Cerber | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Cerber
Size

492KB
MD5

8b3d0bc69064a0155a205a4202417330
SHA1

0aa06a222900a2d3042e73fc21b52004d7856aeb
SHA256

9ef7fe10bbbb58899859d82ba7a698cbfdd546c6e9e4d3b55193e4180682036c
SHA512

e54140bdf79b5498cb7f4a519a4d9ed54e3a4845ae822a2f25c3f1d97b616b9f1374ece7ff788e0e667e5ac5824f81aa1a1861b8d212e832533590ac1f96633a
SSDEEP

12288:ww+dKNr2YH7WQx3IjKoa+888888888888W888888888888:wVKMYbWzuBf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cerber

Files

Cerber
.exe windows:5 windows x86 arch:x86

fe586131a824714774b47ac27da9e046

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
EnumLanguageGroupLocalesA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommMask
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastError
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualFree
VirtualAlloc
VerifyVersionInfoW
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
Thread32Next
TerminateProcess
Sleep
SetUnhandledExceptionFilter
SetLocalTime
SetLastError
SetHandleCount
SetConsoleScreenBufferSize
RtlUnwind
RaiseException
QueryPerformanceCounter
MultiByteToWideChar
LocalFree
LoadLibraryA
LeaveCriticalSection
LCMapStringW
LCMapStringA
IsValidCodePage
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
BeginUpdateResourceA
HeapFree
HeapCreate
HeapAlloc
GetVersionExA
GetTickCount
GetTempPathA
GetSystemTimeAsFileTime
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA

user32

LoadCursorFromFileA
CloseClipboard
GetLastActivePopup
GetMenuContextHelpId
IsMenu
GetInputState
GetKeyboardLayout
CloseDesktop
IsCharAlphaNumericA
GetWindowDC
PaintDesktop
GetActiveWindow
CharUpperA
IsWindow
GetCaretBlinkTime
GetClipboardSequenceNumber
GetThreadDesktop
CopyIcon
GetCursor
WindowFromDC
LoadCursorFromFileW
GetMenu
GetProcessWindowStation
EndMenu
GetOpenClipboardWindow
GetWindowTextLengthW
IsGUIThread
CharLowerA
GetDialogBaseUnits
IsCharLowerA
ShowCaret
GetKeyState
GetMessageExtraInfo
GetTopWindow
CharNextA
IsCharAlphaA
DestroyIcon
UserHandleGrantAccess
TranslateMessage
TranslateMDISysAccel
ToAscii
SystemParametersInfoW
SetWindowTextW
SetWindowRgn
SetWindowPos
SetWindowLongW
SetTimer
SetScrollInfo
SetMenuContextHelpId
SetForegroundWindow
SetDlgItemTextW
SetClipboardViewer
SendMessageW
SendMessageTimeoutA
SendInput
SendDlgItemMessageW
ReplyMessage
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
CharLowerW
RegisterClassExA
PostThreadMessageW
PostQuitMessage
PostMessageW
OpenIcon
OffsetRect
MonitorFromRect
MessageBoxW
MessageBoxA
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadBitmapW
KillTimer
IsWindowVisible
IsWindowEnabled
IsRectEmpty
IsIconic
IsCharUpperW
InflateRect
HiliteMenuItem
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowLongW
GetSystemMetrics
GetSysColorBrush
GetScrollPos
GetMonitorInfoW
GetMessageW
GetMenuItemRect
GetInputDesktop
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDC
GetCursorPos
GetClientRect
GetClassNameW
GetClassLongW
FindWindowW
FillRect
EnumWindows
EnumWindowStationsA
EnumThreadWindows
EnumDisplaySettingsW
EnumDisplayDevicesW
EndDialog
DispatchMessageW
DestroyWindow
DefWindowProcW
CreateWindowExW
CreateMenu
CreateIconIndirect
CreateIconFromResourceEx
CreateIcon
CreateDialogIndirectParamW
IsCharAlphaNumericW
DestroyCursor
VkKeyScanA
VkKeyScanW
CopyRect
CloseWindow
CharNextW
ChangeDisplaySettingsExW
GetQueueStatus
RegisterClipboardFormatA
GetSysColor
CallWindowProcW
ShowWindow

gdi32

CreateMetaFileA
AddFontResourceExW
AngleArc
CloseEnhMetaFile
CopyEnhMetaFileA
CreateColorSpaceW
CreateCompatibleDC
CreateFontA
CreateFontIndirectW
CreateSolidBrush
DeleteObject
EngCreateDeviceSurface
EngCreatePalette
EngDeleteSurface
EngFillPath
EngPaint
EngTextOut
FillRgn
FlattenPath
FloodFill
FontIsLinked
GdiAlphaBlend
GdiConvertBrush
GdiDeleteSpoolFileHandle
GdiEntry8
GdiPlayJournal
GdiPlayPrivatePageEMF
GdiSetBatchLimit
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCurrentPositionEx
GetDeviceCaps
GetEnhMetaFileW
GetFontData
GetGlyphIndicesA
GetObjectW
GetTextExtentExPointWPri
GetWinMetaFileBits
ModifyWorldTransform
NamedEscape
PathToRegion
PolyDraw
ScaleViewportExtEx
SetDIBColorTable
SetMetaRgn
SetPolyFillMode
SetROP2
SetTextAlign
UpdateColors
GetSystemPaletteUse
CreateMetaFileW
EndDoc
DeleteEnhMetaFile
BeginPath
CreatePatternBrush
GetTextCharacterExtra
CancelDC
GdiGetBatchLimit
GetColorSpace
EndPath
EndPage
SaveDC
SwapBuffers
CloseMetaFile
GetDCPenColor
AbortDoc
GetTextCharset
GdiFlush
FillPath
CloseFigure
GetTextAlign
GetMapMode
GetBkMode
GetStretchBltMode
AbortPath

advapi32

RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueA
RegOpenKeyW
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegQueryValueExW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

StrCmpNA
StrStrA

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
CreateStatusWindowW

msvcrt

_except_handler3
wcslen
wcscpy
wcscmp
_XcptFilter
__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_c_exit
_cexit
_controlfp
_exit
_initterm
_onexit
_purecall
_snwprintf
_wcmdln
_wcsicmp
_wcsnicmp
exit
wcscat

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe586131a824714774b47ac27da9e046

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

msvcrt

Sections

.text Size: 337KB - Virtual size: 337KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 52KB - Virtual size: 51KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 337KB - Virtual size: 337KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 92KB - Virtual size: 92KB