2024-06-10_a53ab6f9ff33372283d3384e770421bd_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-10_a53ab6f9ff33372283d3384e770421bd_avoslocker_cobalt-strike
Size

590KB
MD5

a53ab6f9ff33372283d3384e770421bd
SHA1

d28d037b204990802d0ed2b6c2dffcdd5a0d7c9b
SHA256

018ca5a89091aa10429709e473e760b979db48103f601a44b22708dcf5d097ef
SHA512

05dba76789d99c6bc6afd7ac31233a981ec9d935bc6fb0ebe9d9c0868adcf2ef97bc885967dd20e3e1a17b178d6bd30aae4f9670b01938f72826a59f146f1e8f
SSDEEP

6144:lBBTFr0qzRj9VO8sU8Hg/vU1rfszMcBvIgyq/CAQdkKPsAfG1JvxKKkKKor7tQB:BRbCAsrfszMcBvIgyqjxKKkKKhB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-10_a53ab6f9ff33372283d3384e770421bd_avoslocker_cobalt-strike

Files

2024-06-10_a53ab6f9ff33372283d3384e770421bd_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

4707b1af222a925dd774162d34e83c47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCPInfo
SetErrorMode
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetStringTypeW
SetStdHandle
SystemTimeToTzSpecificLocalTime
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
ExitProcess
HeapQueryInformation
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
OutputDebugStringW
GetFileAttributesExA
FileTimeToLocalFileTime
GetCurrentProcess
FileTimeToSystemTime
GetVolumeInformationA
WriteFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FormatMessageA
MulDiv
LocalFree
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
FindResourceA
GlobalFree
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
WriteConsoleW

user32

MonitorFromWindow
WinHelpA
LoadIconA
GetTopWindow
GetClassNameA
GetClassLongA
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
RemovePropA
GetPropA
SetPropA
GetScrollPos
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
GetMonitorInfoA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
IsDialogMessageA
GetWindow
SetWindowLongA
GetWindowTextA
ClientToScreen
SetFocus
GetDlgCtrlID
LoadIconW
SendMessageA
EnableWindow
UnregisterClassA
SetWindowPos
ShowWindow
KillTimer
SetTimer
WaitMessage
UnhookWindowsHookEx
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxA
SetCursor
CallNextHookEx
SetWindowsHookExA
LoadCursorA
GetSystemMetrics
CreateWindowExA
SendDlgItemMessageA
GetClientRect
SetRectEmpty
OffsetRect
GetParent
PostMessageA
PostQuitMessage
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetDesktopWindow
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
RealChildWindowFromPoint
InvalidateRect
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetDC
ReleaseDC
DestroyMenu
CharUpperA
GetSysColorBrush
SetWindowTextA

gdi32

Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteObject
GetDeviceCaps
GetObjectA
SetTextColor
SetBkColor
DeleteDC
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shlwapi

PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize

oleaut32

SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

ws2_32

gethostbyname
WSAStartup
WSACleanup
WSASetLastError
socket
WSAAsyncSelect
recv
bind
accept
select
sendto
send
recvfrom
inet_addr
htons
closesocket
htonl
connect
WSAGetLastError

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4707b1af222a925dd774162d34e83c47

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

ws2_32

oleacc

Sections

.text Size: 194KB - Virtual size: 194KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 311KB - Virtual size: 311KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 194KB - Virtual size: 194KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 311KB - Virtual size: 311KB

.reloc
Size: 15KB - Virtual size: 14KB