privateloader | 2024-05-01_c2b82a8c1f0bc11b12e25e00dc58a42f_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-01_c2b82a8c1f0bc11b12e25e00dc58a42f_avoslocker
Size

10.5MB
MD5

c2b82a8c1f0bc11b12e25e00dc58a42f
SHA1

ca6bf5594b34faf4a4142832d60d538e9ec44c29
SHA256

978008ac42e8c544605219fee8a6dac2188e50cd7c1a964b9c48340ceb836aa0
SHA512

f16cd4b7d3fea46c25af1ae5d7fe4cd76f99314feb413395da5f45a3220f6009eb1013f4adb378f5b164c9292c7e54b0744ca852e7aa45c4513efa3b1fec90e2
SSDEEP

98304:5Zf/WldEdoKiFDzOhbUBYWzCQCtJQ3sSYXlx:5ZnWf0shKl

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_c2b82a8c1f0bc11b12e25e00dc58a42f_avoslocker

Files

2024-05-01_c2b82a8c1f0bc11b12e25e00dc58a42f_avoslocker
.exe windows:6 windows x86 arch:x86

117343435ea6ea6e29929ee27c3d6b4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\jenkins\workspace\mgs_wind3d11_steam\m2engage\bin\WIN32.D3D11.X86\Release\m2engage.pdb

Imports

steam_api

SteamInternal_ContextInit
SteamAPI_UnregisterCallResult
SteamInternal_FindOrCreateUserInterface
SteamAPI_RegisterCallResult
SteamAPI_GetHSteamUser
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_RunCallbacks

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
CoSetProxyBlanket
CoInitialize

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DReflect

comdlg32

GetSaveFileNameA
GetOpenFileNameA

dinput8

DirectInput8Create

oleaut32

SysFreeString
SysAllocString

netapi32

Netbios

iphlpapi

GetAdaptersInfo

kernel32

SetStdHandle
FreeEnvironmentStringsW
GetConsoleOutputCP
GetConsoleMode
HeapSize
WriteConsoleW
lstrlenA
GetVersionExA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
SetEnvironmentVariableW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
ReadFile
FindFirstFileA
WriteFile
FindNextFileA
FindClose
CreateFileA
CloseHandle
GetDynamicTimeZoneInformation
GetCurrentDirectoryA
SetCurrentDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetFileSizeEx
CreateFileW
GetLastError
SetFilePointerEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringA
GetSystemInfo
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetModuleHandleA
GetProcAddress
WaitForSingleObject
InitializeCriticalSection
Sleep
DeleteCriticalSection
LoadLibraryA
FreeLibrary
FormatMessageA
VirtualFree
VirtualAlloc
VirtualQuery
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetFileSize
CreateEventA
ReleaseSemaphore
CreateSemaphoreA
GetModuleFileNameA
SetThreadPriority
ResumeThread
SetEvent
TerminateThread
CreateThread
GetPrivateProfileStringA
QueryPerformanceFrequency
QueryPerformanceCounter
FindFirstFileW
FindNextFileW
GetCurrentThreadId
OutputDebugStringW
DeleteFileW
GetSystemTimeAsFileTime
DeleteFileA
CreateDirectoryA
GetCurrentProcess
GetProcessAffinityMask
SetThreadIdealProcessor
SizeofResource
FindResourceA
FreeResource
LockResource
LoadResource
GetCurrentDirectoryW
SetCurrentDirectoryW
FlushFileBuffers
SetFilePointer
IsProcessorFeaturePresent
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
IsValidCodePage
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameW
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetProcessHeap
FindFirstFileExW

user32

GetForegroundWindow
MessageBoxA
GetCursorPos
SetCursorPos
SendMessageA
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetKeyboardLayoutNameA
EnumDisplaySettingsA
GetMonitorInfoA
MonitorFromWindow
GetWindowTextW
ReleaseDC
IsIconic
InvalidateRect
ShowCursor
SetForegroundWindow
RegisterClassExA
PostQuitMessage
KillTimer
PeekMessageA
IsZoomed
GetClientRect
LoadIconA
SetCursor
TranslateMessage
SetFocus
CreateWindowExA
DefWindowProcA
GetPropA
AttachThreadInput
GetWindowLongA
CallWindowProcA
ClientToScreen
SetWindowLongA
SetTimer
ShowWindow
GetWindowPlacement
SetWindowTextW
CreateWindowExW
SetActiveWindow
MonitorFromRect
SetWindowPos
GetDC
DestroyWindow
LoadCursorA
GetFocus
GetWindowRect
DispatchMessageA
SetPropA
RemovePropA
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowThreadProcessId

gdi32

GetStockObject
GetDeviceCaps

shell32

ShellExecuteW
DragAcceptFiles
SHCreateDirectoryExW

winmm

PlaySoundA

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 17.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

117343435ea6ea6e29929ee27c3d6b4e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api

ole32

d3d11

d3dcompiler_47

comdlg32

dinput8

oleaut32

netapi32

iphlpapi

kernel32

user32

gdi32

shell32

winmm

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 115KB - Virtual size: 17.2MB

.gfids Size: 512B - Virtual size: 488B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 265KB - Virtual size: 265KB

.reloc Size: 132KB - Virtual size: 131KB

.bind Size: 166KB - Virtual size: 166KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 115KB - Virtual size: 17.2MB

.gfids
Size: 512B - Virtual size: 488B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 265KB - Virtual size: 265KB

.reloc
Size: 132KB - Virtual size: 131KB

.bind
Size: 166KB - Virtual size: 166KB