2024-06-11_33129933587153130c110462120cdaa9_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-11_33129933587153130c110462120cdaa9_avoslocker_cobalt-strike
Size

886KB
MD5

33129933587153130c110462120cdaa9
SHA1

1d392f93768f2dcda54d12ed652fbcc2635bad08
SHA256

ee030c5a3e4585f73578f7816903888722bbd4c4771f8bcb58b962554c1d51e7
SHA512

aa7e20c3917b8390ac8b49f2857f0f19174b8f342c7187804a4b68404a2d2645b5644ba60f70d16cd6df6a20b981cb654924d554d518fcd93ecfd4f327c68169
SSDEEP

24576:sBmc15dnso8Rh4YnDBq/u9AAifTrri4wF6:W1rsoInDBeua/Trr2F6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_33129933587153130c110462120cdaa9_avoslocker_cobalt-strike

Files

2024-06-11_33129933587153130c110462120cdaa9_avoslocker_cobalt-strike
.exe windows:5 windows x86 arch:x86

c557568ef6b6dad95e493a3617fdd291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gocart-client-build\win-intel\build\gocartclient\public\gcclientlauncher\binaries\windows\release\Adobe Genuine Launcher.pdb

Imports

kernel32

GetCommandLineW
DeleteFileW
CreateProcessW
GetTempPathW
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetEnvironmentVariableA
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
FreeLibrary
GetProcAddress
ReadFile
GetFileSizeEx
GetLastError
GetLocalTime
GetTimeFormatW
GetDateFormatW
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenMutexW
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
GetDriveTypeW
GetFileType
GetFullPathNameW
GetFileAttributesExW
CreateDirectoryW
MoveFileExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetCommandLineA
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
HeapAlloc
GetCurrentDirectoryW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers
GetConsoleCP
HeapReAlloc

shell32

CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW

shlwapi

PathRemoveExtensionW
PathAppendW
PathFindFileNameW
PathFileExistsW
PathAddExtensionW
PathIsFileSpecW
PathIsDirectoryW
PathRenameExtensionW
PathRemoveFileSpecW

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c557568ef6b6dad95e493a3617fdd291

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

Sections

.text Size: 222KB - Virtual size: 222KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 10KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 222KB - Virtual size: 222KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 10KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 580KB - Virtual size: 584KB