privateloader | 2024-05-03_18d236cb9faf9e31a72f297f75b9bfa3_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-03_18d236cb9faf9e31a72f297f75b9bfa3_avoslocker_revil
Size

20.7MB
MD5

18d236cb9faf9e31a72f297f75b9bfa3
SHA1

729282047a13ead1313005d81886b0a5e9f395fd
SHA256

a4bbadcabc1d4a8507d7d003cd2a73b5dbd21511220d3f5413a072b2c93c5b82
SHA512

0d9ae90ee73fc8569506803bd7de7efd7e0b0d80d88494c30458d0475d0882266908f8aec2a84f2a01f698d1c5e6df0c92dee5b3e95718b7d3a3b3917f4523f4
SSDEEP

196608:zBCuTzUJ0IopC0onGLG5wOTquAMtaGKdXMKbJsv6tWKFdu9CTKFErTD:zBLIsLpO2UtV8XMcJsv6tWKFdu9Cd

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-03_18d236cb9faf9e31a72f297f75b9bfa3_avoslocker_revil

Files

2024-05-03_18d236cb9faf9e31a72f297f75b9bfa3_avoslocker_revil
.exe windows:6 windows x86 arch:x86

94c15558e0d2389d969b81bd503f616d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeBool
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
GetThemeSysFont
SetWindowThemeAttribute
DrawThemeTextEx

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmDefWindowProc
DwmExtendFrameIntoClientArea

gdi32

GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
GetBitmapBits
SwapBuffers
GetPixelFormat
DescribePixelFormat
SetPixelFormat
GetCharABCWidthsFloatW
CreateBitmap
CreateDCW
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
CombineRgn
SetLayout
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
GetDeviceCaps
CreateCompatibleBitmap
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
ChoosePixelFormat
GetObjectW

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VariantCopy
SysFreeString
SafeArrayPutElement
SafeArrayCreateVector

imm32

ImmGetDefaultIMEWnd
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx

iphlpapi

GetAdaptersAddresses
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToGuid
ConvertInterfaceIndexToLuid

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore

user32

CharUpperW
SendMessageTimeoutW
GetWindowThreadProcessId
PostThreadMessageW
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
RegisterDeviceNotificationW
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
UnregisterDeviceNotification
EnumWindows
PostMessageW
EnumDisplayMonitors

ws2_32

listen
select
setsockopt
htons
WSAAccept
WSAConnect
WSAHtonl
closesocket
getsockname
getpeername
WSAGetLastError
bind
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
ntohl
htonl
WSAAsyncSelect
__WSAFDIsSet
WSARecv
WSAIoctl
WSANtohl
WSANtohs
gethostname
WSARecvFrom
WSASend
WSASendTo
WSASocketW
recv
send
WSASetLastError
WSAStartup
WSACleanup

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegNotifyChangeKeyValue
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges
OpenProcessToken
CryptEnumProvidersW
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
AccessCheck
CopySid
DuplicateToken
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW

mpr

WNetGetUniversalNameA

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

kernel32

SetFilePointerEx
GetLogicalDrives
WriteFileEx
SleepEx
CancelIoEx
ReadFileEx
RegisterWaitForSingleObject
UnregisterWaitEx
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetTickCount64
QueryPerformanceFrequency
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
GetProcessId
Sleep
WaitForSingleObjectEx
DuplicateHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocalTime
GetStartupInfoW
CopyFileW
IsProcessorFeaturePresent
OutputDebugStringW
GetNativeSystemInfo
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
QueryPerformanceCounter
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
MoveFileExW
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetHandleInformation
CreateNamedPipeW
ConnectNamedPipe
GlobalFree
WaitNamedPipeW
DisconnectNamedPipe
CreateFileMappingW
VirtualProtect
GetTimeZoneInformation
ExitProcess
GetConsoleWindow
LocalAlloc
GetVolumeInformationW
GetUserDefaultLangID
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
TzSpecificLocalTimeToSystemTime
GetExitCodeProcess
PeekNamedPipe
GetFullPathNameW
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP
GetACP
IsValidCodePage
CancelIo
GetOverlappedResult
GetVolumePathNameW
GetDiskFreeSpaceW
GetFileType
GetFileAttributesW
WaitForMultipleObjects
GetSystemInfo
VirtualFree
VirtualAlloc
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetSystemTimeAsFileTime
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
GetFileInformationByHandle
GetStdHandle
MoveFileW
GetModuleHandleW
GetSystemDirectoryW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
GetProcAddress
DeviceIoControl
WriteFile
UnlockFile
LockFile
FlushFileBuffers
CreateFileW
GetFileInformationByHandleEx
FindFirstFileExW
CompareStringW
LCMapStringW
FindNextChangeNotification
GetGeoInfoW
GetUserGeoID
ReleaseMutex
CreateMutexW
lstrcmpW
TlsSetValue
EncodePointer
DecodePointer
RaiseException
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
RtlUnwind
ExitThread
FreeLibraryAndExitThread
SetStdHandle
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetCommandLineA
GetConsoleOutputCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
SetEnvironmentVariableW
WriteConsoleW
CompareStringEx
HeapSize
FindFirstVolumeW
IsWow64Process
FileTimeToSystemTime
TerminateProcess
WaitForSingleObject
SetErrorMode
GetVolumePathNamesForVolumeNameW
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceExA
FindVolumeClose
FreeConsole
GetConsoleProcessList
GetCommandLineW
CloseHandle
GetLastError
GetCurrentProcess
CreateProcessW
LocalFree
FormatMessageW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetEnvironmentVariableW
OpenProcess
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindNextVolumeW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal

shell32

ShellExecuteExW
SHGetFolderLocation
SHChangeNotify
SHGetFolderPathW
SHGetFileInfoW
SHGetStockIconInfo
ord727
ShellExecuteW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetMalloc
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord155
SHGetKnownFolderPath
CommandLineToArgvW
SHParseDisplayName

winmm

PlaySoundW
timeKillEvent
timeSetEvent

bcrypt

BCryptGenRandom
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDeriveKeyPBKDF2
BCryptDestroyKey
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey

Sections

.text
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94c15558e0d2389d969b81bd503f616d

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

gdi32

oleaut32

imm32

iphlpapi

crypt32

user32

ws2_32

advapi32

mpr

userenv

version

netapi32

kernel32

ole32

shell32

winmm

bcrypt

Sections

.text Size: 13.2MB - Virtual size: 13.2MB

.rdata Size: 5.6MB - Virtual size: 5.6MB

.data Size: 242KB - Virtual size: 394KB

.qtmetad Size: 512B - Virtual size: 239B

.tls Size: 512B - Virtual size: 13B

.qtmimed Size: 315KB - Virtual size: 315KB

.gfids Size: 1024B - Virtual size: 720B

_RDATA Size: 512B - Virtual size: 304B

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 496KB - Virtual size: 495KB

.text
Size: 13.2MB - Virtual size: 13.2MB

.rdata
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 242KB - Virtual size: 394KB

.qtmetad
Size: 512B - Virtual size: 239B

.tls
Size: 512B - Virtual size: 13B

.qtmimed
Size: 315KB - Virtual size: 315KB

.gfids
Size: 1024B - Virtual size: 720B

_RDATA
Size: 512B - Virtual size: 304B

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 496KB - Virtual size: 495KB