2024-05-11_5926961cf783859abe186affff1887e9_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-11_5926961cf783859abe186affff1887e9_avoslocker
Size

16.4MB
MD5

5926961cf783859abe186affff1887e9
SHA1

0cb0a3fad7a7e354529cc4d2f17e5c8f81241480
SHA256

7f8d75fe18465e36c91ff85682c54a5496c056f449b0dde1b5b157b81cde39b0
SHA512

afb3998fefd987798bf758d756202ed572c2d7856f003ab3c7550893ae20e22c68e0ab47278127ae91f64a09f923c29088b6fa72558043341c3db56fc38a2f44
SSDEEP

393216:mkfV+21fiHeE5Q0QTLGMfgS/eJsv6tWKFdu9CaH:mkfVPi7Q0UGMfgmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-11_5926961cf783859abe186affff1887e9_avoslocker

Files

2024-05-11_5926961cf783859abe186affff1887e9_avoslocker
.exe windows:6 windows x86 arch:x86

a628fbd0d076a996f79cb91373bb3010

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

dbghelp

SymGetLineFromAddr64
SymInitialize
SymFromAddr

advapi32

RegEnumKeyW
RegFlushKey
RegDeleteKeyW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
DuplicateToken
CopySid
AccessCheck
SystemFunction036
OpenProcessToken
AllocateAndInitializeSid
FreeSid
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

ws2_32

WSAGetLastError
recv
connect
getpeername
closesocket
WSACleanup
bind
send
getsockname
getsockopt
htons
gethostname
setsockopt
socket
WSASetLastError
WSAIoctl
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
gethostbyname
WSAStartup
WSASocketW
shutdown
WSAAsyncSelect
ntohs
WSARecvFrom
WSARecv

shell32

CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
ShellExecuteA
SHGetKnownFolderPath

userenv

GetUserProfileDirectoryW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CryptStringToBinaryA
CertFreeCertificateContext
CertGetCertificateContextProperty
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertOpenStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
PFXIsPFXBlob
CertFindCertificateInStore

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmDefWindowProc
DwmExtendFrameIntoClientArea

uxtheme

SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
IsAppThemed
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemePartSize
GetCurrentThemeName
CloseThemeData
DrawThemeTextEx
SetWindowThemeAttribute
IsThemeActive
GetThemeSysFont
GetThemeColor
DrawThemeBackground
OpenThemeData

netapi32

NetApiBufferFree
NetShareEnum

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SetThreadAffinityMask
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
SystemTimeToTzSpecificLocalTime
ExitThread
GetCommandLineA
HeapFree
HeapAlloc
IsValidLocale
EnumSystemLocalesW
SetErrorMode
GetStdHandle
SetStdHandle
CreateFileW
GetFileAttributesW
GetFileSize
ReadFile
SetFileAttributesW
CloseHandle
DuplicateHandle
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
LocalFree
FormatMessageA
MoveFileExW
GetConsoleScreenBufferInfo
GetVersionExW
IsWow64Process
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetOEMCP
GetCPInfoExW
IsDBCSLeadByteEx
GetConsoleCP
FormatMessageW
GetFileAttributesExW
GetFileTime
SetFileTime
LockFileEx
UnlockFileEx
GetVolumeInformationA
GetSystemDirectoryA
GetWindowsDirectoryA
CreatePipe
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
HeapReAlloc
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
GlobalSize
lstrcmpW
GetUserDefaultLangID
ExitProcess
GetCommandLineW
GetFullPathNameW
CompareFileTime
DeleteFileW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetFileType
GetShortPathNameW
RemoveDirectoryW
SetLastError
DeviceIoControl
Sleep
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
GetHandleInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
TerminateProcess
GetExitCodeProcess
CreateThread
ResumeThread
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
SetConsoleTextAttribute
RtlCaptureStackBackTrace
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
FreeLibrary
LoadLibraryW
lstrcmpiW
LoadLibraryExW
CreateDirectoryW
SetEndOfFile
SetFilePointer
LoadLibraryA
RaiseException
FindNextFileW
GetDiskFreeSpaceW
GetVolumePathNameW
GetOverlappedResult
CancelIo
ResetEvent
CreateEventW
VirtualAlloc
VirtualFree
IsValidCodePage
CreateFileA
GetFileAttributesA
PeekNamedPipe
SearchPathA
SetHandleInformation
CreateProcessA
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoA
GetTickCount
MoveFileExA
GetEnvironmentVariableA
GetFileSizeEx
FlushFileBuffers
GetFinalPathNameByHandleW
SetFilePointerEx
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CancelIoEx
CancelSynchronousIo
DeleteCriticalSection
CreateEventA
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
GetNamedPipeHandleStateA
RegisterWaitForSingleObject
UnregisterWait
DebugBreak
GetConsoleMode
SetEvent
GetNumberOfConsoleInputEvents
ReadConsoleInputW
ReadConsoleW
WriteConsoleW
SetConsoleCursorPosition
WriteConsoleInputW
GetEnvironmentVariableW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetProcessAffinityMask
SetProcessAffinityMask
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreA
ReadDirectoryChangesW
GetStartupInfoW
GetConsoleWindow
CompareStringEx
SetThreadPriority
GetThreadPriority
TerminateThread
OutputDebugStringW
IsProcessorFeaturePresent
GetTickCount64
GetSystemTime
GetLocalTime
WaitForSingleObjectEx
CompareStringW
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetLogicalDrives
CreateFileMappingW
GetVolumePathNamesForVolumeNameW
MoveFileW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReleaseMutex
CreateMutexW
GetProcessHeap
HeapSize
GetTempPathW
CheckRemoteDebuggerPresent

user32

IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetWindowRect
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetClientRect
GetCursorPos
ChildWindowFromPointEx
GetSysColorBrush
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
GetDoubleClickTime
ChangeClipboardChain
RegisterClipboardFormatW
SetWindowPlacement
IsWindowEnabled
CreateCaret
DestroyCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
WaitForInputIdle
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxW
DispatchMessageW
RegisterClassW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
RegisterWindowMessageW
ReleaseDC
GetDC
CharPrevExA
LoadImageW
GetSysColor
SystemParametersInfoW
GetWindowPlacement
SetWindowPos
DrawIconEx
DestroyIcon
GetDesktopWindow
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
GetKeyboardLayout
IsWindow
AdjustWindowRectEx
GetSystemMetrics
DefWindowProcW
EnableMenuItem
SetClipboardViewer
GetSystemMenu

gdi32

GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
ExtTextOutW
GetDIBits
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
GdiFlush
GetObjectW
GetBitmapBits
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SelectClipRgn
OffsetRgn
GetRegionData
CreateRectRgn
CombineRgn
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetCharABCWidthsFloatW
EnumFontFamiliesExW
BitBlt

ole32

CreateBindCtx
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
GetRunningObjectTable
CoLockObjectExternal
StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
CoInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
RevokeDragDrop
RegisterDragDrop
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysAllocString
SafeArrayDestroy
VariantClear
VariantInit
SysFreeString

winmm

timeSetEvent
timeKillEvent

Sections

.text
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 237B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a628fbd0d076a996f79cb91373bb3010

Headers

DLL Characteristics

File Characteristics

Imports

imm32

wtsapi32

dbghelp

advapi32

ws2_32

shell32

userenv

crypt32

dwmapi

uxtheme

netapi32

version

kernel32

user32

gdi32

ole32

oleaut32

winmm

Sections

.text Size: 12.0MB - Virtual size: 12.0MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 115KB - Virtual size: 2.7MB

.qtmetad Size: 512B - Virtual size: 237B

.rsrc Size: 158KB - Virtual size: 157KB

.reloc Size: 423KB - Virtual size: 422KB

.text
Size: 12.0MB - Virtual size: 12.0MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 115KB - Virtual size: 2.7MB

.qtmetad
Size: 512B - Virtual size: 237B

.rsrc
Size: 158KB - Virtual size: 157KB

.reloc
Size: 423KB - Virtual size: 422KB