2024-05-15_ce37282c120dc8265370390ad8640ff7_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-15_ce37282c120dc8265370390ad8640ff7_avoslocker_revil
Size

1.5MB
MD5

ce37282c120dc8265370390ad8640ff7
SHA1

b98ee40f2e1f6ad5348ff0f8cb140d5ebdef0994
SHA256

4f42466ba4d7a1238e983833312958789deb3104731e58b0b9aa64638015ce3e
SHA512

ba9b25e3a734238e0639b21e8b2ff2c996e1ffbd4b94160a19b1ebe826e84471491480d7dcb9b370193daa4573ad89e3f8e1cfc0b1986682a1f3f511840493fe
SSDEEP

49152:HZICC7HNRB//ngR11uv3sKlTNvQc4NJFa:HZICSNL//gR11uv3N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-15_ce37282c120dc8265370390ad8640ff7_avoslocker_revil

Files

2024-05-15_ce37282c120dc8265370390ad8640ff7_avoslocker_revil
.exe windows:6 windows x86 arch:x86

70a954d70423836663b89d830afe0f89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Git-repo\sogou_release\chrome\src\out\Release_x86\QQBrowserLiveup.pdb

Imports

kernel32

CopyFileW
FindResourceExW
LockResource
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
TerminateThread
Sleep
WinExec
GetTickCount
MoveFileExW
OpenProcess
CreateProcessW
GetVersionExW
DeleteFileW
VirtualQuery
MulDiv
GetExitCodeProcess
GetProcessHeap
HeapDestroy
HeapAlloc
HeapReAlloc
WriteConsoleW
SetEndOfFile
ReadConsoleInputW
SetConsoleMode
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
HeapFree
DecodePointer
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
RaiseException
lstrcmpiW
FreeLibrary
MultiByteToWideChar
WaitForSingleObject
GetLastError
SetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetCurrentDirectoryW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
FlushConsoleInputBuffer
GlobalMemoryStatus
EnterCriticalSection
GetCurrentThreadId
CreateMutexW
OpenMutexW
CloseHandle
TerminateProcess
LoadLibraryA
GetModuleHandleA
GetFileType
GetStdHandle
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
QueryPerformanceCounter
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
IsDebuggerPresent
LoadLibraryExA
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
WaitNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateThread
GetDiskFreeSpaceExW
GetExitCodeThread
DeviceIoControl
FlushInstructionCache
VirtualAlloc
VirtualProtect
SetEvent
GetSystemTimeAsFileTime
FindNextFileW
FindClose
FindFirstFileW
GetLocalTime
GetTempPathW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
GetSystemDefaultLangID
GetFullPathNameW
WriteFile
SetFilePointer
CreateDirectoryW
GetSystemInfo
GetCurrentProcessId
RemoveDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
lstrlenW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSectionEx
GlobalFree
LoadLibraryW
LocalAlloc
LocalFree
GetCurrentProcess
ReadFile
CreateEventW
GetSystemDirectoryW

user32

GetDC
ReleaseDC
IsWindow
PostMessageW
MoveWindow
SetWindowPos
MapWindowPoints
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetForegroundWindow
SetTimer
PostQuitMessage
ClientToScreen
SendMessageW
KillTimer
IsWindowVisible
ShowWindow
MessageBoxW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
LoadImageW
OffsetRect
GetSysColor
GetWindowRect
GetSystemMetrics
GetDesktopWindow
GetDlgItem
SetWindowRgn
ScreenToClient
EnableWindow
InvalidateRect
SetFocus
PtInRect
GetScrollInfo
EndDialog
GetDlgCtrlID
SystemParametersInfoW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
PostThreadMessageW
GetMessageW
InflateRect
FrameRect
SendInput
GetForegroundWindow
EnumWindows
UpdateLayeredWindow
GetClientRect
LoadCursorW
CallWindowProcW
GetWindowLongW
DialogBoxParamW
DestroyWindow
GetActiveWindow
FindWindowW
CharNextW
UnregisterClassW
CopyRect
DrawTextW
UnionRect
GetCursorPos
IntersectRect
IsWindowEnabled
EnumChildWindows
RemovePropW
SetPropW
GetFocus
GetAncestor
SetWindowLongW
GetClassNameW
SetWindowTextW
DrawFocusRect
DefWindowProcW
IsZoomed
IsIconic
GetWindowDC
SetCursor
GetWindowTextLengthW
GetWindowTextW
PeekMessageW
IsRectEmpty
SetRectEmpty
GetIconInfo
DestroyIcon
GetCapture
EqualRect
GetMenu
AdjustWindowRectEx
EndPaint
BeginPaint
SetCapture
ReleaseCapture
UpdateWindow

gdi32

SaveDC
CreatePen
CreateDIBSection
CreateFontIndirectW
SetDIBColorTable
CombineRgn
GetPixel
CreateSolidBrush
RestoreDC
GetViewportOrgEx
GetClipBox
SelectClipRgn
GetCurrentObject
MoveToEx
LineTo
GetTextExtentPoint32W
GetTextExtentExPointW
SetBitmapBits
GetBitmapBits
SetBkMode
GetObjectA
GetObjectW
DeleteObject
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
BitBlt
CreateFontW
GetDeviceCaps
SetTextColor
GetStockObject
CreateRectRgnIndirect
SetBkColor
ExtTextOutW
RectVisible

advapi32

GetTokenInformation
RegisterEventSourceA
DeregisterEventSource
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
ConvertSidToStringSidW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
ReportEventA

shell32

SHGetFolderLocation
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
ord75
SHGetPathFromIDListW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

VarUI4FromStr

shlwapi

PathMatchSpecW
PathFindFileNameW
PathRemoveArgsW
PathGetArgsW
PathRemoveFileSpecW
SHGetValueW
PathAppendW
PathFileExistsW
SHSetValueW
SHDeleteValueW
PathCombineW
PathRemoveBlanksW
PathRemoveBackslashW
PathCanonicalizeW
PathIsDirectoryW
wnsprintfW
PathUnquoteSpacesW

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromResource
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipFree
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontSize
GdiplusShutdown
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipCreateBitmapFromHICON
GdipBitmapGetPixel
GdiplusStartup
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipSetSmoothingMode
GdipDrawEllipseI
GdipDrawPath
GdipFillEllipseI
GdipFillPath
GdipSetTextRenderingHint

dbghelp

MakeSureDirectoryPathExists

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

ws2_32

ntohl
htonl
htons
ntohs

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpOpen

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 953KB - Virtual size: 953KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70a954d70423836663b89d830afe0f89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

dbghelp

version

netapi32

ws2_32

winhttp

urlmon

wininet

Sections

.text Size: 953KB - Virtual size: 953KB

.rdata Size: 299KB - Virtual size: 298KB

.data Size: 19KB - Virtual size: 93KB

.rsrc Size: 225KB - Virtual size: 225KB

.reloc Size: 48KB - Virtual size: 48KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 953KB - Virtual size: 953KB

.rdata
Size: 299KB - Virtual size: 298KB

.data
Size: 19KB - Virtual size: 93KB

.rsrc
Size: 225KB - Virtual size: 225KB

.reloc
Size: 48KB - Virtual size: 48KB

.zero
Size: 4KB - Virtual size: 3KB