2024-05-04_4abb3e970b32b938fc6c996a076aa6db_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-04_4abb3e970b32b938fc6c996a076aa6db_avoslocker_revil
Size

3.5MB
MD5

4abb3e970b32b938fc6c996a076aa6db
SHA1

075fa4dd302020023119dd572f27e1b97e5433dd
SHA256

d409df623d2edd53b32ee7fdc38b817e09248ebef7ecd18a7e67dcc6cccc49d8
SHA512

2b80ee8d462e86e54f9a8eb55137784799c074fa00c6ee7cef4cb94bd0e312ed69bc99ed1ff3929eb42622a99b4822996b332eddbba2507c4965cabd267a37fd
SSDEEP

98304:n6vYzj/GxZcA3gPAmVT+/gOmtHGD527BWG:GY3KcTIgOmYVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_4abb3e970b32b938fc6c996a076aa6db_avoslocker_revil

Files

2024-05-04_4abb3e970b32b938fc6c996a076aa6db_avoslocker_revil
.exe windows:6 windows x86 arch:x86

9e6e600fbb0491c7421edea48b3c47c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildslave\steam_rel_client_hotfix_win32\build\src\steamUI\gamestream\secure_desktop_capture\Release\secure_desktop_capture.pdb

Imports

kernel32

FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GlobalAlloc
GlobalUnlock
GlobalLock
LocalAlloc
LocalFree
MultiByteToWideChar
WriteConsoleW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
SetStdHandle
HeapAlloc
HeapFree
LCMapStringW
CompareStringW
HeapValidate
HeapSize
SetConsoleCtrlHandler
ExitProcess
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
VirtualQuery
GetCurrentProcessId
Sleep
SetLastError
OutputDebugStringA
WriteFile
FreeEnvironmentStringsW
GetFullPathNameW
FindFirstFileW
FindClose
CreateFileW
LoadLibraryA
GetProcAddress
GetCurrentThreadId
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OpenProcess
GetCurrentProcess
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
GetLastError
CloseHandle
LeaveCriticalSection
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
GetModuleHandleExW
EnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetCurrentDirectoryW
FindNextFileW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
DeleteFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
GetCommandLineW
TerminateProcess
GlobalMemoryStatusEx
VirtualAlloc
GetModuleFileNameA
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
QueryPerformanceFrequency
DuplicateHandle
RaiseException
TryEnterCriticalSection
SwitchToThread
CreateThread
GetCurrentThread
OpenThread
GetExitCodeThread
SetUnhandledExceptionFilter
LoadLibraryExA
LoadLibraryExW
DebugBreak
GetProcessHeaps
SetEnvironmentVariableW
FindFirstFileExW
FlushFileBuffers
GetDriveTypeW
GetFileInformationByHandle
GetFileSizeEx
ReadFile
SetEndOfFile

user32

OpenClipboard
CloseClipboard
SetClipboardData
SetDlgItemInt
GetWindowTextLengthA
GetDesktopWindow
CloseDesktop
OpenDesktopA
GetDlgItemInt
EmptyClipboard
SetDlgItemTextA
GetDlgItem
GetWindowThreadProcessId
EnumWindows
GetShellWindow
GetWindowRect
EndDialog
IsWindowVisible
ReleaseDC
GetDC
SetWindowPos
ShowWindow
GetCursorInfo
LoadCursorA
GetCursorPos
MessageBoxA
GetSystemMetrics
SendInput
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
wsprintfA
DialogBoxParamA

gdi32

GdiFlush
SetBrushOrgEx
CreateDIBSection
SetStretchBltMode
StretchBlt
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt

advapi32

RegisterEventSourceW
ReportEventW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
CreateWellKnownSid
CopySid
AddAccessAllowedAce
OpenProcessToken
DeregisterEventSource

shell32

CommandLineToArgvW

oleaut32

VariantClear

psapi

GetProcessMemoryInfo

bcrypt

BCryptGenRandom

ws2_32

recv
send
WSASetLastError
closesocket
WSAGetLastError
WSACleanup

Exports

Exports

CreateInterface
g_dwDllEntryThreadId

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e6e600fbb0491c7421edea48b3c47c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

psapi

bcrypt

ws2_32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 553KB - Virtual size: 552KB

.data Size: 27KB - Virtual size: 534KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 553KB - Virtual size: 552KB

.data
Size: 27KB - Virtual size: 534KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 648KB - Virtual size: 652KB