2025-03-15_1e7ff3364c080905f0ff3f5086ce76dc_cerber

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-15_1e7ff3364c080905f0ff3f5086ce76dc_cerber
Size

180KB
MD5

1e7ff3364c080905f0ff3f5086ce76dc
SHA1

91cfbb1f562518fd92b027a87486e9e4d9577790
SHA256

3943aa2acd1e7e415cff9fb7f240dac4924e41822af98454581dbf3d8f110560
SHA512

b63c334d84acbd64290c1615272a4746e3a0c40acf3c25f1241f1fa364800b982d71f028fa5ed5d141ff2fd8a7a5e09c20e59a81b94a575b11b972bc3ffc7a50
SSDEEP

3072:Ob8odD1Z/31JToWhIwzIDqBqAI3kyxwM7B0DAhDgrPIOj7MMN04vSFlO:3ED1Z/1Jt5zzBqAI3kfmO/MMqI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-15_1e7ff3364c080905f0ff3f5086ce76dc_cerber

Files

2025-03-15_1e7ff3364c080905f0ff3f5086ce76dc_cerber
.exe windows:5 windows x86 arch:x86

b89563a95f50e806cf6f8c288fec9264

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA
CryptStringToBinaryA
CryptDecodeObjectEx

shlwapi

StrToInt64ExA
StrSpnA
StrPBrkA
StrStrIW
StrCmpNW
PathMatchSpecW
StrFormatByteSizeW
StrCmpNIW
StrChrW
PathFindFileNameA
StrCmpNIA
StrChrA
PathCombineW
StrToIntA
PathFindFileNameW
StrCmpNA
StrStrA
StrCpyNW
PathSkipRootW

ws2_32

closesocket
gethostbyname
htons
sendto
socket
shutdown
htonl
inet_addr
inet_ntoa
WSAStartup

kernel32

GetCommandLineW
CreateMutexW
SetErrorMode
GetCurrentProcess
GetCurrentThread
SearchPathW
TerminateProcess
GetModuleFileNameW
GetTempFileNameW
SetThreadPriority
GetTempPathW
GetLastError
OutputDebugStringA
SetProcessShutdownParameters
IsBadStringPtrW
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetFileSizeEx
IsBadWritePtr
FlushFileBuffers
lstrcpyA
lstrlenW
PeekNamedPipe
SystemTimeToFileTime
MoveFileExW
SetFileTime
CreateFileW
ReadFile
FileTimeToSystemTime
GetSystemDirectoryA
GetLocalTime
CreatePipe
GetTickCount
GetFileAttributesW
GetTimeFormatW
OpenEventW
LeaveCriticalSection
IsBadReadPtr
ExitProcess
Sleep
LocalFree
MulDiv
GetProcAddress
MoveFileW
GetModuleHandleW
EnterCriticalSection
CreateThread
lstrcpyW
CreateEventW
FileTimeToLocalFileTime
DeleteCriticalSection
GetFileTime
lstrcpynW
FindFirstFileW
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
LoadLibraryW
VirtualAlloc
FindClose
lstrcpynA
QueryDosDeviceW
WriteFile
FindNextFileW
SetFileAttributesW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
CreateDirectoryW
GetComputerNameA
MultiByteToWideChar
OutputDebugStringW
SetEvent
WaitForSingleObject
SetFilePointerEx
WideCharToMultiByte
GetFileSize
CloseHandle
GetDateFormatW
IsBadStringPtrA
CreateToolhelp32Snapshot
VirtualProtect
OpenProcess
GetCurrentThreadId
GetVersionExW
WaitForMultipleObjects
GetModuleHandleA
lstrcatW
lstrcmpiW
GetHandleInformation
lstrcmpiA
Process32NextW
GetSystemInfo
InitializeCriticalSection
Process32FirstW
TlsAlloc
RtlUnwind
CreateProcessA

user32

DrawTextA
GetDC
SystemParametersInfoW
ReleaseDC
FillRect
GetKeyboardLayoutList
GetSystemMetrics
CharLowerBuffA
RegisterClassExW
UnregisterClassW
wsprintfA
TranslateMessage
PeekMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
DispatchMessageW
GetForegroundWindow
wsprintfW

advapi32

CryptAcquireContextW
CryptGetKeyParam
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegOpenKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyKey

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHChangeNotify
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

gdi32

GetDIBits
SetTextColor
DeleteDC
GetDeviceCaps
SetBkColor
SetPixel
DeleteObject
SelectObject
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetStockObject

ntdll

ZwOpenProcess
_allmul
_alldiv
RtlDosPathNameToNtPathName_U
NtDeleteFile
RtlFreeUnicodeString
_chkstk
tolower
memmove
ZwQuerySystemInformation
isspace
memset
_aulldvrm
memcpy
NtQueryVirtualMemory

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b89563a95f50e806cf6f8c288fec9264

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

shlwapi

ws2_32

kernel32

user32

advapi32

ole32

shell32

gdi32

ntdll

version

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 105KB - Virtual size: 108KB

.CRT Size: 512B - Virtual size: 12B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 105KB - Virtual size: 108KB

.CRT
Size: 512B - Virtual size: 12B