2024-06-28_37fd2cf6583c768d5252f1ed41cf73a4_cerber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-28_37fd2cf6583c768d5252f1ed41cf73a4_cerber
Size

206KB
MD5

37fd2cf6583c768d5252f1ed41cf73a4
SHA1

baeff61757976ab6b321cd5e99b41a4cd1654815
SHA256

7178b30eea42854b1c99fb6989a9439cdc82775c85c9e6289da88eb176d6b018
SHA512

51f075e935ce8f9e027fa39e9385ccca2fc5c31919cb12e30ec40e7a2b1d0502472e996ae5bff48eb87b713f8ddb86d8d879bb3c977b3967850e6476d2207cbc
SSDEEP

3072:qAMPG/UkQjXxyC5DLsgUBBX4AQqxCn+gFGMolqN3ChldnyW/q+7CGoTXQsOU6oMT:qAMPGh2xyqLqBX4AQfpFnoyQrqga

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_37fd2cf6583c768d5252f1ed41cf73a4_cerber

Files

2024-06-28_37fd2cf6583c768d5252f1ed41cf73a4_cerber
.exe windows:5 windows x86 arch:x86

0f524fe455225f95baeda368fc788a95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA
CryptStringToBinaryA
CryptDecodeObjectEx

shlwapi

StrChrA
StrCmpNIA
PathFindExtensionW
StrCmpNIW
StrToIntA
StrCmpNW
PathFindFileNameW
StrSpnA
StrCmpNA
PathMatchSpecW
StrStrA
StrFormatByteSizeW
PathCombineW
StrCpyNW
PathUnquoteSpacesW
PathSkipRootW
StrToInt64ExA
StrChrW
StrPBrkA

ws2_32

htons
closesocket
shutdown
WSAStartup
socket
inet_ntoa
htonl
sendto
gethostbyname
inet_addr

powrprof

CallNtPowerInformation

urlmon

FindMimeFromData

oleaut32

VariantClear

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoInitialize

kernel32

GetCurrentThreadId
CloseHandle
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileAttributesW
CreateThread
OutputDebugStringW
OutputDebugStringA
GetFileAttributesW
GetCurrentProcess
GetTimeFormatW
LeaveCriticalSection
Sleep
OpenProcess
GetCommandLineW
CreateMutexW
SetErrorMode
SearchPathW
GetTempFileNameW
GetModuleHandleW
GetCurrentThread
GetModuleFileNameW
InitializeCriticalSection
SetThreadPriority
GetLastError
SetProcessShutdownParameters
MultiByteToWideChar
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
CreateFileMappingW
WriteFile
GetTickCount
lstrcpyA
MoveFileExW
SetEvent
WaitForSingleObject
GetModuleHandleA
SetFilePointerEx
CreateProcessA
GetSystemDirectoryA
DeleteCriticalSection
GetFileTime
CreatePipe
CreateToolhelp32Snapshot
GetFileSize
lstrcatW
Process32NextW
GetDateFormatW
TerminateProcess
MulDiv
CreateEventW
lstrlenW
Process32FirstW
EnterCriticalSection
FileTimeToSystemTime
MoveFileW
GetFileSizeEx
FlushFileBuffers
CreateFileW
lstrcmpiW
FindFirstFileW
GetDriveTypeW
InterlockedIncrement
GetLogicalDrives
GetSystemDirectoryW
FindClose
IsBadStringPtrW
IsBadReadPtr
GlobalMemoryStatusEx
QueryDosDeviceW
IsBadCodePtr
FindNextFileW
GetDiskFreeSpaceExW
IsBadWritePtr
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
IsBadStringPtrA
LocalFree
GetTempPathW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
lstrcpynA
lstrcpynW
WaitForMultipleObjects
GetVersionExW
GetSystemInfo
GetHandleInformation
lstrcmpiA
ReadFile
CreateDirectoryW
GetComputerNameA
GetNativeSystemInfo
TlsAlloc
RtlUnwind
lstrcpyW

user32

wsprintfA
CharLowerBuffA
TranslateMessage
PeekMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
DispatchMessageW
wsprintfW
RegisterClassExW
UnregisterClassW
MessageBoxW
FillRect
DrawTextA
GetDC
GetSystemMetrics
SystemParametersInfoW
ReleaseDC
GetKeyboardLayoutList
GetForegroundWindow
CharLowerBuffW

advapi32

CryptDestroyKey
OpenProcessToken
GetTokenInformation
DuplicateToken
CheckTokenMembership
ConvertSidToStringSidW
CryptGetKeyParam
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorOwner
GetFileSecurityW
RegQueryValueExW
EqualSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
CryptGenRandom
CryptImportKey

shell32

CommandLineToArgvW
SHChangeNotify
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
SetBkColor
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
GetStockObject

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

ntdll

isspace
memset
_aulldvrm
memcpy
_allmul
RtlDosPathNameToNtPathName_U
NtDeleteFile
RtlFreeUnicodeString
tolower
memmove
_alldiv
NtQueryVirtualMemory

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f524fe455225f95baeda368fc788a95

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

shlwapi

ws2_32

powrprof

urlmon

oleaut32

ole32

kernel32

user32

advapi32

shell32

gdi32

netapi32

ntdll

version

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 129KB - Virtual size: 131KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 129KB - Virtual size: 131KB