U:\develop\install\global\Release64\bin\common\AcInstCfg\AcInstCfg.pdb
Static task
static1
General
-
Target
2025-05-19_05762e74815f254df58070e7b3410754_black-basta_cobalt-strike_hijackloader
-
Size
946KB
-
MD5
05762e74815f254df58070e7b3410754
-
SHA1
a4387eb21d209fa338bd60361c9c61f56642fc53
-
SHA256
1b097c4ab07dc3b02f53fdc70e99633fcacc50a9ba90c05a03032cff007ed7f1
-
SHA512
92ba6c7abca4e2f88bfa749de43acfe3ba249333e1cba3e73ea31a7917b19b55461f4c365c4fd53b4bea244d41502f4bff6663514899ec236ee8350e79e11e39
-
SSDEEP
24576:c6xUIZkujWzIO9M4jDKSPSSdlWVQ0yiO4R:c6xUIZkujWZHjDXvqij
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-05-19_05762e74815f254df58070e7b3410754_black-basta_cobalt-strike_hijackloader
Files
-
2025-05-19_05762e74815f254df58070e7b3410754_black-basta_cobalt-strike_hijackloader.exe windows:6 windows x64 arch:x64
e53dbd7e3a3f104791e4f2d2265f8e72
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
advapi32
RegGetValueW
shell32
SHGetKnownFolderPath
ole32
CoInitialize
CoCreateInstance
kernel32
SetEndOfFile
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
FormatMessageW
WaitForSingleObject
MultiByteToWideChar
GetLastError
CloseHandle
CreateProcessW
WideCharToMultiByte
GetExitCodeProcess
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetModuleHandleW
GetProcAddress
CopyFileW
GetFileInformationByHandleEx
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetEnvironmentStringsW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
HeapAlloc
HeapSize
HeapValidate
GetSystemInfo
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileType
OutputDebugStringW
WriteConsoleW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapFree
HeapReAlloc
HeapQueryInformation
GetProcessHeap
ReadFile
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
RtlUnwind
Sections
.text Size: 564KB - Virtual size: 563KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 147KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 179KB - Virtual size: 179KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 4KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ