Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_fd1700e2a9b161bffb10c86c04aefab6_avaddon.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
2024-02-12_fd1700e2a9b161bffb10c86c04aefab6_avaddon.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Target
2024-02-12_fd1700e2a9b161bffb10c86c04aefab6_avaddon
Size
31.2MB
MD5
fd1700e2a9b161bffb10c86c04aefab6
SHA1
909e1784f1176b2f17c758380b67d37afe984291
SHA256
802261512bbffb85beb0e543688a28f95f6dc545df774b42156da59e76ef2125
SHA512
b4eb70794bae438706f79b4e3dd4f5d984d96913aee9ea644854e6ca45d5f9ea27f898515c4dd4d64c3c5f8791e23e1a595ecf883ad7fc8d4536625087a75b0c
SSDEEP
393216:HY2QAVaZAWuutmFCsObRDZYwJzmISzzCdc3ZWUQQSGi:HtaZAWuuvsu9JSzuc3cUQQ6
| resource | yara_rule |
|---|---|
| sample | INDICATOR_SUSPICIOUS_Binary_References_Browsers |
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\BuildAgent\work\.build\agent_x64\relwithdebinfo64\vmnetdrv64.pdb
GetLengthSid
OpenServiceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
AddAce
RegSetValueExW
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
RegCreateKeyExW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
OpenSCManagerW
CloseServiceHandle
GetAclInformation
RegCloseKey
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
CryptGenRandom
CryptAcquireContextW
GetTokenInformation
MakeSelfRelativeSD
LookupAccountSidW
OpenThreadToken
GetSecurityDescriptorLength
RegQueryValueExW
CreateProcessAsUserW
OpenProcessToken
ConvertStringSidToSidW
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAce
RegDeleteValueW
RegEnumKeyExW
DuplicateToken
SetThreadToken
ConvertSidToStringSidW
CreateWellKnownSid
RegNotifyChangeKeyValue
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
RegDisablePredefinedCache
IsValidSecurityDescriptor
GetSidIdentifierAuthority
CryptAcquireContextA
RegEnumKeyW
RegGetValueW
RegOpenKeyW
GetSidSubAuthorityCount
SystemFunction036
CryptEnumProvidersW
DuplicateTokenEx
MakeAbsoluteSD
RegEnumValueW
ChangeServiceConfigW
QueryServiceConfigW
StartServiceW
EnumDependentServicesW
ControlService
DeleteService
ChangeServiceConfig2W
SetServiceStatus
QueryServiceStatus
CreateServiceW
RegisterServiceCtrlHandlerExW
RegDeleteKeyW
IsTextUnicode
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
GetObjectW
GetEnhMetaFileBits
DeleteEnhMetaFile
CopyEnhMetaFileW
SetStretchBltMode
GetDIBits
StretchBlt
DeleteDC
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
CreateFontW
CreateSolidBrush
SetBkColor
SetTextColor
GetDeviceCaps
CreateDIBSection
DeleteObject
ResetEvent
QueueUserAPC
GetLocalTime
SwitchToThread
GetThreadId
GetFileSize
GlobalMemoryStatusEx
FreeLibrary
CopyFileW
SleepEx
SystemTimeToTzSpecificLocalTime
CreateFileMappingW
CreateIoCompletionPort
MapViewOfFileEx
OpenThread
LoadLibraryExW
IsDebuggerPresent
ConnectNamedPipe
FlushFileBuffers
GetExitCodeProcess
FindFirstFileW
FindNextFileW
FindClose
QueryDosDeviceW
GetVolumeInformationW
GetLogicalDrives
FindFirstVolumeW
lstrlenW
DeviceIoControl
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
CreateDirectoryW
GetTempPathW
GetDiskFreeSpaceW
MoveFileExW
OpenEventW
VerSetConditionMask
VerifyVersionInfoW
OpenProcess
WaitForMultipleObjectsEx
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
GetProcessTimes
GlobalSize
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetFileSizeEx
GetProcessId
Thread32Next
Thread32First
DuplicateHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemDirectoryW
GetComputerNameW
SystemTimeToFileTime
TlsAlloc
TlsFree
FormatMessageA
TlsSetValue
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
TlsGetValue
RegisterWaitForSingleObject
UnregisterWaitEx
GetFileAttributesExW
GetVolumePathNamesForVolumeNameW
GetFullPathNameW
GetLocaleInfoW
GetUserDefaultLCID
MulDiv
GetVersionExW
GetSystemTime
GetModuleFileNameW
CreateTimerQueue
RtlUnwind
RemoveDirectoryA
ReplaceFileA
GetFileAttributesExA
MoveFileA
CompareStringA
RemoveDirectoryW
TerminateProcess
GetCurrentProcess
GetStartupInfoW
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
QueueUserWorkItem
RtlPcToFileHeader
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
LoadLibraryExA
VirtualQuery
VirtualProtect
PeekNamedPipe
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
GetSystemDirectoryA
GetTempFileNameA
lstrlenA
CreateDirectoryA
FindFirstFileExA
lstrcmpW
ReleaseSemaphore
SetThreadAffinityMask
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetVersionExA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
GetSystemInfo
AreFileApisANSI
K32GetProcessImageFileNameW
GetConsoleOutputCP
InitializeCriticalSection
OutputDebugStringA
TzSpecificLocalTimeToSystemTime
GetDriveTypeA
WriteConsoleW
CreateThread
ExitProcess
GetFileInformationByHandleEx
CreateMutexA
AcquireSRWLockShared
QueryPerformanceFrequency
WakeConditionVariable
SleepConditionVariableSRW
GetOverlappedResult
SetHandleInformation
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
GetEnvironmentStringsW
RtlLookupFunctionEntry
RtlCaptureContext
SetThreadStackGuarantee
ReleaseSRWLockShared
FreeEnvironmentStringsW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
LoadLibraryW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetFileType
GetEnvironmentVariableW
GetStdHandle
RtlVirtualUnwind
CreateFiber
DeleteFiber
SwitchToFiber
GetComputerNameA
FindNextFileA
FindFirstFileA
GetCurrentDirectoryW
DeleteFileA
FindFirstFileExW
WTSGetActiveConsoleSessionId
GetComputerNameExW
GetTempFileNameW
GetFileAttributesW
GetFileInformationByHandle
MapViewOfFile
SetUnhandledExceptionFilter
QueryPerformanceCounter
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExA
RtlCaptureStackBackTrace
GetModuleHandleExW
GetACP
GetSystemDefaultLCID
GetOEMCP
GetDateFormatW
CreateSemaphoreW
GetTimeFormatW
FileTimeToLocalFileTime
K32EnumProcesses
K32GetModuleFileNameExW
SetLastError
HeapCreate
TryEnterCriticalSection
ReadFile
GetTickCount
GetSystemTimeAsFileTime
WideCharToMultiByte
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
LocalFree
SignalObjectAndWait
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
CloseHandle
HeapReAlloc
DeleteFileW
LockResource
TerminateThread
GetLastError
FormatMessageW
Sleep
ProcessIdToSessionId
GetExitCodeThread
MultiByteToWideChar
PostQueuedCompletionStatus
HeapSize
GetCurrentThreadId
LocalAlloc
WaitForSingleObject
InitializeCriticalSectionEx
SetFilePointer
SetErrorMode
LeaveCriticalSection
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WriteFile
EnterCriticalSection
HeapFree
SizeofResource
HeapSetInformation
GetThreadPriority
WaitForSingleObjectEx
GetCurrentThread
FileTimeToSystemTime
SetEvent
GetTimeZoneInformation
CreateEventW
DisconnectNamedPipe
UnmapViewOfFile
ResumeThread
ReleaseMutex
CreateFileW
CreateMutexW
EnumResourceNamesW
SetEndOfFile
GetQueuedCompletionStatus
SetThreadPriority
WaitForMultipleObjects
LockFile
CreateNamedPipeW
WaitNamedPipeW
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
ExitThread
SetConsoleCtrlHandler
GetCommandLineA
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
SetStdHandle
CoInitializeEx
CLSIDFromString
WriteClassStg
StringFromGUID2
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoFreeUnusedLibraries
CoSetProxyBlanket
CoInitializeSecurity
StgCreateDocfile
CoInitialize
CoTaskMemAlloc
CreatePointerMoniker
PropVariantClear
CreateBindCtx
VariantChangeType
SysFreeString
VariantClear
VariantInit
SysAllocString
DispatchMessageW
DestroyIcon
DestroyMenu
TranslateMessage
LoadIconW
AppendMenuW
GetClassInfoExW
SetForegroundWindow
GetCursorPos
GetWindowLongW
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
MonitorFromWindow
CreatePopupMenu
LoadStringW
PostMessageW
DefWindowProcW
GetMessageW
GetWindowTextW
SystemParametersInfoW
GetForegroundWindow
IsWindowVisible
GetWindowTextLengthW
SetWindowsHookExW
UnhookWindowsHookEx
PostThreadMessageA
SetWindowLongPtrW
SetWindowTextW
GetMonitorInfoW
CallNextHookEx
GetLastInputInfo
TrackPopupMenu
RegisterClassExW
CreateWindowExW
EnumChildWindows
SetDlgItemTextW
MapWindowPoints
GetClientRect
PostQuitMessage
KillTimer
SetClipboardData
GetClipboardSequenceNumber
LoadCursorW
GetClipboardData
EmptyClipboard
GetParent
RegisterDeviceNotificationW
CloseClipboard
SetTimer
OpenClipboard
GetPriorityClipboardFormat
UnregisterDeviceNotification
GetWindowLongPtrW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
UnregisterClassW
CopyImage
GetClipboardOwner
CallWindowProcW
GetWindowThreadProcessId
UnhookWinEvent
SetWinEventHook
PostThreadMessageW
GetSystemMetrics
CharLowerBuffW
GetKeyNameTextW
MapVirtualKeyExW
GetGUIThreadInfo
GetClassNameW
GetKeyboardLayout
PeekMessageW
CharUpperBuffW
IsWindow
WindowFromPoint
MsgWaitForMultipleObjects
GetFocus
GetKeyState
ActivateKeyboardLayout
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayoutNameW
IsIconic
SendMessageW
FindWindowExW
ReleaseDC
GetDC
SendInput
mouse_event
LoadKeyboardLayoutW
keybd_event
MapVirtualKeyW
VkKeyScanExW
EnumWindows
IsDialogMessageW
ShowWindow
CreateDialogParamW
GetDlgItem
GetDesktopWindow
SetCapture
GetIconInfo
SetThreadDesktop
CloseDesktop
GetCursorInfo
OpenInputDesktop
PrintWindow
DrawIconEx
DdeAccessData
DdeUnaccessData
DdeCreateStringHandleW
DdeConnect
DdeGetLastError
DdeInitializeW
DdeUninitialize
DdeClientTransaction
DdeFreeDataHandle
DdeDisconnect
DdeFreeStringHandle
RedrawWindow
GetDlgCtrlID
GetSysColor
SetWindowLongW
SetDlgItemInt
InvalidateRect
ExitWindowsEx
MessageBeep
FlashWindow
SetFocus
OpenPrinterW
SetPrinterW
GetPrinterW
GetJobW
EnumPrintProcessorDatatypesW
FreePrinterNotifyInfo
SetJobW
FindClosePrinterChangeNotification
EnumJobsW
EnumPrintersW
FindNextPrinterChangeNotification
ClosePrinter
FindFirstPrinterChangeNotification
accept
bind
WSAIoctl
closesocket
WSASend
gethostbyname
select
ntohl
shutdown
listen
WSASetLastError
WSAStringToAddressW
WSASocketW
getpeername
ntohs
connect
WSAAddressToStringW
getservbyname
__WSAFDIsSet
WSARecv
gethostname
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
sendto
getnameinfo
freeaddrinfo
getaddrinfo
inet_addr
socket
recvfrom
recv
send
inet_ntoa
getsockopt
htons
setsockopt
WSAGetLastError
htonl
WSACleanup
WSAStartup
getsockname
ioctlsocket
UuidCreate
RpcStringFreeW
UuidToStringW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
ImageNtHeader
MiniDumpWriteDump
ord26
ord35
ord41
ord50
ord45
ord22
ord27
ord33
ord60
ord211
ord46
ord79
ord30
ord200
ord301
ord32
ord143
ord217
PR_GetError
PR_Cleanup
PR_Init
PR_ErrorToString
CERT_AsciiToName
CERT_GetCommonName
PK11_FreeSlot
PK11_ImportCert
CERT_DestroyCertificate
CERT_GetDefaultCertDB
PK11_FindCertFromDERCert
CERT_DecodeTrustString
NSS_NoDB_Init
PORT_ZAlloc
PK11_GetInternalKeySlot
CERT_DestroyName
NSS_Initialize
CERT_GetOrgName
CERT_ChangeCertTrust
PORT_Free
NSS_Shutdown
CERT_DecodeCertFromPackage
UrlEscapeA
PathFindFileNameW
PathFindExtensionW
StrCmpIW
PathAddExtensionW
PathIsDirectoryW
ord219
SHCreateStreamOnFileEx
PathMatchSpecW
PathStripPathW
PathCanonicalizeW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathStripPathA
StrToInt64ExA
PathCombineW
StrStrIW
StrToIntA
PathRemoveExtensionW
PathIsRootW
SHDeleteKeyW
PathStripToRootW
PathIsUNCW
UnloadUserProfile
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageHeight
GdipImageRotateFlip
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdiplusStartup
GdipGetImageEncoders
PdhOpenQueryW
PdhCloseQuery
PdhCollectQueryData
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhGetRawCounterValue
PdhLookupPerfNameByIndexW
PdhAddCounterW
WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW
WTSLogoffSession
WTSQueryUserToken
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Status
CM_Enable_DevNode
SetupDiEnumDeviceInterfaces
CM_Get_Device_ID_ExW
CM_Get_Sibling
CM_Get_Device_ID_Size_Ex
CM_Get_Child
CM_Disable_DevNode
CMP_WaitNoPendingInstallEvents
CM_Get_Parent_Ex
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Parent
SetupDiDestroyDeviceInfoList
FilterGetMessage
FilterReplyMessage
FilterGetDosName
FilterVolumeFindNext
FilterSendMessage
FilterConnectCommunicationPort
FilterLoad
FilterVolumeFindClose
FilterVolumeFindFirst
FilterUnload
ord9
AccessibleObjectFromWindow
AccessibleChildren
WinVerifyTrust
LsaGetLogonSessionData
LsaFreeReturnBuffer
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetApiBufferFree
NetWkstaGetInfo
DsGetDcNameW
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertAddEncodedCertificateToStore
CryptBinaryToStringA
CryptStringToBinaryA
CertFindExtension
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CryptDecodeObjectEx
CertAddCertificateContextToStore
PFXImportCertStore
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
AddInLog
GetMAPIModule
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ