2024-05-02_8b56db8bd22368fdb0aa016dec06fc12_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_8b56db8bd22368fdb0aa016dec06fc12_avoslocker
Size

1.8MB
MD5

8b56db8bd22368fdb0aa016dec06fc12
SHA1

b11359b9f8183853c4acc102bfdb383dfbaf2906
SHA256

05a1726a6afdaa140004017233b62b5ad55f491d9531e24a349e0cecbe86cf1f
SHA512

9ebc688967cdaf8408c15bf97a4018a59f6bf04be17844cbd77fae403957df27353ec20cc72da0f2262f53441f88d9f0e55ce895d86f32587331dbf36e7726ce
SSDEEP

24576:MpizyKNiiCYbTk0nu2nlw6WJyyRKTZuSxlx8:PzyKNlC8Tk0nV6JaTzu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-02_8b56db8bd22368fdb0aa016dec06fc12_avoslocker

Files

2024-05-02_8b56db8bd22368fdb0aa016dec06fc12_avoslocker
.exe windows:5 windows x86 arch:x86

1e53945c364de71726880d4f01b809c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\ccd-app\main\native\win32\build\msvs_win32\Release\x86\sym\ADSCustomHook\ADSCustomHook\ADSCustomHook.pdb

Imports

kernel32

DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
GetModuleFileNameW
DeleteCriticalSection
WriteConsoleW
SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
GetFileType
GetCurrentProcessId
FindFirstFileW
FindNextFileW
WriteFile
SetFilePointer
GetTempPathW
CreateFileW
GetCurrentThreadId
DeleteFileW
CloseHandle
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetVersionExW
CreateEventW
GetProcAddress
LocalFree
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
ReadFile
FindClose
GetFileAttributesW
SetFileAttributesW
MoveFileExW
FlushFileBuffers
GetFileSizeEx
MultiByteToWideChar
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
WideCharToMultiByte
GetDateFormatW
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenMutexW
GetFileInformationByHandle
GetUserDefaultLangID
GetUserDefaultUILanguage
HeapFree
SetLastError
TerminateProcess
HeapSize
SetEvent
HeapReAlloc
ResetEvent
HeapAlloc
GetProcessHeap
FreeLibrary
LCMapStringW
GetUserDefaultLCID
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetStdHandle

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFolderLocation
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRenameExtensionW
PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathAppendW
PathFileExistsW

oleaut32

VariantClear

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e53945c364de71726880d4f01b809c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

version

shlwapi

oleaut32

Sections

.text Size: 242KB - Virtual size: 242KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 242KB - Virtual size: 242KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB