2024-05-14_849a77ebfd8ab48cb0f652fef401d397_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_849a77ebfd8ab48cb0f652fef401d397_avoslocker
Size

7.7MB
MD5

849a77ebfd8ab48cb0f652fef401d397
SHA1

1155678f715a9fde692d7ab771852a05e6e06d7b
SHA256

7904d797aa68d2fa583d30de34a5565bda55a188988d7580a3326adebb831863
SHA512

f1a1f1efa23d8ecfd2bc14f7405ae33ce56cc0c345ca42428a87f651254a2a8ea00900ce6ec8a4519c82e3d919a24b417640f37e584d712d745a602fdce34334
SSDEEP

98304:2lPipIyXaIXllCmGILeHfSUB4o1oYj+onN+5k5Pz2F4TSBH/lJSBJn9lj7XS0bK:2lqpv1lmNfoYjRKEI/lJSBt9o0bK

Score

1^/10

Malware Config

Signatures

Files

2024-05-14_849a77ebfd8ab48cb0f652fef401d397_avoslocker
.exe windows:6 windows x86 arch:x86

432cdec2189a9238dd6fbd9a5f766321

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:1c:6e:a2:2c:cf:05:7a:92:7e:99:6d:c4:98:29:4b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/04/2023, 00:00

Not After

13/05/2026, 23:59

Subject

CN=Fasoo Co.\, Ltd.,O=Fasoo Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:62:ea:8b:dc:3a:19:dc:45:90:77:14:76:c2:37:bf:7d:30:15:f5:d9:9e:87:99:12:5a:48:25:bf:99:6c:2a
Signer

Actual PE Digest

14:62:ea:8b:dc:3a:19:dc:45:90:77:14:76:c2:37:bf:7d:30:15:f5:d9:9e:87:99:12:5a:48:25:bf:99:6c:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DRM_Client_Build\workspace\FDR2\label\DRM_Client_Slave\bin\Release\f_fdrmgr.pdb

Imports

fltlib

FilterGetMessage
FilterReplyMessage
FilterSendMessage
FilterConnectCommunicationPort

fcw_cryptoex2

ord1

f_sqlite3

sqlite3_step
sqlite3_finalize
sqlite3_bind_int64
sqlite3_bind_text16
sqlite3_bind_int
sqlite3_column_int64
sqlite3_errcode
sqlite3_backup_finish
sqlite3_backup_step
sqlite3_backup_init
sqlite3_column_text16
sqlite3_exec
sqlite3_key
sqlite3_open_v2
sqlite3_free
sqlite3_mprintf
sqlite3_column_text
sqlite3_column_type
sqlite3_open
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_close
sqlite3_column_blob
sqlite3_table_column_metadata
sqlite3_bind_blob
sqlite3_last_insert_rowid
sqlite3_reset
sqlite3_bind_text
sqlite3_bind_null
sqlite3_errmsg
sqlite3_column_int

f_pcre2

pcre2_jit_stack_free_16
pcre2_code_free_16
pcre2_jit_match_16
pcre2_match_context_free_16
pcre2_match_data_free_16
pcre2_compile_16
pcre2_jit_compile_16
pcre2_jit_stack_assign_16
pcre2_jit_stack_create_16
pcre2_match_context_create_16
pcre2_match_data_create_from_pattern_16

f_fdrtray

?ReleaseTrayDialog@@YAXPAVITrayDialog@@@Z
?CreateTrayDialog@@YAPAVITrayDialog@@XZ

f_fdrenc

NxlFreeMemory
NxlAddPropertySectionInfo
NxlInit
NxlSetFileLicenseCheck
NxlGetPropertySectionInfo
NxlCheckFedFileType
NxlGetFDRSectionInfoEx
NxlCheckFed5Type
NxlFDRUpdateSection
NxlCloseContentInfo
NxlSetContentInfo
NxlGetContentInfo
NxlGetIsolateSection
NxlRestoreFile
NxlIsolateFile
NxlGetTraceInfo
NxlGetEncryptInfo
NxlGetFDRSectionInfo
NxlGetSecureDocInfo
NxlFDRDecrypt
NxlFDR_N_Decrypt
NxlFDREncrypt
NxlFDR_N_Encrypt
WrapChangeFileEx
NxlGetSecLevelByPath
NxlGetFSNDomain
NxlDrmDecryptFile
NxlDrmEncryptFileEx
NxlDrmEncryptFileNx
NxlReplaceProductIdByPath
NxlSetSecLevelByPath
NxlSetReplaceHeaderPiiByPath
NxlPiiDecryptFile
NxlPiiEncryptFile

psapi

GetModuleFileNameExW

kernel32

CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
InitializeSListHead
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SystemTimeToFileTime
GetSystemTime
CreateTimerQueue
GetLastError
GetFileAttributesW
GetDriveTypeW
FindFirstFileExW
FindNextFileW
FindClose
MultiByteToWideChar
WideCharToMultiByte
WriteFile
ReadFile
GetOverlappedResult
PeekNamedPipe
SetEvent
CreateFileW
CreateEventW
WaitNamedPipeW
CloseHandle
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateDirectoryW
SetFileAttributesW
GetComputerNameW
GetFileSizeEx
GetFileTime
DeleteFileW
SetFilePointer
GetTickCount
Sleep
VerSetConditionMask
VerifyVersionInfoW
GetSystemInfo
GetLocaleInfoW
GetCurrentProcess
EnumSystemLocalesW
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
ExpandEnvironmentStringsW
DeleteTimerQueue
MoveFileW
GetFileAttributesExW
FreeLibrary
LoadLibraryW
GetProcAddress
SetThreadPriority
GetCurrentThread
CreateIoCompletionPort
GetQueuedCompletionStatus
GetCurrentProcessId
OpenMutexW
ReleaseMutex
WaitForMultipleObjects
GetFileSize
GetModuleHandleW
GetUserDefaultLangID
GetLogicalDrives
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RemoveDirectoryW
InitializeCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ExitProcess
LocalFree
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
PostQueuedCompletionStatus
FlushFileBuffers
GetFileInformationByHandle
GetLocalTime
GetModuleFileNameW
DeviceIoControl
IsBadReadPtr
lstrcmpiW
OpenEventW
FindResourceExW
LoadResource
LockResource
SizeofResource
SetEndOfFile
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
ReadDirectoryChangesW
OutputDebugStringW
lstrlenW
SetCurrentDirectoryW
MoveFileExW
CreateMutexW
CancelIo
SetThreadExecutionState
ProcessIdToSessionId
GetSystemPowerStatus
SetFileTime
HeapAlloc
GetProcessHeap
HeapFree
GetVersion
SetNamedPipeHandleState
OutputDebugStringA
lstrcatW
IsValidLocale
GetLocaleInfoEx
GetStringTypeW
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
GetCurrentThreadId
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryExA
VirtualQuery
VirtualProtect
RaiseException
WriteConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
LCMapStringW
GetProcessAffinityMask
GetUserDefaultLCID
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
SetProcessAffinityMask

user32

GetSubMenu
KillTimer
DestroyWindow
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
GetMenuItemID
WaitForInputIdle
PostThreadMessageW
DdeInitializeW
wsprintfW
LoadMenuW
AppendMenuW
EnableMenuItem
DdeCreateStringHandleW
DdeNameService
DdeGetLastError
DdeFreeStringHandle
DdeUninitialize
DdeCmpStringHandles
DdeGetData
CreateMenu
PostMessageW
FindWindowW
GetForegroundWindow
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetLastInputInfo
LoadStringW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetClassLongW
RegisterWindowMessageW
PostQuitMessage
DefWindowProcW
SendMessageW
MessageBoxW
LoadIconW

advapi32

RegCloseKey
GetUserNameW
IsValidSecurityDescriptor
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegDeleteKeyExW
RegSetValueExW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW

shell32

SHChangeNotify
SHGetFolderPathW
SHCreateItemFromParsingName
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

fcw_crypto2

ord16

ws2_32

gethostbyname
WSAStartup
WSAGetLastError
inet_ntoa

mpr

WNetGetUniversalNameW
WNetGetConnectionW

wininet

InternetSetOptionW
InternetQueryOptionW
InternetSetStatusCallbackW
InternetCrackUrlW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetReadFileExW
InternetWriteFile
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW
HttpEndRequestW

sensapi

IsNetworkAlive

netapi32

NetApiBufferFree
NetShareEnum

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

crypt32

CryptProtectData
CryptUnprotectData

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

432cdec2189a9238dd6fbd9a5f766321

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:1c:6e:a2:2c:cf:05:7a:92:7e:99:6d:c4:98:29:4bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

14:62:ea:8b:dc:3a:19:dc:45:90:77:14:76:c2:37:bf:7d:30:15:f5:d9:9e:87:99:12:5a:48:25:bf:99:6c:2aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fltlib

fcw_cryptoex2

f_sqlite3

f_pcre2

f_fdrtray

f_fdrenc

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

fcw_crypto2

ws2_32

mpr

wininet

sensapi

netapi32

iphlpapi

crypt32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 444KB - Virtual size: 443KB

.data Size: 58KB - Virtual size: 63KB

.rsrc Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 102KB - Virtual size: 102KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:1c:6e:a2:2c:cf:05:7a:92:7e:99:6d:c4:98:29:4b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

14:62:ea:8b:dc:3a:19:dc:45:90:77:14:76:c2:37:bf:7d:30:15:f5:d9:9e:87:99:12:5a:48:25:bf:99:6c:2a
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 444KB - Virtual size: 443KB

.data
Size: 58KB - Virtual size: 63KB

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 102KB - Virtual size: 102KB