2024-05-14_0470142df8b3b8ce8dfd43aaf5fe3255_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_0470142df8b3b8ce8dfd43aaf5fe3255_avoslocker_revil
Size

4.5MB
MD5

0470142df8b3b8ce8dfd43aaf5fe3255
SHA1

7b935d5e0668d313811fbcefef73dd6946725612
SHA256

672bdca58e0de8d12af94e474572b697c95d2255d1b7cfd48b3e49593adc540a
SHA512

f82f2850762c2d6249e14f190f5caa5a94bb7ad8d4ed8f11f3b5051a6fa23edf9c81e874b848da30fca9e3b9d2e2648e170340d6e11929369c83ef7f9ad68e75
SSDEEP

98304:G1cyy6Sz2c/dhSwvIzMwh9o9b2a7wRGpj3:GmyVSilw4yiOF9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-14_0470142df8b3b8ce8dfd43aaf5fe3255_avoslocker_revil

Files

2024-05-14_0470142df8b3b8ce8dfd43aaf5fe3255_avoslocker_revil
.exe windows:5 windows x86 arch:x86

7029484980ae4470f00e33fdc1587e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gocart-client-build\win-intel\build\gocartclient\public\gcinvokerutility\binaries\windows\release\AGCInvokerUtility.pdb

Imports

iphlpapi

GetAdaptersAddresses

psapi

GetProcessImageFileNameW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetFolderLocation
SHGetFolderPathW
CommandLineToArgvW

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathStripPathW
PathRemoveBackslashW
PathAppendW
PathIsFileSpecW
PathAddExtensionW
PathIsDirectoryW
PathRenameExtensionW
PathFindExtensionW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

inet_ntoa

rpcrt4

RpcStringFreeA
UuidToStringA
UuidToStringW
UuidCreate
RpcStringFreeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

NetApiBufferFree
NetWkstaGetInfo

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winhttp

WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpReadData

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

kernel32

GetTempPathW
GetModuleFileNameW
GetModuleHandleExW
GetEnvironmentVariableA
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetLogicalDriveStringsW
QueryDosDeviceW
RemoveDirectoryW
DecodePointer
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
ProcessIdToSessionId
GetSystemTime
GetComputerNameExW
GetVersionExW
SystemTimeToFileTime
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryW
TryEnterCriticalSection
GetFileSizeEx
GetLocalTime
GetTimeFormatW
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
CreateSemaphoreW
VerSetConditionMask
lstrlenW
VerifyVersionInfoW
ReleaseSemaphore
GetTickCount
MoveFileW
K32GetProcessImageFileNameW
lstrcmpA
lstrcmpW
SetHandleInformation
CreatePipe
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateDirectoryW
DuplicateHandle
SetEvent
CreateEventW
GetCurrentProcess
TerminateProcess
ResumeThread
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
SetFileAttributesW
FileTimeToSystemTime
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
GetTimeZoneInformation
WideCharToMultiByte
CreateThread
GetCurrentThread
WaitForMultipleObjects
GlobalFree
GetACP
GetStdHandle
GetFileType
GetModuleHandleA
GetModuleHandleW
ResetEvent
GlobalMemoryStatus
FlushConsoleInputBuffer
OutputDebugStringA
TerminateThread
GetFileTime
DosDateTimeToFileTime
lstrcatW
LocalFileTimeToFileTime
WriteConsoleW
FreeEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetProcessTimes
CompareFileTime
GetCommandLineW
LocalFree
LocalAlloc
Sleep
CreateNamedPipeW
PeekNamedPipe
ConnectNamedPipe
GetLastError
CloseHandle
WriteFile
ReadFile
CreateFileW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleInputW
SetConsoleMode
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
MoveFileExW
SetFileTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
SwitchToThread

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW

advapi32

CryptGenRandom
AllocateAndInitializeSid
CryptReleaseContext
CryptAcquireContextW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenThreadToken
GetNamedSecurityInfoW
CopySid
CreateWellKnownSid
SetNamedSecurityInfoW
ConvertSidToStringSidA
DeleteService
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
CreateProcessAsUserW
EnumDependentServicesW
ControlService
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
QueryServiceStatusEx

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject

wintrust

WinVerifyTrust

Exports

Exports

AGDServiceAllKeysInSubDomain
AGDServiceConvertAGDStatusTypeEnumToString
AGDServiceCountKeysInSubDomain
AGDServiceRemoveAllKeysInSubDomain
AGDServiceRemoveKeyInSubDomain
AGDServiceSetMultipleValueForKeyInSubDomain
AGDServiceSetValueForKeyInSubDomain
AGDServiceValueForKeyInSubDomain
AGDTruncateAdobeGenuineDataTable
Adobe_GC_GetLatestGCApplication
Adobe_GC_InvokeApplication
Adobe_GC_InvokeApplication_NGL
Adobe_GC_ReleaseRef
Adobe_GC_SetDownloadPath
Adobe_GC_SetInstallPath
CCDGetNGLAppID
CCDServiceSetAllRecords
CCDTruncateCCDataTable
IAL_CloseSession
IAL_CreateSession
IAL_DownloadAdobeGCClientFromPath
IAL_FetchRulesForLEIDs
IAL_GetAdobeGCClientAppDownloadPath
IAL_GetClientConfiguration
IAL_GetServerURLFromDispatch
IAL_GetVersion
IAL_PostRulesForLEIDs
IAL_SendCheckPatch
IAL_SendEventToETSHostfileMod
IAL_SendInAppEvents
IAL_SendMachineEvents
IAL_SendNotifAuditEvents
IAL_SendPHEvents
IAL_SendPatchAudit
IAL_SendUninstallationStatus
IAL_SetLoggingMethod
IAL_SetProxyDetails
RSDConvertPCDStatusTypeEnumToString
RSDServiceGetAllRecords
RSDServiceRecordStatus
RSDTruncateGCDataTable

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 812KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7029484980ae4470f00e33fdc1587e98

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

psapi

shell32

shlwapi

version

ws2_32

rpcrt4

userenv

netapi32

wtsapi32

winhttp

setupapi

kernel32

user32

advapi32

ole32

oleaut32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 595KB - Virtual size: 594KB

.data Size: 275KB - Virtual size: 295KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 812KB - Virtual size: 816KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 595KB - Virtual size: 594KB

.data
Size: 275KB - Virtual size: 295KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 812KB - Virtual size: 816KB