warmcookie | rad59AD5[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rad59AD5.exe
Size

53KB
MD5

1a28984d6db3abdb967c0c19b56f887d
SHA1

b815a93dedd5575a77b5fa9c0d77a9bc783cdb27
SHA256

b2b67092d3978b0a199c949591bb1872cbc49b91494726a513be407abc2ca6a9
SHA512

63e255c48e9c36485e6e7bc31319fd407027829713cef93dd61edf132949ce3c2de741a70f6ba90347e3d0aa7112acc95b71a7405711eab925f5a491cd5d513f
SSDEEP

768:g9QHl5zJLsXpwnPA9KYMGZC7SNichPH/kGFyHxr6a6GPxxoqMo5ydqP+qL3i3:g2dJn7dSfjof2Jo5PM

Score

10^/10

backdoor warmcookie

Malware Config

Extracted

Family

warmcookie

149.248.58.85

Attributes

mutex
3e4d7a5b-aa72-4d5f-8f8c-b292257af55c
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0

Signatures

Warmcookie family
warmcookie

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rad59AD5.exe

Files

rad59AD5.exe
.dll regsvr32 windows:4 windows x64 arch:x64

d83bfc9d89f2c92a7c8e032a69af1862

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CreateFileW
CreateMutexW
CreatePipe
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExpandEnvironmentStringsW
GetComputerNameExW
GetComputerNameW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTickCount
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenMutexW
PeekNamedPipe
QueryPerformanceCounter
ReadFile
RemoveDirectoryW
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryW
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
_vsnwprintf
_wcsnicmp
abort
calloc
free
fwrite
memcpy
memset
rand
realloc
signal
srand
strcat
strcpy
strlen
strncmp
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsncmp

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

shell32

SHGetFolderPathW

ws2_32

WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Start

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d83bfc9d89f2c92a7c8e032a69af1862

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 8KB - Virtual size: 8KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 184B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 244B

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 8KB - Virtual size: 8KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 184B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 244B