2024-05-03_b74734a2a09ee53671aea7151bd7834f_avoslocker_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-03_b74734a2a09ee53671aea7151bd7834f_avoslocker_magniber_revil
Size

25.4MB
MD5

b74734a2a09ee53671aea7151bd7834f
SHA1

ef8674b81f7759904db0bfcc8f64adce2cef96b5
SHA256

fff09d53e800051e1caa3579e65f7a3e58b82296551716a5acf62109380db3fd
SHA512

5525dc90a8a13679ab6c09f4fa40600987ead2327d181768ab812549ee730130febb1122f0ed5fb2e2f6827d654f78e939a9ef663178778a7964693f6add2969
SSDEEP

393216:8ZQGL2k45bVSQRQm0LuFiCBIkzY6HMFgXnU7sElXy:8Z52X5JSQRQm0yFlBIkzYMtXnas

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-03_b74734a2a09ee53671aea7151bd7834f_avoslocker_magniber_revil

Files

2024-05-03_b74734a2a09ee53671aea7151bd7834f_avoslocker_magniber_revil
.exe windows:5 windows x86 arch:x86

b8e64c60930d9f3d0dedc4e6d31d98cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord127

kernel32

GetVersionExA
CreateEventW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMessageW

shell32

SHChangeNotify

ole32

CoCreateInstance

shlwapi

wnsprintfW

crypt32

CertEnumCertificatesInStore

comctl32

_TrackMouseEvent

ws2_32

WSAEnumNetworkEvents

gdi32

GetCharABCWidthsW

advapi32

CryptSetHashParam

oleaut32

VariantInit

gdiplus

GdipImageGetFrameDimensionsCount

imm32

ImmGetContext

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8e64c60930d9f3d0dedc4e6d31d98cc

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

shell32

ole32

shlwapi

crypt32

comctl32

ws2_32

gdi32

advapi32

oleaut32

gdiplus

imm32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 568KB - Virtual size: 567KB

.data Size: 52KB - Virtual size: 73KB

.gfids Size: 1024B - Virtual size: 592B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: 279KB - Virtual size: 278KB

.vmp1 Size: 113KB - Virtual size: 112KB

.reloc Size: 108KB - Virtual size: 107KB

.rsrc Size: 22.1MB - Virtual size: 22.1MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 568KB - Virtual size: 567KB

.data
Size: 52KB - Virtual size: 73KB

.gfids
Size: 1024B - Virtual size: 592B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: 279KB - Virtual size: 278KB

.vmp1
Size: 113KB - Virtual size: 112KB

.reloc
Size: 108KB - Virtual size: 107KB

.rsrc
Size: 22.1MB - Virtual size: 22.1MB