2024-04-25_2423ba50cadf5dd138f24ef2c189c5cf_avoslocker_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_2423ba50cadf5dd138f24ef2c189c5cf_avoslocker_magniber
Size

5.2MB
MD5

2423ba50cadf5dd138f24ef2c189c5cf
SHA1

46145b02ac17b067c43370703c7bd3775fe82a82
SHA256

282bd8638b9846d826af59161238fb627cd292873ee9bb2e7e2640d7bca8489a
SHA512

53df6ff5e06509468520e3bcd86568f5f83a7c1559942e73d5b3e3ae8fd66633db9f3979f493b081355bcd8aa6c1184a6b57b2a7ed40922df91c1f0c65ab6b63
SSDEEP

98304:1KhON5sqoTqsW+kaVYB/pfo1lRqD7it6fneTGnYNB3u47IRH8/BV/3ns+f5Nuuh:JSbTHW+lVYlm87u6vwCYNLIRH+v3nbNp

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-25_2423ba50cadf5dd138f24ef2c189c5cf_avoslocker_magniber

Files

2024-04-25_2423ba50cadf5dd138f24ef2c189c5cf_avoslocker_magniber
.exe windows:6 windows x86 arch:x86

aa434c23caa530f964dc18d11c489479

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Git-repo\qb10frame\chrome\src\qb\features\setup\bin\Intermediate\QBSetupNew\Release\QBSetupNew.pdb

Imports

kernel32

GetSystemDirectoryW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
DecodePointer
LoadLibraryW
FreeLibrary
SetCurrentDirectoryW
lstrcmpiW
VirtualProtectEx
SetThreadContext
GetThreadContext
ReadProcessMemory
VirtualAllocEx
VirtualQuery
GetVersionExW
GetTickCount
CreateProcessW
SuspendThread
OpenThread
GetCurrentThreadId
SwitchToThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
WaitForMultipleObjects
CreateEventW
LeaveCriticalSection
EnterCriticalSection
OpenEventW
SetErrorMode
CreateMutexW
GetDiskFreeSpaceExW
GetBinaryTypeW
DeleteTimerQueue
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
LocalFree
GetSystemPowerStatus
FreeResource
TerminateThread
WriteProcessMemory
Sleep
OpenMutexW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
CompareFileTime
Module32NextW
Module32FirstW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GlobalFree
GlobalLock
GetLocalTime
SetUnhandledExceptionFilter
DuplicateHandle
GetTempPathW
GetCommandLineW
LoadLibraryExW
GetProcAddress
CopyFileW
DeleteFileW
GetPrivateProfileStringW
lstrlenW
SetLastError
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
GlobalUnlock
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetModuleFileNameW
FindResourceExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
InitializeCriticalSection
WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadFile
GetFileSize
CreateFileW
GetCurrentThread
ExitProcess
PeekNamedPipe
GetFileType
GetDriveTypeW
FindFirstFileExW
VirtualProtect
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
QueryPerformanceFrequency
LCMapStringEx
GetCPInfo
CompareStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
DeviceIoControl
K32GetMappedFileNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
ResumeThread
AssignProcessToJobObject
GetSystemDefaultLangID
FlushFileBuffers
QueryPerformanceCounter
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
LockFileEx
UnlockFile
DeleteFileA
GetVersionExA
LoadLibraryA
CreateFileA
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
VirtualQueryEx
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
LocalAlloc
ExpandEnvironmentStringsW
FormatMessageW
WritePrivateProfileStringW
lstrcatW
lstrcpyW
QueryDosDeviceW
GetExitCodeProcess
OpenProcess
lstrcpynW
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSectionEx
MulDiv
VirtualFree
VirtualAlloc
MoveFileExW
CreateDirectoryW
SetFilePointer
GetFileInformationByHandle
SetFileTime
SetEndOfFile
GetStdHandle
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
GetSystemInfo
GlobalMemoryStatus
GetWindowsDirectoryW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetShortPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempFileNameW

user32

GetActiveWindow
EnableWindow
GetWindowTextW
GetSysColor
GetParent
PtInRect
GetMessageW
TranslateMessage
DispatchMessageW
IsIconic
CharNextW
SetWindowPos
EndDialog
GetClientRect
GetWindowRect
ScreenToClient
SetWindowTextW
FillRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetAsyncKeyState
ShowWindow
SendMessageTimeoutW
CopyRect
InvalidateRect
LoadCursorW
SetWindowLongW
GetWindowLongW
PostThreadMessageW
LoadStringW
CreateIconFromResourceEx
MessageBoxW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetDlgItem
RedrawWindow
MoveWindow
CharLowerW
CharPrevExA
CharUpperW
FrameRect
IsWindowVisible
SendInput
GetForegroundWindow
SetForegroundWindow
EnumWindows
SetWindowRgn
DestroyWindow
IsWindow
DefWindowProcW
PostMessageW
SendMessageW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
PostQuitMessage
GetDesktopWindow
DrawTextW
DrawFocusRect
SetFocus
SetCaretPos
CreateCaret
ShowCaret
GetWindowTextLengthW
GetFocus
ClientToScreen
GetWindowDC
ReleaseDC
MapWindowPoints
GetDC
PeekMessageW
GetIconInfo
UpdateLayeredWindow
DestroyIcon
UpdateWindow
SetRectEmpty
GetSystemMetrics
LoadImageW
IsRectEmpty
EqualRect
OffsetRect
KillTimer
SetTimer
SetCapture
ReleaseCapture
UnionRect
GetCursorPos
IntersectRect
IsWindowEnabled
BeginPaint
EndPaint
EnumChildWindows
SetCursor
IsZoomed

gdi32

ExtSelectClipRgn
CreateCompatibleDC
SetViewportOrgEx
CreateDIBSection
BitBlt
CreateRectRgnIndirect
SelectClipRgn
RectVisible
GetClipBox
GetViewportOrgEx
RestoreDC
SaveDC
CreateFontIndirectW
DeleteDC
MoveToEx
SelectObject
LineTo
DeleteObject
CreatePen
ExtTextOutW
SetBkColor
GetStockObject
CreateSolidBrush
GetTextMetricsW
SetBkMode
SetTextColor
CreateCompatibleBitmap
CreatePatternBrush
GetObjectA
GetBitmapBits
SetBitmapBits
GetTextExtentExPointW
GetTextExtentPoint32W
GetCurrentObject
SetDIBColorTable
CombineRgn
GetDeviceCaps
GetPixel
CreateBitmap
GetDIBits
GetObjectW

advapi32

GetSidIdentifierAuthority
RegOpenKeyExA
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
ConvertSidToStringSidW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
CheckTokenMembership
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegEnumValueW
RegNotifyChangeKeyValue
RegEnumKeyW
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetLengthSid
GetUserNameW
LookupAccountNameW
RegQueryValueExA

shell32

SHGetFolderPathW
SHParseDisplayName
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
ord75
SHGetFolderLocation
SHChangeNotify
SHGetSpecialFolderLocation
SHGetMalloc
ord165
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
CoCreateGuid
OleInitialize
OleUninitialize
PropVariantClear
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VariantClear
VarUI4FromStr
VariantCopy
VariantInit
SysAllocStringByteLen
SysAllocString
SysFreeString

shlwapi

PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathFindFileNameW
StrRetToBufW
PathRenameExtensionW
PathCombineW
SHCopyKeyW
PathCanonicalizeW
PathRemoveFileSpecW
SHDeleteValueW
PathIsDirectoryEmptyW
SHDeleteKeyW
PathIsDirectoryW
SHGetValueW
PathAppendW
PathMatchSpecW
PathFindExtensionW
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

psapi

GetProcessImageFileNameW

urlmon

URLDownloadToCacheFileW

wininet

DeleteUrlCacheEntryW

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCreateLineBrush
GdipCreatePen1
GdipCloneBrush
GdipSetPenWidth
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawEllipseI
GdipFillEllipseI
GdipFree
GdipAlloc
GdipDeletePen
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipDisposeImage
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectRectI
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromResource
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipSaveImageToStream
GdipGetImagePixelFormat
GdipGetImageThumbnail
GdipCreateBitmapFromHICON
GdipCreateHICONFromBitmap
GdipBitmapGetPixel
GdiplusStartup
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontSize
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipDrawPath
GdipFillPath
GdipCreateHBITMAPFromBitmap
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneBitmapAreaI

netapi32

NetWkstaTransportEnum
NetApiBufferFree
NetGetJoinInformation
Netbios

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle

ws2_32

ntohs
htonl
ntohl
htons

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa434c23caa530f964dc18d11c489479

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

psapi

urlmon

wininet

gdiplus

netapi32

version

winhttp

ws2_32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 363KB - Virtual size: 362KB

.data Size: 26KB - Virtual size: 122KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 174KB - Virtual size: 174KB

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 363KB - Virtual size: 362KB

.data
Size: 26KB - Virtual size: 122KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 174KB - Virtual size: 174KB

.reloc
Size: 73KB - Virtual size: 72KB