2024-05-08_fc86bf504ab92c5f57e94760dbd769f8_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-08_fc86bf504ab92c5f57e94760dbd769f8_avoslocker_revil
Size

4.5MB
MD5

fc86bf504ab92c5f57e94760dbd769f8
SHA1

725a0c6084dacf762f53787b10375a69521e3e19
SHA256

1a24ce1e68211b6b034dc4900a6acaae9d883a0693f856abdd28bf89e02bac93
SHA512

b4368482ce129c345e74c7654a3353092ab42d13ec39dbe59bb06cefe286efd1b81b5438ded30539ababe4ea95911b162d6efe574ae77e5b51dff826f64083bc
SSDEEP

98304:p75yQyg2N4V8HT/fhSr4iIDmV70gQLklhG/2fQ8y6nQCC2:Gvf8HA/2fQAQCC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-08_fc86bf504ab92c5f57e94760dbd769f8_avoslocker_revil

Files

2024-05-08_fc86bf504ab92c5f57e94760dbd769f8_avoslocker_revil
.exe windows:6 windows x86 arch:x86

129893eed4b4644468659748a2aa11ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\GovDev\agents_data\15\s\Stage\GoverlanSystem\BuildOutputFiles\Release\Mixed\Uninstall.pdb

Imports

kernel32

UnregisterWaitEx
ReleaseSemaphore
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
GetThreadTimes
QueryDepthSList
InterlockedPopEntrySList
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
InitializeSListHead
IsValidLocale
LCMapStringW
GetConsoleCP
SetFilePointerEx
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
SetStdHandle
VirtualQuery
GetCommandLineW
GetCommandLineA
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
CreateTimerQueue
GetSystemDirectoryA
VirtualFree
VirtualAlloc
GetFileType
GetStdHandle
AcquireSRWLockShared
ReleaseSRWLockShared
GetModuleHandleExW
WaitForMultipleObjects
GetDateFormatW
MapViewOfFile
CreateFileMappingW
GetSystemTime
ExitProcess
GetTimeFormatW
CreateThread
GetSystemInfo
GetTimeZoneInformation
GetACP
OpenFileMappingW
ReleaseMutex
CreateMutexW
TryEnterCriticalSection
OutputDebugStringW
GetNativeSystemInfo
FindNextFileW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetUserDefaultLCID
GetTempFileNameW
SearchPathW
GetProfileIntW
GetTickCount
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
GetCurrentDirectoryW
lstrcpyW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
VirtualProtect
GetUserDefaultUILanguage
GetLocaleInfoW
GetVersionExW
GlobalFlags
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
GetCurrentThreadId
CreateEventW
WaitForSingleObject
SetEvent
CopyFileW
MulDiv
GlobalSize
FindResourceW
SizeofResource
LockResource
LoadResource
LocalReAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
LoadLibraryW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
SetLastError
GetCPInfo
LCMapStringEx
EncodePointer
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileExW
LocalAlloc
GetModuleFileNameW
GetWindowsDirectoryW
GetCurrentThread
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
CloseHandle
RemoveDirectoryW
DeleteFileW
GetEnvironmentVariableW
Sleep
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
GetTempPathW
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DecodePointer
EnumSystemLocalesW

user32

NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringW
GetMenuState
GetSubMenu
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetUserObjectInformationW
GetProcessWindowStation
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
CreateMenu
SetWindowPlacement
SetParent
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
EnableWindow
SendMessageW
UnhookWindowsHookEx
SubtractRect
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
GetPropW
RemovePropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
CopyRect
EqualRect
PtInRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
DrawIconEx
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
DestroyIcon
CharUpperW
ClientToScreen
GetDesktopWindow
RealChildWindowFromPoint
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
FillRect
DestroyMenu
GetMenuItemInfoW
InflateRect
SystemParametersInfoW
CopyImage
SendDlgItemMessageA
SetRectEmpty
OffsetRect
PostQuitMessage
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
IntersectRect
TrackMouseEvent
InvalidateRect
LoadImageW
ShowOwnedPopups
SetCursor
DeleteMenu
SetTimer
KillTimer
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
InvertRect
HideCaret
EnableScrollBar
MessageBeep
DrawFocusRect
IsRectEmpty
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
BeginDeferWindowPos
TranslateMDISysAccel
GetWindowRgn
DestroyCursor
GetWindowPlacement
GetIconInfo

gdi32

GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
DeleteDC
GetRgnBox
OffsetRgn
RestoreDC
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetViewportExtEx
GetTextFaceW
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
GetWindowExtEx
GetObjectType
GetPixel
Rectangle
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject
IntersectClipRect
LineTo
PtVisible
RectVisible
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
CreateEllipticRgn

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExW
RegEnumKeyExW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
FreeSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW

uxtheme

GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
VariantTimeToSystemTime
SysAllocString
VariantInit
VarBstrFromDate
VariantChangeType
VariantCopy
VariantClear
LoadTypeLi
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen

bcrypt

BCryptGenRandom

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePalette
GdipBitmapUnlockBits

ws2_32

WSAStartup
gethostbyname
ntohs
getsockopt
closesocket
socket
connect
WSACleanup
htons
ioctlsocket
WSAGetLastError
htonl
inet_addr
inet_ntoa
getservbyname
gethostbyaddr
shutdown
setsockopt
WSASetLastError
send
getservbyport
recv

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

psapi

GetModuleBaseNameW
EnumProcessModules

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 923KB - Virtual size: 922KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

129893eed4b4644468659748a2aa11ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

bcrypt

gdiplus

ws2_32

oleacc

imm32

winmm

psapi

crypt32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 923KB - Virtual size: 922KB

.data Size: 46KB - Virtual size: 70KB

.rsrc Size: 159KB - Virtual size: 159KB

.reloc Size: 228KB - Virtual size: 227KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 923KB - Virtual size: 922KB

.data
Size: 46KB - Virtual size: 70KB

.rsrc
Size: 159KB - Virtual size: 159KB

.reloc
Size: 228KB - Virtual size: 227KB