2024-04-25_ca93001d4b8b4596512783e1dd87e1a0_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-25_ca93001d4b8b4596512783e1dd87e1a0_avoslocker_revil
Size

5.0MB
MD5

ca93001d4b8b4596512783e1dd87e1a0
SHA1

304d14f41638d2472b21655c0ac94ed5d270ce95
SHA256

4735cdf61320be68e63bcab3e21220ab6588cda9a7d527ec05e5cc2925469133
SHA512

d5f5c4a24594ff5e86dc6bac5b0f085fd6797083cb1609113ada9d2651c81c84f6f1a6c44cc153544128cc1db881b95e506b7c31042c979bcd46adb57a6907c3
SSDEEP

98304:pbStgbPUAnHMmj0M7Dq6qFrk7PH8SHJf8dkGoJCBPpbZCIHaIrxY8r5LwQ7NrbW5:pggvHMy0MK0pUd5uEg8Y8r5L7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-25_ca93001d4b8b4596512783e1dd87e1a0_avoslocker_revil

Files

2024-04-25_ca93001d4b8b4596512783e1dd87e1a0_avoslocker_revil
.exe windows:6 windows x86 arch:x86

a22bdb844d0d88085ee4e19f1b62be27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\source\repos\legacy-v7\Release\DictationTypist.pdb

Imports

winmm

waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutSetVolume
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutUnprepareHeader
waveOutGetNumDevs
waveOutGetVolume
waveOutGetDevCapsA
PlaySoundA

crypt32

CertOpenSystemStoreA
CertVerifyTimeValidity
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore

kernel32

InitializeCriticalSectionEx
LCMapStringEx
GetStringTypeW
OutputDebugStringW
InitializeSListHead
DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
Sleep
CloseHandle
SetEvent
WaitForSingleObjectEx
CreateEventA
GetCurrentThreadId
GetTickCount
LocalFree
FormatMessageA
CreateFileA
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceFrequency
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
GetSystemInfo
CreateWaitableTimerA
GetSystemTimeAsFileTime
GetFileType
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
SleepEx
ExpandEnvironmentStringsA
PeekNamedPipe
RtlUnwind
VirtualAlloc
VirtualQuery
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
ExitProcess
GetModuleHandleExW
SetStdHandle
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetFullPathNameW
SetConsoleCtrlHandler
GetConsoleCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetFileAttributesExW
DeleteFileW
GetTimeZoneInformation
MoveFileExW
GetCurrentDirectoryW
CreateDirectoryW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleMode
ReadConsoleInputW
WriteConsoleW
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
SearchPathA
VerifyVersionInfoA
VerSetConditionMask
FindResourceExW
SetErrorMode
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
LocalReAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LocalAlloc
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetStringTypeExA
GetThreadLocale
MoveFileA
GetVolumeInformationA
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFileSize
GetStdHandle
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileA
SetFileTime
GetFullPathNameA
DeleteFileA
GetTempPathA
GetTempFileNameA
FlushFileBuffers
GetFileTime
GetDiskFreeSpaceA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SuspendThread
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
GetModuleHandleW
GetModuleFileNameW
OutputDebugStringA
lstrcmpA
FileTimeToSystemTime
CopyFileExA
QueryDosDeviceA
GetProfileIntA
GetShortPathNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentThread
GetCurrentProcessId
SetLastError
WriteFile
LockFileEx
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
GetCurrentDirectoryA
SetFilePointerEx
GetFileSizeEx
SetThreadPriority
ResetEvent
CreateMutexA
ReleaseMutex
InitializeCriticalSection
MulDiv
GlobalSize
GlobalReAlloc
GetVersionExA
IsDBCSLeadByte
GetComputerNameA
IsBadStringPtrA
IsBadReadPtr
MoveFileExA
FindResourceA
CreateSemaphoreA
lstrcpyA
lstrcmpiA
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
LoadLibraryExA
GetModuleFileNameA
OpenProcess
GetCurrentProcess
ReleaseSemaphore
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
CreateDirectoryA
GetVersion
GetModuleHandleA
GetExitCodeThread
CreateThread
WaitForMultipleObjects
WaitForSingleObject
CancelIo
GetOverlappedResult
CopyFileA
ResumeThread
TerminateProcess

user32

IsDialogMessageA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
GetClassLongA
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetActiveWindow
SetMenu
GetMenu
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
CreateDialogIndirectParamA
IsMenu
GetClassInfoExA
GetMessageTime
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
GetWindowDC
InsertMenuA
GetMenuState
GetMenuStringA
DestroyCursor
CreateCursor
MapDialogRect
GetIconInfo
GetLastActivePopup
InsertMenuItemA
DestroyIcon
UnpackDDElParam
ReuseDDElParam
SetWindowRgn
LoadCursorW
ShowOwnedPopups
IsZoomed
UnionRect
RegisterClipboardFormatA
SetWindowContextHelpId
CharUpperA
RealChildWindowFromPoint
GetAsyncKeyState
EndDialog
DrawMenuBar
SetFocus
RegisterWindowMessageW
CallMsgFilterA
GetNextDlgTabItem
DestroyMenu
GetMenuItemInfoA
GetMessageA
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
IsChild
LoadMenuA
TrackMouseEvent
LoadImageW
GetSystemMenu
DeleteMenu
LoadAcceleratorsW
UnregisterClassA
DrawFrameControl
SendMessageA
PostMessageA
EnableWindow
InvalidateRect
GetClientRect
GetSysColor
WindowFromPoint
GetDoubleClickTime
IntersectRect
InvertRect
ClipCursor
ReleaseCapture
SetCapture
GetCapture
IsClipboardFormatAvailable
GetMessagePos
IsRectEmpty
DrawEdge
ReleaseDC
GetDC
GetUserObjectInformationW
GetProcessWindowStation
SystemParametersInfoA
LoadImageA
LoadCursorA
CheckMenuRadioItem
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
EnumThreadWindows
GetDesktopWindow
SetRect
ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
ShowCursor
MessageBoxA
GetWindowTextA
SetWindowTextA
ValidateRect
SwitchToThisWindow
UpdateWindow
RemoveMenu
AppendMenuA
GetMenuItemCount
CheckMenuItem
CreatePopupMenu
MsgWaitForMultipleObjectsEx
mouse_event
keybd_event
GetFocus
GetActiveWindow
CharNextA
GetDlgItem
IsIconic
CallWindowProcA
PostQuitMessage
SendMessageW
TranslateMessage
LoadIconW
GetCursorPos
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuW
LoadIconA
GetSysColorBrush
MessageBeep
DrawIcon
DestroyWindow
CreateWindowExA
RegisterClassExA
RegisterDeviceNotificationA
RegisterWindowMessageA
PtInRect
GetUpdateRect
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
PostThreadMessageA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
GetMenuDefaultItem
DrawIconEx
EnableScrollBar
HideCaret
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
SetClassLongA
CopyIcon
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
ModifyMenuA
CharUpperBuffA
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
SetParent
SendMessageTimeoutA
GetWindow
GetTopWindow
GetClassNameA
EnumWindows
FindWindowA
EnumChildWindows
GetWindowLongA
GetWindowRect
SetForegroundWindow
GetForegroundWindow
GetSystemMetrics
KillTimer
GetKeyState
IsWindowVisible
SetWindowPos
ShowWindow
IsWindow
GetClassInfoA
RegisterClassA
DefWindowProcA
PeekMessageA
DispatchMessageA
SetTimer
CopyImage
LoadBitmapW
GetParent
SetWindowLongA
OffsetRect
InflateRect
CopyRect
SetRectEmpty
FrameRect
FillRect
DrawFocusRect

gdi32

IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetRectRgn
CreateEllipticRgn
Ellipse
CreateDIBSection
GetCharWidthA
StretchDIBits
GetRgnBox
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateDCA
CopyMetaFileA
SetBkColor
SelectObject
DeleteDC
CreateBitmap
PatBlt
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetPixel
GetStockObject
SetPixel
GetObjectA
CreatePen
CreateRectRgnIndirect
CreateSolidBrush
Escape
GetBkColor
GetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
Rectangle
TextOutA
ExtTextOutA
DPtoLP
GetObjectType
LPtoDP
GetTextColor
GetTextExtentPoint32A
CreateFontIndirectA
GetCurrentObject
GetDeviceCaps
GetTextMetricsA
CreateFontA
CombineRgn

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptEnumProvidersA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
CryptSignHashA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegSetValueA
RegEnumValueA

shell32

SHAppBarMessage
SHGetDesktopFolder
ExtractIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA
ShellExecuteExA
Shell_NotifyIconA

comctl32

ord8
ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_AddMasked

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA
StrFormatKBSizeA

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoGetClassObject
CreateStreamOnHGlobal
CoDisconnectObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleGetClipboard
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoInitialize
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
SafeArrayDestroy
SysStringLen
VariantCopy
VariantInit
SysAllocString
VarDateFromStr
VariantChangeType
VariantClear
VarUdateFromDate
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString

oledlg

ord8

wldap32

ord45
ord143
ord217
ord301
ord46
ord211
ord60
ord30
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord200

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

getservbyname
gethostbyname
ntohl
htonl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
shutdown

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdiplusShutdown
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

wininet

InternetGetConnectedState
InternetDial

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

normaliz

IdnToAscii

Exports

Exports

?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?unlock@singleton_module@serialization@boost@@QAEXXZ

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.importa
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a22bdb844d0d88085ee4e19f1b62be27

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

crypt32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

wldap32

setupapi

version

ws2_32

gdiplus

oleacc

wininet

imm32

normaliz

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 897KB - Virtual size: 897KB

.data Size: 75KB - Virtual size: 108KB

.importa Size: 512B - Virtual size: 308B

.rsrc Size: 167KB - Virtual size: 167KB

.reloc Size: 259KB - Virtual size: 259KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 897KB - Virtual size: 897KB

.data
Size: 75KB - Virtual size: 108KB

.importa
Size: 512B - Virtual size: 308B

.rsrc
Size: 167KB - Virtual size: 167KB

.reloc
Size: 259KB - Virtual size: 259KB