2024-05-04_2e44ca8f1474351ac7ae66bc19bc96ff_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-04_2e44ca8f1474351ac7ae66bc19bc96ff_avoslocker
Size

2.4MB
MD5

2e44ca8f1474351ac7ae66bc19bc96ff
SHA1

58cb80324d2b1f8a7ea41a40133f335b94a2c7a9
SHA256

461c672ddb57179389555bbc2fb9172f97ccc6ff82b86e21a5c94765747ede86
SHA512

fa6c6944a182e3468f3d95a72c8faa0433fa31b4bb603bc4809318b9dda391155fdf8a4630dd102302a00c0f70d57ab048960094fc517f014441fb85998147cf
SSDEEP

49152:7e45CaOKfXT/v+ifTOotdGKaPvDwAHEv/YTecG72Vq5T9jFT3T1THTITwT1TXT/e:xfOKfX6bNEv/yPGU

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_2e44ca8f1474351ac7ae66bc19bc96ff_avoslocker

Files

2024-05-04_2e44ca8f1474351ac7ae66bc19bc96ff_avoslocker
.exe windows:6 windows x86 arch:x86

bbe63ce58d45577ef26a85fb07c18851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA
RasGetConnectStatusA

kernel32

GetModuleHandleExW
LoadLibraryExW
RtlUnwind
GetStringTypeW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
VirtualQuery
RaiseException
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GetCommandLineW
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
InterlockedDecrement
InterlockedIncrement
HeapSize
HeapQueryInformation
IsValidCodePage
GetACP
SetStdHandle
GetFileType
GetStdHandle
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
FileTimeToSystemTime
SetLastError
GetTimeZoneInformation
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32EnumProcessModulesEx
OpenProcess
QueryDosDeviceW
VirtualFreeEx
CreateFileMappingW
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
VirtualAlloc
GetFileSize
FindNextFileW
FindFirstFileW
LoadLibraryW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetLocalTime
GetCurrentProcess
IsDebuggerPresent
SetFilePointer
CreateFileW
CreateEventW
GlobalAddAtomW
GetTickCount64
GetModuleHandleW
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
GlobalSize
WriteConsoleW
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
WritePrivateProfileStringA
CreateThread
CreateEventA
ResetEvent
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GlobalFlags

user32

LoadIconW
CallNextHookEx
SetWindowsHookExW
CallWindowProcA
SetWindowTextW
MoveWindow
MessageBoxW
GetAncestor
GetClassNameW
GetClassNameA
GetWindowTextW
GetDlgItem
RegisterClassA
RegisterWindowMessageW
PostThreadMessageW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
LoadCursorW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
RemovePropW
GetPropW
ShowScrollBar
GetScrollPos
ScrollWindow
EndPaint
BeginPaint
GetWindowDC
DrawTextW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
TrackMouseEvent
SetPropW
CallWindowProcW
PostMessageW
SendMessageW
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
GetSysColorBrush
LoadStringA
GetDesktopWindow
SetWindowTextA
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
AdjustWindowRectEx
GetMenuItemCount
GetMenuItemID
CreateWindowExA
MapWindowPoints
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
GetWindowThreadProcessId
IsWindowEnabled
EnumWindows
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
ReleaseCapture
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
SetWindowsHookExA
UnregisterClassA
GetWindowTextLengthW
GetMenuCheckMarkDimensions
GetWindowTextA
GetWindowTextLengthA
CharUpperA
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement

gdi32

BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
FillRgn
CreateBitmap
CreateDIBitmap
SelectObject
GetObjectA
CreatePen
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
GetWindowOrgEx
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
GetViewportOrgEx
GetWindowExtEx
GetTextMetricsA
CreateDIBSection
CreateRectRgnIndirect
SetBkColor
CreateFontIndirectW
LineTo
SetBkMode
MoveToEx
SetTextColor
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
PatBlt

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
CryptAcquireContextA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromString

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

comctl32

ord17
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Read
InitializeFlatSB
ImageList_Destroy
ImageList_GetImageCount
ImageList_Create

ws2_32

WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
inet_ntoa
accept
getpeername
recvfrom
ioctlsocket
recv

gdiplus

GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusStartup
GdipFillRectangleI
GdipCreateSolidFill

wininet

InternetCloseHandle

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseColorA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 837KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbe63ce58d45577ef26a85fb07c18851

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

gdiplus

wininet

comdlg32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 837KB - Virtual size: 836KB

.data Size: 75KB - Virtual size: 189KB

.msvcjmc Size: 3KB - Virtual size: 3KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 837KB - Virtual size: 836KB

.data
Size: 75KB - Virtual size: 189KB

.msvcjmc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 65KB - Virtual size: 65KB