2024-06-12_170e0e901546270b7ae38cda8b604329_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-12_170e0e901546270b7ae38cda8b604329_avoslocker_cobalt-strike
Size

627KB
MD5

170e0e901546270b7ae38cda8b604329
SHA1

9f4e5ec36af94afcdd55004f06e69421b6996884
SHA256

ba0f56e91b3361a0e8af4ab9cbcdb73a96fa5f63ced325a6591cef180b1fec7e
SHA512

6875de1b7b1b9b93806197f322fa65b854f005829d6ed4e810005c62dac941a6c054f9be2b3e09b4446ec86e8b41712f376385dc152af5ed02e50a69c40b6018
SSDEEP

12288:+/4w250qDEoPgnVZEVBQXJHj/532qXBxOTnzE5Wfq35uhByG4eOZSrtqGr:Rj6o1Pgs+jx3VCTno5+ISrtFr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-12_170e0e901546270b7ae38cda8b604329_avoslocker_cobalt-strike

Files

2024-06-12_170e0e901546270b7ae38cda8b604329_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

b61da242d64d28f76668ff7be4205391

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Git-repo\sogou_beta\chrome\out\Release\uninst.pdb

Imports

kernel32

WideCharToMultiByte
CreateDirectoryW
WriteFile
lstrcmpiW
GetLocalTime
GetShortPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetCurrentThreadId
ExpandEnvironmentStringsW
CreateEventW
CreateMutexW
OpenMutexW
GetSystemDefaultLangID
LocalAlloc
GetSystemInfo
GlobalFree
VirtualQuery
WritePrivateProfileStringW
SetEndOfFile
VirtualAlloc
VirtualFree
K32GetMappedFileNameW
VirtualProtect
FlushInstructionCache
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
TerminateThread
GetSystemTimeAsFileTime
SetEvent
DeviceIoControl
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
LoadLibraryExA
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetCurrentDirectoryW
OpenProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStdHandle
ExitProcess
PeekNamedPipe
GetFileType
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
QueryPerformanceCounter
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
MultiByteToWideChar
CopyFileW
GetTickCount
GetTempPathW
MoveFileExW
GetModuleFileNameW
DeleteFileW
WaitForSingleObject
DecodePointer
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
lstrlenW
FindFirstFileW
GetFullPathNameW
SetLastError
FindClose
GetProcAddress
LoadLibraryW
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
ReadFile
GetFileSize
CreateFileW
LoadLibraryExW
FreeResource
GlobalUnlock
WriteConsoleW
GlobalLock
GlobalAlloc
VerSetConditionMask
VerifyVersionInfoW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
FreeLibrary
GetFileAttributesW
TerminateProcess
RemoveDirectoryW
CreateThread
GetWindowsDirectoryW
GetExitCodeProcess
CreateProcessW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExW
GetCurrentProcess
GetModuleHandleW
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueue
CreateTimerQueue
LocalFree
GetCommandLineW
GetFileInformationByHandle
GetCurrentProcessId
GetTimeZoneInformation
CloseHandle

user32

UnregisterClassW
SendInput
CopyRect
InvalidateRect
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW
ShowWindow
IsWindow
PostMessageW
OffsetRect
KillTimer
SetTimer
EqualRect
SendMessageW
SetCapture
ReleaseCapture
UnionRect
PtInRect
CreateWindowExW
GetCursorPos
ScreenToClient
IntersectRect
IsWindowEnabled
IsRectEmpty
BeginPaint
EndPaint
GetClientRect
EnumChildWindows
GetParent
DestroyIcon
SetRectEmpty
LoadImageW
SetCursor
LoadCursorW
GetWindowLongW
UpdateWindow
DrawFocusRect
GetDC
ReleaseDC
DrawTextW
FindWindowW
FindWindowExW
GetWindowThreadProcessId
MessageBoxW
SetWindowLongW
DefWindowProcW
CallWindowProcW
SetWindowTextW
MoveWindow
SetWindowPos
MapWindowPoints
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
PostQuitMessage
RedrawWindow
RegisterClassExW
GetClassInfoExW
GetDlgItem
CharUpperW
LoadStringW
GetWindowDC
GetDesktopWindow
PostThreadMessageW
IsIconic
IsZoomed
UpdateLayeredWindow
SetWindowRgn
ClientToScreen
EnumWindows
SetForegroundWindow
GetSysColor
GetForegroundWindow
IsWindowVisible

advapi32

GetTokenInformation
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
ConvertSidToStringSidW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteValueW

ole32

CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathFindFileNameW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
SHDeleteValueW
PathIsDirectoryW
PathIsRootW
PathRemoveBlanksW
PathRemoveBackslashW
PathFileExistsW
SHDeleteKeyW
SHGetValueW
PathAppendW
PathCombineW
PathCanonicalizeW
PathMatchSpecW

comctl32

_TrackMouseEvent

gdi32

DeleteDC
SelectObject
MoveToEx
LineTo
DeleteObject
BitBlt
CreateRectRgnIndirect
SelectClipRgn
RectVisible
GetClipBox
GetViewportOrgEx
RestoreDC
SaveDC
GetObjectW
CreateFontIndirectW
CreateCompatibleDC
SetViewportOrgEx
CreateDIBSection
SetBkMode
SetTextColor
GetBitmapBits
SetBitmapBits
SetBkColor
ExtTextOutW
GetTextExtentExPointW
GetTextExtentPoint32W
GetCurrentObject
GetStockObject
SetDIBColorTable
CombineRgn

msimg32

AlphaBlend

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreateLineBrush
GdipGetImagePalette
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFillRectangle
GdipCreateLineBrushFromRect
GdiplusStartup
GdipGetImagePixelFormat
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipDisposeImage
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawEllipseI
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipFillEllipseI
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

psapi

GetProcessImageFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

htons
htonl

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpOpenRequest

Sections

.text
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b61da242d64d28f76668ff7be4205391

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

gdi32

msimg32

gdiplus

netapi32

psapi

version

ws2_32

winhttp

Sections

.text Size: 450KB - Virtual size: 449KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 8KB - Virtual size: 80KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 450KB - Virtual size: 449KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 8KB - Virtual size: 80KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 22KB - Virtual size: 21KB