirectoryA
RtlUnwind
ResetEvent
RemoveDirectoryA
ReadFile
GetModuleHandleA
QueryPerformanceCounter
MulDiv
LockResource
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExA
IsDBCSLeadByte
InterlockedExchange
InterlockedCompareExchange
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetTickCount
GetTempPathA
GetTempFileNameA
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryA
GetStartupInfoA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetExitCodeProcess
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCommandLineA
FreeResource
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindNextChangeNotification
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitProcess
EnumResourceLanguagesA
DosDateTimeToFileTime
DeleteFileA
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CloseHandle
LoadLibraryA
GetProcAddress
VirtualAlloc
_lopen

user32

wsprintfA
WinHelpA
WINNLSGetIMEHotkey
TranslateAcceleratorA
TileChildWindows
ShowWindow
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetRect
SetForegroundWindow
SetDlgItemTextA
SendMessageCallbackW
SendDlgItemMessageA
ReleaseDC
PeekMessageA
OemToCharBuffW
OemKeyScan
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapVirtualKeyW
MapVirtualKeyA
MapDialogRect
LoadStringA
GetWindowRect
GetWindowModuleFileNameW
GetWindowLongA
GetSystemMetrics
GetInputState
GetDlgItemTextA
GetDlgItem
GetDesktopWindow
GetDC
FlashWindow
ExitWindowsEx
EndDialog
EnableWindow
DispatchMessageA
DialogBoxIndirectParamA
DdeCreateDataHandle
CreateWindowStationW
CreateWindowStationA
CopyIcon
ChildWindowFromPoint
CheckRadioButton
CharUpperA
CharToOemBuffA
CharPrevA
CharNextA
CallWindowProcA
LoadIconA
SendMessageA

gdi32

EndPath
EndPage
GetObjectType
GetMapMode
FillPath
DeleteEnhMetaFile
GetDCPenColor
GetDCBrushColor
CreatePatternBrush
CreateCompatibleDC
GetPixelFormat
CloseEnhMetaFile
GetPolyFillMode
GetBkMode
GdiFlush
GetLayout
GetTextAlign
BeginPath
CloseFigure
DeleteObject
GetSystemPaletteUse
CloseMetaFile
GetStretchBltMode
CancelDC
GetStockObject
GdiGetBatchLimit
CreateHalftonePalette
GetFontLanguageInfo
DeleteMetaFile
CreateSolidBrush
AbortPath
GetROP2
DeleteColorSpace
FlattenPath
EndDoc
AbortDoc
GetColorSpace
GetBkColor
DeleteDC
CreateMetaFileA
AddFontResourceExA
EngQueryLocalTime
EngStrokePath
ExtSelectClipRgn
GdiEndPageEMF
GdiEntry2
GdiPlayDCScript
GdiPlayScript
GetCharWidthI
GetCharWidthInfo
GetDeviceCaps
GetTextMetricsA
PlayEnhMetaFileRecord
SetArcDirection
SetDeviceGammaRamp
TextOutW
UnloadNetworkFonts
XLATEOBJ_iXlate
GetGraphicsMode

advapi32

RegQueryValueExW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges

shell32

SHGetDataFromIDListW
WOWShellExecute
Shell_NotifyIconW
Shell_NotifyIconA
ShellExecuteW
ShellExecuteExA
ShellAboutW
SHQueryRecycleBinW
SHPathPrepareForWriteA
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandA
SHGetPathFromIDList
SHGetMalloc
SHGetInstanceExplorer
SHGetFolderPathW
SHGetFileInfoW
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
DragQueryFileAorW
SHFileOperation
SHEmptyRecycleBinW
SHEmptyRecycleBinA
SHCreateProcessAsUserW
SHAppBarMessage
FindExecutableA
DragQueryFileA
DragAcceptFiles
DoEnvironmentSubstA
CommandLineToArgvW
CheckEscapesW

shlwapi

StrCmpNW
StrRChrIA
StrRStrIA
StrStrIW
StrStrW
StrChrW

msvcrt

_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_amsg_exit
_cexit
_controlfp
_exit
_initterm
_ismbblead
exit

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e75c88457f3fe8fb8b9b75c0aa2b5d69

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB