2024-05-02_d8ec6735170c1d84654214fbba11abb5_avoslocker_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_d8ec6735170c1d84654214fbba11abb5_avoslocker_magniber
Size

1.2MB
MD5

d8ec6735170c1d84654214fbba11abb5
SHA1

b157dd6e60a18adc93a5fbff1f0a24561d8a1fa0
SHA256

ed28be4235b6bbee62b8ad79070c759f9715dd68d02b280b1ca72527ca65edf8
SHA512

bcdc780debec232d726fc47d140fd26e82b1f10744175c9846b3055686377a456a72b6fb16cab661a8f129998fcdda84ccd5b023fded106f8307a25cf5389f75
SSDEEP

24576:71pycFQkAhQDNsTx7Ou2nlw6WJyyRKTZuSxlx8:Z7QBhQRsTpOV6JaTzu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-02_d8ec6735170c1d84654214fbba11abb5_avoslocker_magniber

Files

2024-05-02_d8ec6735170c1d84654214fbba11abb5_avoslocker_magniber
.exe windows:5 windows x86 arch:x86

4ea65e918c27e4db6ca317fd81f8736c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\ccd-hyperdrive\main\native\win32\build\msvs_win32\Release\x86\sym\Setup\Setup\Setup.pdb

Imports

kernel32

SetDllDirectoryW
GetConsoleWindow
DeleteCriticalSection
DecodePointer
FreeConsole
RaiseException
AttachConsole
GetLastError
InitializeCriticalSectionEx
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
QueryPerformanceFrequency
GetStdHandle
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
WriteFile
SetFilePointer
GetTempPathW
CreateFileW
GetCurrentThreadId
DeleteFileW
CloseHandle
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReadFile
GetFullPathNameW
GetModuleFileNameW
FindClose
GetFileAttributesW
SetFileAttributesW
LocalFree
MoveFileExW
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
Sleep
CreateThread
LoadLibraryW
GetProcAddress
FreeLibrary
GetUserDefaultLangID
GetUserDefaultUILanguage
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetFileInformationByHandle
GetCurrentProcess
GetVersionExW
CreateEventW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
SetEvent
ResetEvent
HeapFree
SetLastError
TerminateProcess
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
LCMapStringW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
InitializeSListHead
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
OutputDebugStringW

user32

SendMessageW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize

crclient

?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z
?SetCRDisplayName@@YA_NPBD@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAddExtensionW
PathIsFileSpecW
PathRenameExtensionW
PathAppendW
PathFileExistsW
PathIsDirectoryW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
GetErrorInfo
VariantClear

Sections

.text
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ea65e918c27e4db6ca317fd81f8736c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

crclient

version

shlwapi

advapi32

shell32

oleaut32

Sections

.text Size: 420KB - Virtual size: 420KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 10KB - Virtual size: 16KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 420KB - Virtual size: 420KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 10KB - Virtual size: 16KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 592KB - Virtual size: 596KB