D:\Tools\agent\workspace\MicroMsgWindowsV3911\out\x64\Release\bin\WeChat.pdb
Static task
static1
General
-
Target
2025-05-19_137278ef2bde70e41d136b9c6cd348b7_black-basta_cobalt-strike_hijackloader_satacom
-
Size
652KB
-
MD5
137278ef2bde70e41d136b9c6cd348b7
-
SHA1
0e8bccd3483b46792528ef883bdcf8c7d71e8a33
-
SHA256
0b83908a50084deba090cd763582f0c743c5071f0a0aeef600111bdefb59e4a0
-
SHA512
fae17fc33fd32ce99642884e2529ab5fc732a1382213360baecb17cedf47f62f423e35beace1dd17063d273cb1152feda8d7c05ed389f6b7fb5c6d5e5a029787
-
SSDEEP
6144:XQyk1xZBq65kzLy9tEoEtKE0rWWrB+BhK629PRAY8:XQy2Zo65kzLy92oIt03rGI0
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-05-19_137278ef2bde70e41d136b9c6cd348b7_black-basta_cobalt-strike_hijackloader_satacom
Files
-
2025-05-19_137278ef2bde70e41d136b9c6cd348b7_black-basta_cobalt-strike_hijackloader_satacom.exe windows:6 windows x64 arch:x64
a68203879d867040380668ec7a879e5c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
VerSetConditionMask
VerifyVersionInfoW
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryExW
FindFirstFileW
FindNextFileW
GetCurrentProcess
GetShortPathNameW
TerminateProcess
GetModuleFileNameW
FindClose
LocalAlloc
GetFileAttributesW
GetPrivateProfileStringW
Sleep
GetLastError
GetProcAddress
LoadLibraryW
LocalFree
FreeLibrary
SetDllDirectoryW
LoadLibraryExA
VirtualQuery
VirtualProtect
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetSystemInfo
GetModuleHandleA
CloseHandle
GetVersionExW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetCurrentThreadId
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
HeapFree
HeapAlloc
GetFileType
LCMapStringW
user32
GetSystemMetrics
MessageBoxW
FindWindowW
advapi32
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW
ole32
CoTaskMemFree
gdiplus
GdiplusShutdown
GdipGetGenericFontFamilySansSerif
GdiplusStartup
shlwapi
PathFileExistsW
PathRemoveFileSpecW
Sections
.text Size: 140KB - Virtual size: 140KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 418KB - Virtual size: 418KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 4KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ