2024-05-04_f009604e0eae655b14cc2afdb12958ba_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-04_f009604e0eae655b14cc2afdb12958ba_avoslocker
Size

1.2MB
MD5

f009604e0eae655b14cc2afdb12958ba
SHA1

39efc207d34c74e91ba2b6f4c1829e3e8cfbdda2
SHA256

e7f78ae79252783053ccf33d392924ca14fec07efdf58201e1b8cb4619ee8ee3
SHA512

16e8b43917680686a243e9a12a61ddc2ba90bf4bda10039641d68bca088527a8503346d6d387e85f34784b13f082ebbc3cee9a56e90a371063359736d62f007c
SSDEEP

24576:9Mbnt2eRf7qZvsfNbqMwl180sjFGwt2rR8FfBhRJUEbDk1ulUP:9MLzqZaqMwM0sgwt2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_f009604e0eae655b14cc2afdb12958ba_avoslocker

Files

2024-05-04_f009604e0eae655b14cc2afdb12958ba_avoslocker
.exe windows:6 windows x86 arch:x86

8b19c3210a94d6bf884df015fb45d16d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bamboo-agent-home\xml-data\build-dir\PGSC-MON-JOB1\monolith\Build\ProtectorGamesApp\Release\GameLauncher.pdb

Imports

kernel32

WriteFile
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileSectionNamesW
GetGeoInfoW
GetUserGeoID
GetUserDefaultUILanguage
TerminateThread
CreateDirectoryW
GetTickCount
OpenMutexW
GetSystemInfo
OpenFileMappingW
FormatMessageA
GetModuleHandleA
GetFileAttributesW
GetFileSizeEx
GetFullPathNameW
FindResourceExW
LoadResource
CreateMutexA
GetCurrentDirectoryW
FindClose
FindNextFileW
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToFileTime
GetPrivateProfileStringW
OutputDebugStringW
SetLastError
GetCurrentProcessId
OpenMutexA
CreateFileMappingA
OpenFileMappingA
FlushFileBuffers
SetFilePointerEx
GetVolumeInformationA
DeviceIoControl
GetWindowsDirectoryA
WriteConsoleW
SetEnvironmentVariableW
GetFileSize
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
DeleteFileW
CreateFileW
K32EnumProcesses
GetModuleFileNameW
VirtualQuery
GetNativeSystemInfo
GetVersionExW
DuplicateHandle
CreateEventW
GetExitCodeThread
GetExitCodeProcess
WaitForMultipleObjects
CreateRemoteThread
FlushInstructionCache
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
UnmapViewOfFile
MapViewOfFile
IsWow64Process
ReadFile
SetFilePointer
CreateFileA
DecodePointer
RaiseException
InitializeCriticalSectionEx
OpenEventW
QueryUnbiasedInterruptTime
ResumeThread
AssignProcessToJobObject
CreateProcessW
SetInformationJobObject
GetLastError
CreateJobObjectW
SetEvent
GetCurrentThread
GetProcAddress
GetModuleHandleW
GetCurrentProcess
CheckRemoteDebuggerPresent
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
K32GetProcessImageFileNameW
OpenProcess
QueryInformationJobObject
CloseHandle
TerminateJobObject
CreateFileMappingW
CreateMutexW
GetCurrentThreadId
OpenThread
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetTickCount64
ResetEvent
LocalFree
LoadLibraryExW
FreeLibrary
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
SetEndOfFile
FreeEnvironmentStringsW

user32

FindWindowA
GetSystemMetrics
IsWindowVisible
GetForegroundWindow
PeekMessageW
GetWindowThreadProcessId
MsgWaitForMultipleObjectsEx
DispatchMessageW
CreateDialogParamW
DestroyWindow
LoadIconW
BroadcastSystemMessageW
MessageBoxW
SetWindowTextW
RegisterWindowMessageA
TranslateMessage
PostQuitMessage
SetDlgItemTextW
GetDlgItem
EnumDisplaySettingsW
GetDC
ShowWindow
SetForegroundWindow
BringWindowToTop
SetFocus
AttachThreadInput
ReleaseDC
GetClassNameA
PostMessageW
FindWindowW
SendMessageW
IsWindow
ChangeDisplaySettingsW

gdi32

GetDeviceCaps

advapi32

RegQueryValueExW
CryptGetHashParam
RegSetValueExA
RegSetKeySecurity
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
ImpersonateSelf
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
CryptGenRandom
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
RevertToSelf
ImpersonateLoggedOnUser
OpenThreadToken
OpenProcessToken
RegOpenKeyExW
RegCloseKey
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
SysFreeString

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

wininet

InternetConnectA
InternetQueryOptionA
InternetReadFile
InternetGetLastResponseInfoA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA

ws2_32

WSAStartup
gethostbyname
ntohl

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gchr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b19c3210a94d6bf884df015fb45d16d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

secur32

wininet

ws2_32

iphlpapi

rpcrt4

Sections

.text Size: 373KB - Virtual size: 373KB

.pecode Size: 53KB - Virtual size: 53KB

.pccode Size: 10KB - Virtual size: 10KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 3KB - Virtual size: 9KB

.gchr Size: 4KB - Virtual size: 3KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 588KB - Virtual size: 592KB

.text
Size: 373KB - Virtual size: 373KB

.pecode
Size: 53KB - Virtual size: 53KB

.pccode
Size: 10KB - Virtual size: 10KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 3KB - Virtual size: 9KB

.gchr
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 588KB - Virtual size: 592KB