2024-04-29_c808723dc048da405cd3f47936e2a117_avoslocker_gazer

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-29_c808723dc048da405cd3f47936e2a117_avoslocker_gazer
Size

7.2MB
MD5

c808723dc048da405cd3f47936e2a117
SHA1

83568825c6aaecfcf8937a26cf85269fecfd6631
SHA256

2f1b132773095d21b1179efa72b6552c718735b3c93439b808228ff300b2617c
SHA512

46995ac52e6b36ecb83abf9caded4609cb5d14b778f4579b608cc8d43911caef0595078b0508555b779cd9e23d6642a581e1851343b86f58441e0ca2dbc5a7f1
SSDEEP

98304:KBNZr99TwcAktGW5nBJFtuVIkeMaFV7hfl2UGtquKFUl:uZr/VAktGSBeIk5CWt5X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-29_c808723dc048da405cd3f47936e2a117_avoslocker_gazer

Files

2024-04-29_c808723dc048da405cd3f47936e2a117_avoslocker_gazer
.exe windows:6 windows x86 arch:x86

3be136def107e28c69c3651ca1aec69d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\工作\openvpn\openvpn\Release\tuziip.pdb

Imports

ws2_32

recvfrom
sendto
gethostname
WSARecv
freeaddrinfo
recv
socket
WSASocketW
WSAAddressToStringW
WSAStringToAddressW
getaddrinfo
ioctlsocket
listen
htonl
ntohl
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
WSARecvFrom
__WSAFDIsSet
gethostbyname
inet_ntoa
closesocket
accept
WSASendTo
send
WSAGetLastError
WSASend
inet_addr
WSACleanup
WSAStartup

kernel32

CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
CreatePipe
GetExitCodeProcess
CreateProcessW
CreateProcessA
SetEvent
QueueUserAPC
TerminateThread
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
CreateFileW
LoadLibraryA
GetModuleHandleA
GetVersionExA
GetLocalTime
GetModuleHandleW
IsBadReadPtr
FindResourceW
SizeofResource
LockResource
CreateSemaphoreW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetACP
IsValidCodePage
WaitForSingleObject
GetTimeZoneInformation
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetStdHandle
GetModuleHandleExW
ExitThread
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadResource
SetProcessAffinityMask
VirtualFree
VirtualProtect
Process32FirstW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
FreeResource
SetLastError
GetFullPathNameW
FindFirstFileW
FindClose
GetTickCount
MulDiv
GetFileAttributesW
Sleep
FlushInstructionCache
GetCurrentProcess
HeapDestroy
HeapCreate
InitializeCriticalSection
FreeLibrary
WaitForSingleObjectEx
CreateEventA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
SetCurrentDirectoryW
GetFileInformationByHandle
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
LocalFree
FormatMessageW
FormatMessageA
GetSystemDirectoryW
MultiByteToWideChar
AreFileApisANSI
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
SetThreadPriority
RaiseException
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
UnmapViewOfFile
CreateFileMappingW
lstrlenA
lstrcpyW
lstrcpyA
Process32NextW
GetFileSize
GetNativeSystemInfo
TlsFree
SetHandleInformation
GlobalAlloc
GlobalFree
HeapAlloc
GetProcessHeap
HeapFree
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
GetVersionExW
CreateEventW
GetProcAddress
GetFileTime
RemoveDirectoryW
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
lstrlenW
VirtualAlloc
RtlCaptureStackBackTrace
SetFileTime
DeviceIoControl
DosDateTimeToFileTime
SetFilePointer
GlobalLock
GlobalUnlock
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
GetExitCodeThread
SwitchToThread
TryEnterCriticalSection
Process32Next
Process32First
GetOEMCP
WTSGetActiveConsoleSessionId
VerifyVersionInfoW
RegisterWaitForSingleObject
CreateFileMappingA
UnregisterWaitEx
MapViewOfFile
GetTickCount64
GetCurrentThread
CreateMutexW
ReleaseMutex
WriteFile
ReadFile
CreateFileA
GetLastError
WideCharToMultiByte
GetWindowsDirectoryW
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameW
DuplicateHandle
LoadLibraryW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
InitializeCriticalSectionAndSpinCount
CancelIo
GetOverlappedResult
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetFileSizeEx
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
InitializeCriticalSectionEx
WriteConsoleW
CreateWaitableTimerA
GetLogicalProcessorInformation
GetSystemInfo
ResumeThread
GetCurrentProcessId
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
TlsSetValue
TlsGetValue
SleepConditionVariableSRW
WakeAllConditionVariable
FindNextFileW
MoveFileExW
CopyFileW
CreateDirectoryExW
GetEnvironmentVariableW

user32

MonitorFromWindow
IsWindow
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
SetFocus
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
CreateCaret
GetCaretBlinkTime
HideCaret
CreateIconIndirect
OemToCharBuffW
DrawIconEx
SetCaretPos
ScreenToClient
CopyRect
InflateRect
UnionRect
GetClassNameW
SetRect
EqualRect
PtInRect
DestroyCursor
GetFocus
GetKeyState
LoadIconW
EnableWindow
IsWindowEnabled
SetActiveWindow
GetDesktopWindow
EnableMenuItem
LoadCursorW
TrackMouseEvent
CharNextW
GetIconInfo
LoadBitmapW
CreateIconFromResource
LoadImageW
IsMenu
CreatePopupMenu
DestroyMenu
CheckMenuItem
GetMenuItemCount
InsertMenuW
AppendMenuW
DeleteMenu
TrackPopupMenu
DestroyWindow
GetActiveWindow
GetWindowLongW
SetWindowLongW
GetWindowRect
IsRectEmpty
MoveWindow
ShowWindow
SendMessageW
PostMessageW
OffsetRect
MessageBoxA
FindWindowW
SystemParametersInfoW
GetLastActivePopup
SetForegroundWindow
MessageBoxW
GetForegroundWindow
SwitchToThisWindow
IntersectRect
SetCursor
RegisterWindowMessageW
GetWindow
IsWindowVisible
GetCursorPos
SetTimer
KillTimer
DestroyIcon
DefWindowProcW
GetMonitorInfoW
GetSysColor
CallWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetDlgItem
GetClientRect
MapWindowPoints
PostQuitMessage
ClientToScreen
MsgWaitForMultipleObjects
GetMenuInfo
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetWindowPlacement
GetSystemMetrics
SetMenuInfo
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuContextHelpId
GetMenuItemInfoW
GetParent

gdi32

GdiFlush
ExtTextOutW
SetWorldTransform
SetViewportOrgEx
CreateCompatibleBitmap
GetDCOrgEx
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
CreateBitmap
EnumFontsW
GetObjectW
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
CreateRoundRectRgn
DeleteObject
SetGraphicsMode
GetDeviceCaps
BitBlt
GetTextFaceW
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
CreateDIBitmap
CreateDCW
StretchDIBits
GetCurrentObject
GetViewportOrgEx
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

CryptGenRandom
RegDeleteTreeA
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
RegOpenCurrentUser
GetUserNameA
LookupPrivilegeValueA
RevertToSelf
ImpersonateSelf
ImpersonateLoggedOnUser
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
GetTokenInformation
FreeSid
EqualSid
DuplicateToken
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
RegGetValueA
CryptCreateHash
CryptHashData
CryptDestroyHash
SetThreadToken
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
AllocateAndInitializeSid

shell32

SHGetKnownFolderPath
ShellExecuteW
Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
OleUninitialize
CoCreateGuid
CreateBindCtx
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleInitialize

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
VariantInit
VariantClear
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

StrToIntExW

aes

RasDecrypt

iphlpapi

ConvertInterfaceIndexToLuid
FreeMibTable
GetIpForwardTable2
IpRenewAddress
IpReleaseAddress
GetAdapterIndex
FlushIpNetTable
IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetPerAdapterInfo
GetAdaptersInfo
GetInterfaceInfo
GetIpAddrTable
DeleteIpForwardEntry
CreateIpForwardEntry
GetIpForwardTable

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmAssociateContext

msimg32

AlphaBlend

gdiplus

GdiplusShutdown
GdipFree
GdipAlloc
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders

crypt32

CertFreeCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

fwpuclnt

FwpmEngineOpen0
FwpmFilterAdd0
FwpmSubLayerAdd0
FwpmGetAppIdFromFileName0
FwpmFreeMemory0
FwpmEngineClose0

wininet

InternetSetOptionA

setupapi

SetupDiGetClassDevsExA
SetupDiOpenDevRegKey
CM_Get_Device_Interface_List_SizeA
SetupDiDestroyDeviceInfoList
CM_Get_Device_Interface_ListA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo

rpcrt4

UuidCreate

wtsapi32

WTSQueryUserToken

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

opengl32

wglGetProcAddress
wglGetCurrentContext

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3be136def107e28c69c3651ca1aec69d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

aes

iphlpapi

imm32

msimg32

gdiplus

crypt32

wldap32

fwpuclnt

wininet

setupapi

rpcrt4

wtsapi32

usp10

opengl32

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 116KB - Virtual size: 220KB

.rsrc Size: 285KB - Virtual size: 285KB

.reloc Size: 286KB - Virtual size: 285KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 116KB - Virtual size: 220KB

.rsrc
Size: 285KB - Virtual size: 285KB

.reloc
Size: 286KB - Virtual size: 285KB