2024-05-02_13bc610729dbd6ca2122d6d7419ec53d_avoslocker_floxif_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_13bc610729dbd6ca2122d6d7419ec53d_avoslocker_floxif_metamorfo
Size

2.6MB
MD5

13bc610729dbd6ca2122d6d7419ec53d
SHA1

d9d542e397486c80345e8811d384e583093c884d
SHA256

b0a090c10d48b99007ade7cf83cc1184d194c3290f6a3bec52d018561324d55b
SHA512

f20a317b40d1c86a3e3012aba6ec325d04ac8c267bb0122dd6f6d000ef16916c4718db0b4b734864e88d49fb0aee8082b121264627c30f9d9c8c88a8374ae5d0
SSDEEP

49152:gKwPLOASC460DSLQuFsd8D8OD6R0fPFYUtiuqyTDJpOReACSW:ghTOASC460DmtFsd8gODS0fPFYUtiull

Score

1^/10

Malware Config

Signatures

Files

2024-05-02_13bc610729dbd6ca2122d6d7419ec53d_avoslocker_floxif_metamorfo
.exe windows:5 windows x86 arch:x86

535b47362919b32acb13737e435788d7

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:8c:90:7a:c1:bd:b6:36:ef:67:15:e3:fe:a4:81:f1:1e:67:b9:f4:cb:d1:17:98:d9:d8:fb:cd:0c:4a:d9:61
Signer

Actual PE Digest

bf:8c:90:7a:c1:bd:b6:36:ef:67:15:e3:fe:a4:81:f1:1e:67:b9:f4:cb:d1:17:98:d9:d8:fb:cd:0c:4a:d9:61

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Adobe Desktop Service.pdb

Imports

psapi

EnumProcesses
GetModuleBaseNameW

crclient

?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetTempFileNameW
GetStringTypeW
SwitchToThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
VirtualQuery
GetSystemInfo
HeapQueryInformation
ExitThread
SearchPathW
GetTimeZoneInformation
GetModuleHandleExW
ExitProcess
RtlUnwind
VirtualAlloc
FreeLibraryAndExitThread
ReleaseMutex
GetProfileIntW
GetWindowsDirectoryW
GetTickCount
GetCommandLineA
GetFileTime
GetFileAttributesExW
WriteConsoleW
FileTimeToLocalFileTime
SetErrorMode
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
VirtualProtect
Sleep
GlobalGetAtomNameW
GetThreadLocale
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GlobalFlags
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
MulDiv
GlobalSize
GlobalUnlock
CompareStringW
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
LoadLibraryExW
GetModuleHandleA
GetCurrentThread
OutputDebugStringA
OpenMutexW
GetDateFormatW
SystemTimeToFileTime
GetTimeFormatW
GetLocalTime
FileTimeToSystemTime
GetFileSizeEx
LCMapStringW
LoadLibraryA
GetUserDefaultLCID
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
FreeLibrary
LoadLibraryW
GetCurrentThreadId
SetFilePointer
FormatMessageW
QueryFullProcessImageNameW
GetThreadTimes
lstrcpyW
CreateProcessW
ResetEvent
FindResourceExW
GlobalFree
Process32FirstW
GlobalAlloc
Process32NextW
CreateToolhelp32Snapshot
DuplicateHandle
TerminateProcess
GetCurrentProcess
SetLastError
FlushFileBuffers
lstrcmpW
CopyFileW
GetFileSize
MoveFileExW
FindResourceW
LoadResource
DeleteFileW
LockResource
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetTempPathW
GetModuleFileNameW
WriteFile
GetFullPathNameW
SizeofResource
ReadFile
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
FindClose
lstrlenW
FindNextFileW
FindFirstFileW
lstrcmpiW
CreateThread
SetEvent
CreateEventW
OpenProcess
WaitForMultipleObjects
SetDllDirectoryW
GetProcessHeap
UnregisterApplicationRestart
HeapAlloc
HeapReAlloc
HeapSize
GetCommandLineW
HeapFree
DecodePointer
RaiseException
InitializeCriticalSectionEx
CreateSemaphoreW
GetCurrentProcessId
LocalFree
CloseHandle
OpenSemaphoreW
GetLastError
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
IsValidLocale
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
GetLocaleInfoA
EnumSystemLocalesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetACP
GetProcAddress
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
LocalAlloc

user32

GetLastActivePopup
RegisterWindowMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetParent
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetWindowLongW
MessageBoxW
IsWindowEnabled
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
SendMessageW
PeekMessageW
PostMessageW
GetWindowThreadProcessId
PostThreadMessageW
AllowSetForegroundWindow
IsWindowVisible
EnableWindow
IsCharLowerW
GetDoubleClickTime
DrawIcon
InvertRect
HideCaret
GetIconInfo
GetKeyNameTextW
FrameRect
CopyIcon
ModifyMenuW
CharUpperBuffW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongW
LockWindowUpdate
SetParent
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
RegisterClipboardFormatW
ReuseDDElParam
UnpackDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
GetMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
UnregisterClassW
wsprintfW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetComboBoxInfo
GetWindowRgn
RedrawWindow
SetMenuDefaultItem
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
GetSystemMenu
LoadMenuW
IsZoomed
TrackMouseEvent
EnumDisplayMonitors
SetLayeredWindowAttributes
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
GetAsyncKeyState
OffsetRect
SetRectEmpty
SendDlgItemMessageA
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
GetSysColorBrush
GetSystemMetrics
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
SystemParametersInfoW
CopyImage
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
ClientToScreen
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
FillRect
InvalidateRect
DrawStateW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
MapDialogRect
SetWindowContextHelpId
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
UnhookWindowsHookEx
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange

advapi32

InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
LookupAccountSidW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
ConvertSidToStringSidW

ole32

OleUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoGetClassObject
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
CreateStreamOnHGlobal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CLSIDFromString
OleRun
CLSIDFromProgID
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize

shell32

ord51
SHGetFileInfoW
DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHBrowseForFolderW
CommandLineToArgvW
DragFinish

oleaut32

SysAllocString
SysStringLen
VariantChangeType
VariantClear
SysFreeString
VarBstrFromDate
LoadTypeLi
VariantInit
VariantCopy
SysAllocStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
GetErrorInfo
SafeArrayDestroy

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathIsDirectoryW
PathRemoveExtensionW
PathAddExtensionW
PathIsFileSpecW
PathRenameExtensionW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

gdi32

CreateSolidBrush
DeleteObject
GetStockObject
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
GetObjectW
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CreateRoundRectRgn
CreateDIBSection
CombineRgn
GetMapMode
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
OffsetWindowOrgEx

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comctl32

InitCommonControlsEx

uxtheme

IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetCurrentThemeName
GetThemeColor
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeSysColor
DrawThemeParentBackground
DrawThemeText
IsAppThemed

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImagePalette
GdipDeleteGraphics
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageWidth
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

535b47362919b32acb13737e435788d7

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

bf:8c:90:7a:c1:bd:b6:36:ef:67:15:e3:fe:a4:81:f1:1e:67:b9:f4:cb:d1:17:98:d9:d8:fb:cd:0c:4a:d9:61Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

crclient

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

msimg32

winspool.drv

comctl32

uxtheme

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 473KB - Virtual size: 472KB

.data Size: 26KB - Virtual size: 45KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 152KB - Virtual size: 152KB

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

bf:8c:90:7a:c1:bd:b6:36:ef:67:15:e3:fe:a4:81:f1:1e:67:b9:f4:cb:d1:17:98:d9:d8:fb:cd:0c:4a:d9:61
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 473KB - Virtual size: 472KB

.data
Size: 26KB - Virtual size: 45KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 152KB - Virtual size: 152KB