2024-04-29_f6402b24f0a96f3311e00e78d59280af_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-29_f6402b24f0a96f3311e00e78d59280af_avoslocker
Size

2.3MB
MD5

f6402b24f0a96f3311e00e78d59280af
SHA1

80ddf77c0fa053a237d59c6fd3646b6624dc8e09
SHA256

a6f33a250da3b153bd2bd62123b4f2355da62c571107470345e6f266a24b18be
SHA512

350226c9b6a58dbde7c35538370e8a0dfe6da4d2cd00a15c387cf76510e2232a17c57382f4e97d4179ab709561a2521b174ab23b96dce5d791d63314ba8d9231
SSDEEP

49152:HsITmJIpgHSV/SNjkRrkEdxvPPGy4dsDXgt3aDuOGpeEjJ4me2:HvmJmgqS9kRrkEdKs0t3KdGpeEjJ4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-29_f6402b24f0a96f3311e00e78d59280af_avoslocker

Files

2024-04-29_f6402b24f0a96f3311e00e78d59280af_avoslocker
.exe windows:6 windows x86 arch:x86

20eddb35a0b7d77c57ecdf3de02ef96a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

setsockopt
bind
inet_ntoa
sendto
accept
listen
send
recv
WSACleanup
WSAGetLastError
closesocket
gethostbyname
select
shutdown
WSACancelBlockingCall
WSAStartup
ioctlsocket
getsockname
socket
ntohs
inet_addr
recvfrom
getsockopt
htons

winmm

timeGetDevCaps
joyGetDevCapsA
timeBeginPeriod
timeGetTime
joyGetPosEx
timeEndPeriod

opengl32

wglMakeCurrent
wglDeleteContext
wglCreateContext
wglGetProcAddress

dinput

DirectInputCreateA

ddraw

DirectDrawCreate

openal32

alBufferData
alBufferiv
alDeleteBuffers
alDeleteSources
alDistanceModel
alGenBuffers
alGenSources
alGetError
alGetProcAddress
alGetSourcei
alGetString
alIsExtensionPresent
alListener3f
alListenerfv
alSource3f
alSource3i
alSourcePause
alSourcePlay
alSourceQueueBuffers
alSourceStop
alSourceUnqueueBuffers
alSourcef
alSourcei
alcCloseDevice
alcCreateContext
alcDestroyContext
alcGetIntegerv
alcIsExtensionPresent
alcMakeContextCurrent
alcOpenDevice

kernel32

CompareStringW
FindFirstFileExW
FreeLibraryAndExitThread
ExitThread
ReadConsoleW
GetConsoleMode
WriteConsoleW
GetModuleFileNameW
GetStdHandle
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
FindFirstFileA
FindNextFileA
FindClose
Sleep
HeapCreate
HeapFree
HeapSize
GetLastError
HeapReAlloc
HeapAlloc
HeapCompact
HeapDestroy
GlobalMemoryStatus
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GlobalFree
lstrlenA
CreateMutexA
WaitForSingleObject
lstrcatA
lstrcpyA
CloseHandle
CreateProcessA
WriteFile
PurgeComm
SetupComm
EscapeCommFunction
CreateFileA
GetCommState
SetCommMask
SetCommTimeouts
SetCommState
GetDriveTypeA
SetFileTime
GetVolumeInformationA
GetFileAttributesExW
OpenProcess
SetCurrentDirectoryA
DeleteFileA
GetLogicalDriveStringsA
GetCurrentProcessId
CreateDirectoryA
GetTempFileNameA
GetFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
DebugBreak
GetModuleFileNameA
SetFilePointer
UnmapViewOfFile
GetVersion
FileTimeToSystemTime
GlobalAlloc
GetSystemInfo
GlobalLock
CreateFileMappingA
GetFileSize
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
IsBadReadPtr
MapViewOfFile
GlobalUnlock
VirtualQuery
GetComputerNameA
ResumeThread
SetEvent
CreateThread
ResetEvent
InitOnceBeginInitialize
FindNextFileW
InitOnceComplete
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFileAttributesW
GetConsoleOutputCP
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
SetFilePointerEx
GetFileSizeEx
LCMapStringW
FlushFileBuffers
OutputDebugStringW
MultiByteToWideChar
SetEndOfFile
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
GetTimeZoneInformation
GetCurrentDirectoryA
DecodePointer

user32

SetCursorPos
GetCursorPos
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
ChangeDisplaySettingsA
EnumDisplaySettingsA
GetClientRect
SetRect
WaitForInputIdle
SetCaretPos
MessageBoxA
LoadImageA
DispatchMessageA
GetRawInputData
PeekMessageA
AdjustWindowRectEx
GetWindowRect
GetDC
GetSystemMetrics
ClipCursor
CloseClipboard
RegisterRawInputDevices
HideCaret
ClientToScreen
ScreenToClient
SetForegroundWindow
EndPaint
UpdateWindow
UnregisterClassA
BeginPaint
CreateWindowExA
InvalidateRect
DefWindowProcA
RegisterClassA
MoveWindow
GetSystemMenu
EnableMenuItem
ShowCaret
GetForegroundWindow
SetWindowLongA
ReleaseDC
DestroyCaret
GetClassNameA
SetWindowPos
TranslateMessage
SendMessageA
AdjustWindowRect
DestroyWindow
ShowCursor
CreateCaret
SetClipboardData
EmptyClipboard
wvsprintfA
OpenClipboard
GetActiveWindow
ShowWindow
wsprintfA

gdi32

ChoosePixelFormat
SwapBuffers
GetDeviceGammaRamp
GetTextMetricsA
TextOutA
DescribePixelFormat
SetDeviceGammaRamp
DeleteObject
DeleteDC
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
SetPixelFormat
GetStockObject

ole32

CoCreateInstance
CoInitialize

advapi32

GetUserNameA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20eddb35a0b7d77c57ecdf3de02ef96a

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

opengl32

dinput

ddraw

openal32

kernel32

user32

gdi32

ole32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 149KB - Virtual size: 148KB

.data Size: 66KB - Virtual size: 11.7MB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 122KB - Virtual size: 122KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 149KB - Virtual size: 148KB

.data
Size: 66KB - Virtual size: 11.7MB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 122KB - Virtual size: 122KB