E:\TemporaryBuilds\tfs_installer_builder_1\7\s\_bin\soda14\Win32\SodaPDFDesktop14.pdb
Behavioral task
behavioral1
Sample
2024-05-12_0477d08525fced756cd9a795fcf3ee6a_avoslocker_magniber_metamorfo_revil.exe
Resource
win7-20240221-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-12_0477d08525fced756cd9a795fcf3ee6a_avoslocker_magniber_metamorfo_revil.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
2024-05-12_0477d08525fced756cd9a795fcf3ee6a_avoslocker_magniber_metamorfo_revil
-
Size
15.4MB
-
MD5
0477d08525fced756cd9a795fcf3ee6a
-
SHA1
f37dc853926bff25e1fae49741213c1c6b0d4cda
-
SHA256
f991276b051f0518cf476eed498a8da4c77e20a00f495d9b724cc7b265f5e5a4
-
SHA512
13210be2f8573f7b4a59a49650803d832810d2b2be72c8b744639b0197242021156f50246885d0d9fda04b45695d9abebb2fa4cc400d3cd024479717187af2d7
-
SSDEEP
196608:3Z8XGduKcf7EJ5prkhzDwFjx74R7tHgxl6S14TnrjY6+rrqNqj16knz3YbK2RP+x:3C2bia745HSonrjY6mrqN9kz3c+
Score
10/10
Malware Config
Signatures
-
Privateloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-12_0477d08525fced756cd9a795fcf3ee6a_avoslocker_magniber_metamorfo_revil
Files
-
2024-05-12_0477d08525fced756cd9a795fcf3ee6a_avoslocker_magniber_metamorfo_revil.exe windows:5 windows x86 arch:x86
8b010047835cbec74f7ee620a713cb28
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
kernel32
GetCommandLineA
GetOEMCP
GetACP
CreateFileW
SetFilePointer
CloseHandle
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
WideCharToMultiByte
GetFileAttributesW
CreateDirectoryW
WriteFile
SetFileTime
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLocalTime
GetTickCount
LocalFree
GetCurrentProcess
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
FormatMessageW
FormatMessageA
CreateEventA
SetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
WaitForMultipleObjects
TerminateThread
QueueUserAPC
TlsFree
GetDriveTypeW
InitializeCriticalSection
GetCommandLineW
RaiseException
GetModuleHandleW
GetProcAddress
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateThread
GetCurrentThreadId
CreateEventW
GetCurrentProcessId
LoadResource
LockResource
SizeofResource
FindResourceW
GetModuleFileNameW
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
OutputDebugStringW
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
DeleteFileW
SetFileAttributesW
GetFullPathNameW
CopyFileW
CreateProcessW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetFileAttributesExW
SetLastError
GetWindowsDirectoryW
Sleep
CreateMutexW
ReleaseMutex
LoadLibraryW
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjectsEx
LoadLibraryExW
lstrcmpiW
GetUserDefaultLCID
OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
IsWow64Process
GetExitCodeProcess
Process32FirstW
Process32NextW
GetModuleHandleA
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
UpdateResourceW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ProcessIdToSessionId
CreateMutexA
GetModuleFileNameA
LoadLibraryExA
DuplicateHandle
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
VerifyVersionInfoW
TlsGetValue
TlsSetValue
GetSystemDirectoryW
MoveFileExW
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
GetCurrentThread
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetSystemTime
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetEnvironmentStringsW
GetTempPathW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
TryEnterCriticalSection
ResetEvent
CreateSemaphoreW
ResumeThread
GetComputerNameW
CompareStringW
CompareStringA
GetNumberFormatW
GetCurrencyFormatW
GetSystemDefaultLCID
MulDiv
GetTempPathA
GetTempFileNameA
GlobalSize
AllocConsole
DebugBreak
SetErrorMode
SetEndOfFile
FlushViewOfFile
ExitProcess
LocalSize
lstrlenW
GetCPInfo
SetHandleInformation
CancelIo
RegisterWaitForSingleObject
UnregisterWait
FlushFileBuffers
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeHandleStateW
SwitchToThread
QueueUserWorkItem
CreateNamedPipeA
CreateFileA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
WriteConsoleInputW
SetConsoleCtrlHandler
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LCMapStringW
SetFilePointerEx
DeviceIoControl
CreateHardLinkW
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetSystemInfo
GetVolumeInformationW
GetStartupInfoW
VirtualAlloc
VirtualFree
lstrcmpW
SetThreadPriority
GetThreadPriority
GetVersionExW
VirtualProtect
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
GetConsoleOutputCP
SetStdHandle
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
RtlUnwind
FoldStringW
EnumSystemLocalesA
GetLocaleInfoA
IsDBCSLeadByteEx
IsValidCodePage
GetStringTypeExA
LCMapStringA
GetStringTypeExW
GetFileTime
CreateWaitableTimerA
OpenEventA
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
FindFirstFileExW
GetExitCodeThread
GetStringTypeW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
MapViewOfFileEx
CreateFileMappingA
lstrcpynW
VirtualQuery
InitializeCriticalSectionEx
winspool.drv
ord203
gdiplus
GdiplusShutdown
GdipDeleteFontFamily
GdipGetEmHeight
GdipGetCellAscent
GdipGetLineSpacing
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipGetFontSize
GdipCreateBitmapFromGraphics
GdipCreateHBITMAPFromBitmap
GdipDrawImageI
GdipDrawDriverString
GdipDrawRectangle
GdipEndContainer
GdipBeginContainer2
GdipRestoreGraphics
GdipSaveGraphics
GdipGetClipBoundsI
GdipSetClipRectI
GdipSetClipRect
GdipGetWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectRect
GdipFillPath
GdipFillPie
GdipFillEllipse
GdipFillRectanglesI
GdipFillRectangleI
GdipFillRectangle
GdipDrawArc
GdipMultiplyWorldTransform
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHWND
GdipDrawLine
GdipSetImageAttributesColorMatrix
GdipGraphicsClear
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipSetPenDashArray
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipSetPathGradientTransform
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipSetPathGradientCenterPoint
GdipCreatePathGradientFromPath
GdipMultiplyLineTransform
GdipSetLineWrapMode
GdipSetLinePresetBlend
GdipCreateLineBrush
GdipCreateSolidFill
GdipCreateTexture
GdipDeleteBrush
GdipCloneBrush
GdipGetMatrixElements
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipIsVisiblePathPoint
GdipGetPathWorldBounds
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipAddPathEllipse
GdipAddPathBezier
GdipAddPathArc
GdipAddPathLine
GdipClosePathFigure
GdipStartPathFigure
GdipSetPathFillMode
GdipResetPath
GdipDeletePath
GdipClonePath
GdipCreatePath
GdipFree
GdipAlloc
GdipDrawPath
GdipDrawPie
GdipTransformPoints
GdiplusStartup
GdipDisposeImageAttributes
GdipDrawEllipse
GdipCreateFromHDC
GdipSetPageUnit
uxtheme
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
SetWindowTheme
OpenThemeData
usp10
ScriptFreeCache
ScriptItemize
ScriptShape
ScriptPlace
ScriptApplyDigitSubstitution
ScriptBreak
Exports
Exports
??0?$singleton@V?$extended_type_info_typeid@UAppMdiData@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vdate@gregorian@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vptime@posix_time@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UAppMdiData@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UAppMdiData@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vdate@gregorian@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vdate@gregorian@boost@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vptime@posix_time@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vptime@posix_time@boost@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?unlock@singleton_module@serialization@boost@@QAEXXZ
Sections
.text Size: 9.3MB - Virtual size: 9.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 361KB - Virtual size: 419KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 547KB - Virtual size: 546KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ