2024-06-25_8dbca5ca6c3029b702399c197b1b29d5_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-25_8dbca5ca6c3029b702399c197b1b29d5_avoslocker_cobalt-strike
Size

848KB
MD5

8dbca5ca6c3029b702399c197b1b29d5
SHA1

e6d03e7668b011ce0cdec245291a89f2f13bd953
SHA256

477ad3c8c3d23bb3b2e8c1b67fb72259805ad18f24d2c8d894bf01e184362eac
SHA512

66eb7684f53ab5a396a3cd4164957ad6e270b6017d0b5fd1aa8f221666db7c78a73a2b4ea7248e9d120b4bdb814e50364a023ec9ef2aa26309bee51c28605c55
SSDEEP

24576:JVLbwt4rUvsj0t2rR8FfBhRJUEbDk1ulUG:JK4rUvsj0t2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_8dbca5ca6c3029b702399c197b1b29d5_avoslocker_cobalt-strike

Files

2024-06-25_8dbca5ca6c3029b702399c197b1b29d5_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

2f6df543c61245306bdb9a1e5b3667c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\uwp_tool\wps_i18n_wnsproxy\bin\release\kwpswnsserver.pdb

Imports

kernel32

LoadLibraryW
FormatMessageW
SetEndOfFile
WriteConsoleW
HeapSize
GetCommandLineW
WaitForSingleObject
TrySubmitThreadpoolCallback
GetLocalTime
QueryPerformanceCounter
RaiseException
CloseHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapAlloc
HeapFree
ReadFile
ReadConsoleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW

microsoft.windowsappruntime.bootstrap

MddBootstrapInitialize2
MddBootstrapShutdown

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

ole32

CoGetApartmentType
CoGetObjectContext
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

oleaut32

SetErrorInfo
SysAllocString
SysStringLen
GetErrorInfo
SysFreeString

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f6df543c61245306bdb9a1e5b3667c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

microsoft.windowsappruntime.bootstrap

crypt32

ole32

oleaut32

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 13KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 13KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 576KB - Virtual size: 580KB