2024-06-12_8b6327068db4f197e1ee22dcab5aa5cb_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-12_8b6327068db4f197e1ee22dcab5aa5cb_avoslocker_cobalt-strike
Size

472KB
MD5

8b6327068db4f197e1ee22dcab5aa5cb
SHA1

fb250f2bdcadc68c14e634ac6ec65f0e30883980
SHA256

3530175f9cf5185884eebb3bf8a68feb026efa2240c9748c49f5400d174e786f
SHA512

85ab05ca86a7f14c824bc07058e53d4cd13ecff09898d13203f4ea6c40520ed443a11771c48dd3f85191e3772bed1cd263e4069ebae83fc1f52e9737e09f65f8
SSDEEP

12288:h1vKpgoIWgqAyymyzIunr1a8Fp/iKMsDAoaug:/vKCoBlymSDakyspad

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-12_8b6327068db4f197e1ee22dcab5aa5cb_avoslocker_cobalt-strike

Files

2024-06-12_8b6327068db4f197e1ee22dcab5aa5cb_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

acac4f024915fbce13bcbe214016f740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-windows-plugin\output\i386\bin\Release\webex.pdb

Imports

kernel32

GetUserGeoID
GetUserDefaultLCID
SetThreadUILanguage
GetThreadUILanguage
DecodePointer
RaiseException
InitializeCriticalSectionEx
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetLastError
LocalFree
FormatMessageW
WaitForSingleObject
Sleep
CreateThread
TerminateThread
GetFileSize
ReadFile
SetFilePointer
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpynW
GetSystemDefaultLangID
CreateProcessA
GetNativeSystemInfo
SetEvent
CreateEventW
OpenEventW
LCIDToLocaleName
GetLocaleInfoEx
GetCurrentProcess
CreateProcessW
IsProcessInJob
FindResourceExW
FreeResource
LoadResource
LockResource
CreateFileW
GetConsoleMode
GetGeoInfoA
SetFilePointerEx
GetLocalTime
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetFileType
HeapAlloc
HeapFree
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFileAttributesExW
QueryPerformanceFrequency
LoadLibraryExW
RtlUnwind
OutputDebugStringW
WriteConsoleW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
LCMapStringW
GetModuleHandleW
GetModuleFileNameA
GetSystemTimeAsFileTime
CreateMutexW
GetLastError
GetTempFileNameA
GetConsoleOutputCP
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetTempPathA
WriteFile
FlushFileBuffers
CreateFileA
HeapSize
SetDefaultDllDirectories
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
EncodePointer
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

LoadImageW
GetClientRect
GetWindowTextW
DrawTextW
DialogBoxParamW
ChangeWindowMessageFilterEx
LoadIconW
LoadCursorW
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
SetCursor
GetWindowRect
SetWindowTextW
SetWindowTextA
SetPropW
SetPropA
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
KillTimer
SetTimer
SetFocus
DefDlgProcW
GetDlgItem
CreateDialogParamW
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
AttachThreadInput
SendMessageW
FindWindowExA
GetDesktopWindow
WaitForInputIdle
GetMonitorInfoW
MonitorFromPoint
GetCursorPos
ReleaseDC
GetDC
PostQuitMessage
PostMessageW
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxExW

gdi32

SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SetTextColor

shell32

SHGetFolderPathA
ShellExecuteW

advapi32

CryptDestroyHash
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptHashData
CryptCreateHash
CryptGetHashParam

comctl32

InitCommonControlsEx

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acac4f024915fbce13bcbe214016f740

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 76B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 76B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 12KB - Virtual size: 12KB