2024-05-14_b6a25501f03c3b2376769f46c60ebed4_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_b6a25501f03c3b2376769f46c60ebed4_avoslocker_revil
Size

2.2MB
MD5

b6a25501f03c3b2376769f46c60ebed4
SHA1

b55e4ebadc5173d32a64fb7a778f8b8946dadcd4
SHA256

571240b29926238acfd031a2d97b891ddc2e81f0ee9d478109d493fbd80bc214
SHA512

0aee5326ba3f3a29e4ce08b7f1547fd53cce589762311e051a8886f3daece20ad9771e09b42c3181c166dd634ab89a0f9733698cc80670b52392e9398e103d8e
SSDEEP

49152:Xlp3m6HcGGTzCab3ktG8IVFjPMs3EorysyHtPO7h13+3586L:Xlp74W6UKPMs3Eonio7hp+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-14_b6a25501f03c3b2376769f46c60ebed4_avoslocker_revil

Files

2024-05-14_b6a25501f03c3b2376769f46c60ebed4_avoslocker_revil
.exe windows:6 windows x86 arch:x86

62276b90e734ec131e4c8ad9f19280c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TMP\CertCheck\Release\CertCheck.pdb

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExW
GetCurrentDirectoryW
SetFilePointerEx
GetConsoleOutputCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetStdHandle
HeapQueryInformation
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
SetConsoleCtrlHandler
ExitProcess
WriteConsoleW
RtlUnwind
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
OutputDebugStringW
SetErrorMode
GetCPInfo
GetOEMCP
VirtualProtect
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
GlobalHandle
GlobalReAlloc
InitializeCriticalSection
GetThreadLocale
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
GetUserDefaultLCID
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
DeleteFileA
CreateFileA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FormatMessageA
MulDiv
LocalFree
GlobalAddAtomA
WaitForSingleObject
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryW
EncodePointer
FindResourceA
GlobalFree
GetTickCount
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
GetModuleFileNameA
GetVersionExA
GetCurrentThread
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GetACP
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindNextFileW
FindFirstFileW
FindClose
LoadLibraryW
LoadLibraryA
FreeLibrary
CloseHandle
ConvertFiberToThread
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteFiber
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
WriteFile
GetFileType
GetEnvironmentVariableW
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
SetLastError
GetModuleHandleExW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
WideCharToMultiByte
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetFullPathNameW
SetEnvironmentVariableW

user32

MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
LoadIconA
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetWindowTextA
RemovePropA
GetPropA
SetPropA
GetScrollPos
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
DrawTextExA
GetMessagePos
RegisterWindowMessageA
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetCursor
CallNextHookEx
SetWindowsHookExA
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
DrawTextA
SetWindowTextA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageA
DestroyMenu
GetCapture
GetDC
ReleaseDC
GetClientRect
IsIconic
GetSystemMetrics
DrawIcon
PostMessageA
UnregisterClassA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
PostQuitMessage
DispatchMessageA
PeekMessageA
SetTimer
KillTimer
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetWindowThreadProcessId
GetLastActivePopup
RegisterClipboardFormatA
SetWindowPos
SetWindowContextHelpId
GetWindow
MapDialogRect
UnhookWindowsHookEx
IsWindow
DestroyWindow
CreateDialogIndirectParamA
GrayStringA
TabbedTextOutA
GetWindowDC
ClientToScreen
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
GetDesktopWindow
GetFocus
CheckMenuItem
CharUpperA
SetCapture
ReleaseCapture
LoadCursorA
RealChildWindowFromPoint
InvalidateRect
PostThreadMessageA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
GetSysColorBrush
GetMessageTime
EnableMenuItem

gdi32

SetMapMode
TextOutA
SelectObject
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
DeleteObject
ExtTextOutA
CreateRectRgnIndirect
GetObjectA
SetTextColor
SetBkColor
GetDeviceCaps
CreateBitmap
SetViewportExtEx
DeleteDC

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteValueA
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
RegEnumValueA
RegOpenKeyExW
RegSetValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
DeregisterEventSource
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash

shell32

ExtractIconA
DragQueryFileA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathFindFileNameA

ole32

CoInitializeEx
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
StringFromCLSID
CoRevokeClassObject
CoRegisterMessageFilter
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
CoDisconnectObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterClassObject
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
VariantCopy
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

oledlg

ord8

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
closesocket
WSASetLastError
send
recv

crypt32

CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62276b90e734ec131e4c8ad9f19280c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

crypt32

bcrypt

oleacc

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 463KB - Virtual size: 463KB

.data Size: 17KB - Virtual size: 39KB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 463KB - Virtual size: 463KB

.data
Size: 17KB - Virtual size: 39KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 73KB - Virtual size: 72KB