2024-04-27_7078413d4327cbdb759ac1373ba618d4_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_7078413d4327cbdb759ac1373ba618d4_avoslocker_revil
Size

2.4MB
MD5

7078413d4327cbdb759ac1373ba618d4
SHA1

8a2045f44776ae02277c3f686d2b04e5adfd3084
SHA256

16acce0e55115a1ccddaf934d54c9187f223d7f9dc8ebb208ab1e98ee5f1a07d
SHA512

448c19ededb38886e775f50eefa5264da31e56b87d04e3a8e2685a22979ee98af5edd01b28e392ff400493426dc30d69b6fadc8415a3fb5bcb1510286d48b80c
SSDEEP

49152:dC5OUrTV6O9Cd1BCM59paIR1cd0XJlxZAVgW+0MW/rr1Dmg27RnWGj:cZ6O2n3Xc+XJlxZEg6D527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_7078413d4327cbdb759ac1373ba618d4_avoslocker_revil

Files

2024-04-27_7078413d4327cbdb759ac1373ba618d4_avoslocker_revil
.exe windows:5 windows x86 arch:x86

1491bf9ada710316d64ea22dfe030144

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gocart-client-build\win-intel\build\gocartclient\public\gcvalidator\binaries\windows\release\AdobeGenuineValidator.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetEnvironmentVariableA
QueryPerformanceCounter
GetTempPathW
GetModuleHandleExW
OutputDebugStringA
CreateFileW
ReadFile
WriteFile
FindClose
FindNextFileW
GetFileAttributesW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryW
GetTimeZoneInformation
TryEnterCriticalSection
GetFileSizeEx
GetLocalTime
GetTimeFormatW
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetStdHandle
GetFileType
GetModuleHandleA
GetModuleHandleW
ResetEvent
LoadLibraryA
GlobalMemoryStatus
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
CreateThread
FlushConsoleInputBuffer
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
TlsFree
MultiByteToWideChar
GetModuleFileNameW
GetTickCount
TerminateProcess
GetCurrentProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
CreateDirectoryW
SetEnvironmentVariableW
WideCharToMultiByte
CopyFileW
lstrlenW
lstrcmpW
lstrcmpA
LocalFree
LocalAlloc
DeleteFileW
SetErrorMode
GetCommandLineW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
GetDriveTypeW
MoveFileExW
ExitProcess
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
ReadConsoleW
GetCurrentDirectoryW
SetStdHandle
SetConsoleMode
ReadConsoleInputW
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

DeleteService
ReportEventA
RegisterEventSourceA
DeregisterEventSource
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
CreateWellKnownSid
SetEntriesInAclW
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysStringByteLen
SysFreeString
SysAllocString
VariantClear
VariantTimeToSystemTime
SysAllocStringByteLen

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject

wintrust

WinVerifyTrust

shlwapi

PathRenameExtensionW
PathIsDirectoryW
PathAppendW
PathIsFileSpecW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathAddExtensionW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1491bf9ada710316d64ea22dfe030144

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

wintrust

shlwapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 60KB - Virtual size: 76KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 60KB - Virtual size: 76KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 648KB - Virtual size: 652KB