Z:\neoid-driver\Output\Win32\Release\Addcert.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-25_9aef91da0eb6f6f5684f1f4a5bc2bb5c_avoslocker_cobalt-strike.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-07-25_9aef91da0eb6f6f5684f1f4a5bc2bb5c_avoslocker_cobalt-strike.exe
Resource
win10v2004-20240709-en
General
-
Target
2024-07-25_9aef91da0eb6f6f5684f1f4a5bc2bb5c_avoslocker_cobalt-strike
-
Size
125KB
-
MD5
9aef91da0eb6f6f5684f1f4a5bc2bb5c
-
SHA1
25352fe400aa996d46f18094585e4da7cfdee0a3
-
SHA256
ab3486b4effa4afaef37642d9451fe5d36a097f38828ec8d4b52c2faf6b05836
-
SHA512
71a36edc5c1ec003721630ccd5fa07ff89b5511cb6402d1b52b1d022bb202ff5e21e22c3887e1fdc4fd754a1db5390c70aa7fa97593b5a3b531b43a6b790d8d4
-
SSDEEP
3072:5l6zW3Rvsqup6V0N0yuHRjgTMUaquhSXqtLJq4ZgEVx+3wa:GzW3+B6h/ReiSXUqYa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-07-25_9aef91da0eb6f6f5684f1f4a5bc2bb5c_avoslocker_cobalt-strike
Files
-
2024-07-25_9aef91da0eb6f6f5684f1f4a5bc2bb5c_avoslocker_cobalt-strike.exe windows:6 windows x86 arch:x86
379eb7ee61de51d5fddda0663fdcce93
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetLastError
FormatMessageW
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ReadFile
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
CloseHandle
MultiByteToWideChar
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
CreateFileW
HeapSize
HeapReAlloc
SetEndOfFile
DecodePointer
crypt32
CertGetNameStringW
CertSetCertificateContextProperty
CertCreateCertificateContext
CertFreeCertificateContext
CertOpenSystemStoreW
CertAddCertificateContextToStore
CryptStringToBinaryA
Sections
.text Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ