2024-06-12_d6f30f193d66576527e0883ecdca07ba_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-12_d6f30f193d66576527e0883ecdca07ba_avoslocker_cobalt-strike
Size

472KB
MD5

d6f30f193d66576527e0883ecdca07ba
SHA1

20803f59dff726e2ace8cb40935c73ac3a5275b4
SHA256

ae4c3abc50343137fbedfd9936159345d63b2333e989e29edfd0bdde7fef4244
SHA512

1f0efc6e9a11127293331f0b1d9aa1d40fd12a7ac8afd2c77cf0b99aca0514461744f8f70234108f35d65f4f3e30afc9ccf65f8a55bcd22592dd4a226a69e306
SSDEEP

12288:J1vKpgoIWgqAyymyzIunr1a8Fp/teMsDAoaur:3vKCoBlymSDakPspaK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-12_d6f30f193d66576527e0883ecdca07ba_avoslocker_cobalt-strike

Files

2024-06-12_d6f30f193d66576527e0883ecdca07ba_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

acac4f024915fbce13bcbe214016f740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-windows-plugin\output\i386\bin\Release\webex.pdb

Imports

kernel32

GetUserGeoID
GetUserDefaultLCID
SetThreadUILanguage
GetThreadUILanguage
DecodePointer
RaiseException
InitializeCriticalSectionEx
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetLastError
LocalFree
FormatMessageW
WaitForSingleObject
Sleep
CreateThread
TerminateThread
GetFileSize
ReadFile
SetFilePointer
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpynW
GetSystemDefaultLangID
CreateProcessA
GetNativeSystemInfo
SetEvent
CreateEventW
OpenEventW
LCIDToLocaleName
GetLocaleInfoEx
GetCurrentProcess
CreateProcessW
IsProcessInJob
FindResourceExW
FreeResource
LoadResource
LockResource
CreateFileW
GetConsoleMode
GetGeoInfoA
SetFilePointerEx
GetLocalTime
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetFileType
HeapAlloc
HeapFree
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFileAttributesExW
QueryPerformanceFrequency
LoadLibraryExW
RtlUnwind
OutputDebugStringW
WriteConsoleW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
LCMapStringW
GetModuleHandleW
GetModuleFileNameA
GetSystemTimeAsFileTime
CreateMutexW
GetLastError
GetTempFileNameA
GetConsoleOutputCP
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetTempPathA
WriteFile
FlushFileBuffers
CreateFileA
HeapSize
SetDefaultDllDirectories
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
EncodePointer
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

LoadImageW
GetClientRect
GetWindowTextW
DrawTextW
DialogBoxParamW
ChangeWindowMessageFilterEx
LoadIconW
LoadCursorW
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
SetCursor
GetWindowRect
SetWindowTextW
SetWindowTextA
SetPropW
SetPropA
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
KillTimer
SetTimer
SetFocus
DefDlgProcW
GetDlgItem
CreateDialogParamW
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
AttachThreadInput
SendMessageW
FindWindowExA
GetDesktopWindow
WaitForInputIdle
GetMonitorInfoW
MonitorFromPoint
GetCursorPos
ReleaseDC
GetDC
PostQuitMessage
PostMessageW
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxExW

gdi32

SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SetTextColor

shell32

SHGetFolderPathA
ShellExecuteW

advapi32

CryptDestroyHash
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptHashData
CryptCreateHash
CryptGetHashParam

comctl32

InitCommonControlsEx

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acac4f024915fbce13bcbe214016f740

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 76B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 76B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 12KB - Virtual size: 12KB