2024-05-10_d74e2a44e55df97c9e51813dd9b99918_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-10_d74e2a44e55df97c9e51813dd9b99918_avoslocker
Size

11.7MB
MD5

d74e2a44e55df97c9e51813dd9b99918
SHA1

c286b649be8e5b8e78a9b2a37a5ccb0a58d9bac3
SHA256

080babbc28114e6460bc2e96d48fbe1afd90233f7d83906bd057043f9acf957d
SHA512

b8ccae1a4bfb06ec3987b9544743c197aa80bb1a766ec6fbf6549546f42d7735587e09a04bdc488802167b7ea856c9251b0cde4a82c20e264ac4ba043e1fef4b
SSDEEP

196608:lQnq3fL11yJ8GUDw7UjBIQGCMXR7xbtkKEZWg2KX2F/TvvRPmSpdTgCQlkXJNHtr:lQnIkbFBkzsCI329L5nNPuH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-10_d74e2a44e55df97c9e51813dd9b99918_avoslocker

Files

2024-05-10_d74e2a44e55df97c9e51813dd9b99918_avoslocker
.exe windows:6 windows x86 arch:x86

94ef5d1ccba6bca0ce4a60c0c849dec6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\dbog-source\DboClient\DragonBall\Client.pdb

Imports

winmm

timeGetTime

d3dx9_27

D3DXCreateEffect
D3DXMatrixTranslation
D3DXVec3Transform
D3DXMatrixRotationYawPitchRoll
D3DXVec3TransformCoord
D3DXVec3TransformNormal
D3DXMatrixMultiplyTranspose
D3DXMatrixTranspose
D3DXVec4Transform
D3DXVec3Normalize
D3DXQuaternionSlerp
D3DXPlaneNormalize
D3DXPlaneFromPoints
D3DXCreateEffectFromFileA
D3DXMatrixPerspectiveFovLH
D3DXVec3CatmullRom
D3DXMatrixRotationZ
D3DXMatrixMultiply
D3DXAssembleShader

devil

ilSaveImage
ilLoadImage
ilInit
ilShutDown

kernel32

SetErrorMode
GetDiskFreeSpaceA
SetEndOfFile
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetStdHandle
RemoveDirectoryW
CreatePipe
CreateFileW
MoveFileExW
GetFileAttributesExW
GetExitCodeProcess
DeleteFileW
CreateEventA
SetFilePointer
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetOverlappedResult
InterlockedExchangeAdd
InterlockedCompareExchange
InterlockedExchange
CreateSemaphoreA
ResumeThread
SuspendThread
CloseHandle
WaitForSingleObject
Sleep
InitializeCriticalSection
FindNextFileA
SetCurrentDirectoryA
CreateMutexA
GetCurrentThread
IsBadWritePtr
FormatMessageA
GetCurrentProcess
OutputDebugStringA
GetModuleFileNameA
SetUnhandledExceptionFilter
CreateDirectoryA
FindClose
FindFirstFileA
GetCurrentDirectoryA
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
MultiByteToWideChar
GetTickCount
GetACP
WideCharToMultiByte
DeleteFileA
GetConsoleCP
FlushFileBuffers
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
ReleaseSemaphore
ReleaseMutex
SetThreadPriority
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
SetThreadAffinityMask
GetSystemDirectoryA
GetDateFormatW
WriteFile
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
CreateProcessW
DuplicateHandle
GetTempPathW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFullPathNameW
GetDriveTypeW
lstrlenA
ReadFile
LoadLibraryExW
TlsFree
TlsSetValue
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameA
GlobalAlloc
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
lstrcmpiA
GetCPInfo
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
GetLocalTime
LoadLibraryExA
SetFileAttributesA
GetFileAttributesA
FormatMessageW
CreateFileA
GetFileSize
GlobalMemoryStatus
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
AllocConsole
SetConsoleMode
SetConsoleTitleA
SetConsoleTextAttribute
WriteConsoleA
GetConsoleTitleA
FreeConsole
GetSystemDirectoryW
LoadLibraryW
CompareStringA
HeapAlloc
GetProcessHeap
HeapFree
GetLocaleInfoW
IsProcessorFeaturePresent
GlobalLock
GlobalUnlock
GlobalFree
QueryPerformanceCounter
lstrcpyW
LocalFree
GetLogicalDrives
GetDriveTypeA
QueryPerformanceFrequency
K32GetProcessMemoryInfo
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
TerminateProcess

user32

GetFocus
GetKeyState
FillRect
AdjustWindowRect
CreateWindowExA
GetWindowRect
GetClientRect
SetWindowPos
SystemParametersInfoA
UpdateWindow
SetWindowLongA
CharUpperA
DestroyWindow
BeginPaint
EndPaint
DefWindowProcA
PeekMessageA
GetKeyboardLayoutList
TranslateMessage
DispatchMessageA
DestroyAcceleratorTable
GetDC
EmptyClipboard
OpenClipboard
SendMessageW
GetKeyboardLayout
GetDoubleClickTime
SetDoubleClickTime
SetWindowLongW
IsWindowVisible
GetMenu
AdjustWindowRectEx
GetWindowLongW
GetClipboardData
ScreenToClient
DrawMenuBar
PostMessageW
CloseClipboard
TranslateAcceleratorA
SetClipboardData
FindWindowA
wvsprintfA
GetSystemMetrics
RegisterClassA
LoadIconA
SetCapture
ReleaseCapture
MessageBoxA
LoadAcceleratorsA
GetCursorPos
SetCursorPos
ShowCursor
SetCursor
SetClassLongA
LoadCursorFromFileA
LoadCursorA
PostQuitMessage
MapVirtualKeyA
IsIconic
RegisterWindowMessageA
DeleteMenu
GetSystemMenu
ShowWindow
ReleaseDC
GetKeyboardState
ToAscii
GetAsyncKeyState

shell32

ShellExecuteExA
DragAcceptFiles

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

fmod

?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH0@Z
?setPaused@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?set3DAttributes@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@00@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PAVSound@2@PAVChannelGroup@2@_NPAPAVChannel@2@@Z
?set3DListenerAttributes@System@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_VECTOR@@000@Z
?get3DListenerAttributes@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAUFMOD_VECTOR@@000@Z
?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@_NPAPAVDSPConnection@2@@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?setVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?set3DSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@MMM@Z
?setStreamBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
FMOD_System_Create
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?addDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@HPAVDSP@2@@Z
?setMute@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getName@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PADH@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@DSP@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?createDSPByType@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_DSP_TYPE@@PAPAVDSP@2@@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?getMute@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setPitch@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getNumChannels@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?isPlaying@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?getMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?stop@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?get3DAttributes@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_VECTOR@@00@Z
?get3DMinMaxDistance@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAM0@Z
?set3DMinMaxDistance@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getMode@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z

bugtrap

BT_SetFlags
BT_SetAppVersion
BT_SetAppName
BT_AddLogFile
BT_SetSupportURL
BT_SetSupportServer

discord-rpc

Discord_UpdatePresence
Discord_RunCallbacks
Discord_Initialize
Discord_Shutdown

netapi32

NetWkstaTransportEnum
NetApiBufferFree

ddraw

DirectDrawCreateEx

ws2_32

ntohl
gethostname
recvfrom
sendto
inet_addr
socket
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
htonl
accept
ntohs
htons
recv
send
connect
setsockopt
ioctlsocket
listen
bind
WSASocketA
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACloseEvent
closesocket
shutdown
WSACleanup
WSAStartup
WSAGetLastError
inet_ntoa
gethostbyname

imm32

ImmGetConversionStatus
ImmSetConversionStatus
ImmReleaseContext
ImmGetContext

d3dx9_42

D3DXLoadSurfaceFromSurface
D3DXCompileShader
D3DXLoadSurfaceFromMemory

d3d9

Direct3DCreate9

gdi32

SetViewportOrgEx
SetWindowOrgEx
GetDeviceCaps
SetMapMode
CreateFontIndirectW
DeleteObject
CreateSolidBrush
SetTextColor
TextOutW
GetDeviceGammaRamp
SetDeviceGammaRamp
GetTextExtentPoint32W
ModifyWorldTransform
RemoveFontResourceExW
AddFontResourceExW
GetTextMetricsW
DeleteDC
SetTextAlign
SetBkMode
SelectObject
CreateDIBSection
CreateCompatibleDC
DPtoLP
SetGraphicsMode

advapi32

CryptDestroyHash
CryptSetKeyParam
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 223KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94ef5d1ccba6bca0ce4a60c0c849dec6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

d3dx9_27

devil

kernel32

user32

shell32

ole32

oleaut32

fmod

bugtrap

discord-rpc

netapi32

ddraw

ws2_32

imm32

d3dx9_42

d3d9

gdi32

advapi32

Sections

.text Size: 9.5MB - Virtual size: 9.5MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 223KB - Virtual size: 760KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 523KB - Virtual size: 523KB

.text
Size: 9.5MB - Virtual size: 9.5MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 223KB - Virtual size: 760KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 523KB - Virtual size: 523KB