2024-05-31_edefc4e1f74451dcb841f60b8a74bf19_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-31_edefc4e1f74451dcb841f60b8a74bf19_avoslocker_cobalt-strike
Size

669KB
MD5

edefc4e1f74451dcb841f60b8a74bf19
SHA1

793491a31bffe3243dfcab8369eaf2683bdcae26
SHA256

088fa25907fffd2ff3557e95841bb8654fc4bec7229e040066a518cbd0974ca7
SHA512

2586d24a8126e68a35fa78843dda97bf9c49e3cbd3fab3d76656fa0508dea55c0af24f7cfdddffee38e46c90e0fd3a27ca7b01773922c26c6df68ee131e311fb
SSDEEP

12288:goPBHHTlzu9eMB1JUiCAq2ZObJTmkbP3MTCj0NaUtLp8l2Yk8N5Ytz2iPo+Pu9Gl:fcBvU9z2ZOVTpbljKaUtUF4PkFwqbMvV

Score

1^/10

Malware Config

Signatures

Files

2024-05-31_edefc4e1f74451dcb841f60b8a74bf19_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

f1c326e06f563a5bcb71d8fb7b3a54fe

Code Sign

53:16:11:62:17:b3:74:75:70:84:1a:6e:24:46:42:84
Certificate

Issuer

CN=thawte SHA256 Code Signing CA - G2,O=thawte\, Inc.,C=US

Not Before

05-03-2019 00:00

Not After

04-03-2022 23:59

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Bellevue,ST=Washington,C=us

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07
Certificate

Issuer

CN=thawte Primary Root CA - G3,OU=Certification Services Division+OU=(c) 2008 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=thawte SHA256 Code Signing CA - G2,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:66:30:88:49:61:56:8a:5a:c3:c3:d6:bf:ae:6d:d8:64:9a:03:a0:ff:e6:0c:5c:5f:b8:e1:fb:d8:98:ce:8e
Signer

Actual PE Digest

b3:66:30:88:49:61:56:8a:5a:c3:c3:d6:bf:ae:6d:d8:64:9a:03:a0:ff:e6:0c:5c:5f:b8:e1:fb:d8:98:ce:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bamboo-agent-home-2\xml-data\build-dir\PGSC-MON-JOB1\Monolith\Build\ProtectorGamesApp\Release\GameLauncher.pdb

Imports

kernel32

GetProcessHeap
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileSectionNamesW
GetGeoInfoW
GetUserGeoID
GetUserDefaultUILanguage
TerminateThread
CreateEventA
GetTickCount
CreateDirectoryW
OpenMutexW
GetSystemInfo
OpenFileMappingW
FormatMessageA
GetModuleHandleA
FindClose
FindNextFileW
GetFileAttributesW
GetFileSizeEx
GetFullPathNameW
FindResourceExW
LoadResource
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToFileTime
GetPrivateProfileStringW
OutputDebugStringW
SetLastError
CreateMutexA
OpenMutexA
CreateFileMappingA
OpenFileMappingA
FlushFileBuffers
SetFilePointerEx
GetVolumeInformationA
DeviceIoControl
GetWindowsDirectoryA
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
LoadLibraryExW
HeapSize
HeapAlloc
HeapDestroy
SetEndOfFile
GetFileSize
CreateFileW
K32EnumProcesses
GetModuleFileNameW
VirtualQuery
GetNativeSystemInfo
GetVersionExW
DuplicateHandle
GetExitCodeThread
WaitForMultipleObjects
CreateRemoteThread
FlushInstructionCache
VirtualProtectEx
CreateEventW
WriteProcessMemory
VirtualAllocEx
UnmapViewOfFile
MapViewOfFile
IsWow64Process
ReadFile
SetFilePointer
CreateFileA
DecodePointer
RaiseException
InitializeCriticalSectionEx
OpenEventW
ResumeThread
AssignProcessToJobObject
CreateProcessW
SetInformationJobObject
CreateJobObjectW
SetEvent
GetCurrentThread
GetProcAddress
GetModuleHandleW
GetCurrentProcess
CheckRemoteDebuggerPresent
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
K32GetProcessImageFileNameW
OpenProcess
QueryInformationJobObject
TerminateJobObject
CreateFileMappingW
CreateMutexW
GetCurrentThreadId
OpenThread
CreateThread
DeleteFileW
GetLastError
GetExitCodeProcess
CloseHandle
GetCurrentProcessId
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
HeapReAlloc
HeapFree
FreeLibrary
WaitForSingleObject
GetTickCount64
ResetEvent
LocalFree
GetOEMCP

user32

FindWindowW
ShowWindow
SetFocus
PostMessageW
IsWindowVisible
ChangeDisplaySettingsW
PostQuitMessage
BroadcastSystemMessageW
DestroyWindow
GetClassNameA
ReleaseDC
GetDC
EnumDisplaySettingsW
GetDlgItem
BringWindowToTop
GetWindowThreadProcessId
FindWindowA
RegisterWindowMessageA
GetSystemMetrics
DialogBoxParamW
AttachThreadInput
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
SetForegroundWindow
DispatchMessageW
SetWindowTextW
SetDlgItemTextW
LoadIconW
SendMessageW
CreateDialogParamW
IsWindow
GetForegroundWindow
MessageBoxW

gdi32

GetDeviceCaps

advapi32

OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExA
RegSetKeySecurity
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
ImpersonateSelf
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
CryptGenRandom
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptDeriveKey
RevertToSelf
ImpersonateLoggedOnUser
OpenThreadToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

SHGetKnownFolderPath
ShellExecuteExA

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType

shlwapi

PathUnquoteSpacesW
PathFileExistsA
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

wininet

InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryOptionA
InternetGetLastResponseInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
HttpSendRequestA
HttpQueryInfoA

crypt32

CryptMsgGetAndVerifySigner
CertFreeCertificateContext
CertNameToStrW
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust

ws2_32

WSAStartup
gethostbyname
ntohl

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gchr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1c326e06f563a5bcb71d8fb7b3a54fe

Code Sign

53:16:11:62:17:b3:74:75:70:84:1a:6e:24:46:42:84Certificate

Extended Key Usages

Key Usages

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

b3:66:30:88:49:61:56:8a:5a:c3:c3:d6:bf:ae:6d:d8:64:9a:03:a0:ff:e6:0c:5c:5f:b8:e1:fb:d8:98:ce:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

secur32

wininet

crypt32

wintrust

ws2_32

iphlpapi

rpcrt4

Sections

.text Size: 370KB - Virtual size: 369KB

.pecode Size: 53KB - Virtual size: 53KB

.pccode Size: 10KB - Virtual size: 10KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 3KB - Virtual size: 9KB

.gchr Size: 4KB - Virtual size: 3KB

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 20KB - Virtual size: 20KB

53:16:11:62:17:b3:74:75:70:84:1a:6e:24:46:42:84
Certificate

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b3:66:30:88:49:61:56:8a:5a:c3:c3:d6:bf:ae:6d:d8:64:9a:03:a0:ff:e6:0c:5c:5f:b8:e1:fb:d8:98:ce:8e
Signer

.text
Size: 370KB - Virtual size: 369KB

.pecode
Size: 53KB - Virtual size: 53KB

.pccode
Size: 10KB - Virtual size: 10KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 3KB - Virtual size: 9KB

.gchr
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 20KB - Virtual size: 20KB