2024-05-16_d6c69d44382bed476ae63f85fa735091_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-16_d6c69d44382bed476ae63f85fa735091_avoslocker
Size

1.6MB
MD5

d6c69d44382bed476ae63f85fa735091
SHA1

ab426e12b9abcf0c38cc087924d18216e2b336c6
SHA256

9cd6e8e75f4e60510cb3975b851fc9c8e82746e9a406f21906e34c3a49259c74
SHA512

f99a10ebd4b4455cff8c7fcbd1acbed82f41432a23e28fb98c7407bcce5148f6a87c083de7a50ef76daa937b64cf63111fbf781c7b393169d618650a97522bc9
SSDEEP

49152:cikJkLGH+OfAjgBlSj1hlza3TqWLs3Rk2xv/TWJP0K4H1fC2S:dGH+OfAjgBlSj7WLs3RB0JoVf6

Score

1^/10

Malware Config

Signatures

Files

2024-05-16_d6c69d44382bed476ae63f85fa735091_avoslocker
.exe windows:6 windows x86 arch:x86

39d13ad7cd7bb2bead2b09b250aaf8d2

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:8f:89:21:c5:36:49:3e:67:df:84:fb:82:23:b0:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/03/2024, 00:00

Not After

02/04/2026, 23:59

Subject

SERIALNUMBER=201812738K,CN=INNOVATIVE CONNECTING PTE. LIMITED,O=INNOVATIVE CONNECTING PTE. LIMITED,L=SINGAPORE,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:90:72:de:e1:88:4e:d2:91:a0:bb:05:1a:f7:72:95:f9:d5:0b:c4:b1:87:8e:16:c3:b2:5a:4d:0b:b3:10:9f
Signer

Actual PE Digest

19:90:72:de:e1:88:4e:d2:91:a0:bb:05:1a:f7:72:95:f9:d5:0b:c4:b1:87:8e:16:c3:b2:5a:4d:0b:b3:10:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\360Work\2.vpn_turbo\win_turbo\Release\UninstallRetention.pdb

Imports

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertGetNameStringA

ws2_32

WSAGetLastError
send
recv
WSACleanup
gethostbyname
WSASocketW
WSAStartup
inet_addr
recvfrom
WSASetLastError
select
closesocket
htons
sendto
setsockopt
__WSAFDIsSet

shlwapi

PathRemoveFileSpecW
PathAppendW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

myinternet

BiDataEventSend

kernel32

HeapFree
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
LoadLibraryExW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetLocalTime
SystemTimeToFileTime
MulDiv
WaitForSingleObject
CreateEventW
SetEvent
CreateThread
ExpandEnvironmentStringsA
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
Sleep
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
FormatMessageA
WaitForSingleObjectEx
CreateFileA
GetFileSizeEx
GetCurrentDirectoryW
GetACP
ExitProcess
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
GetFileSize
GetFileType
SetFilePointer
SetFileTime
WriteFile
DuplicateHandle
DosDateTimeToFileTime
TryEnterCriticalSection
OutputDebugStringA
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
LocalFree
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileTime
GetLongPathNameW
GetTempFileNameW
GetTickCount
RemoveDirectoryW
MoveFileW
ReplaceFileW
CreateProcessW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
IsDebuggerPresent
GetUserDefaultLangID
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ResetEvent
FlushFileBuffers
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
GetStdHandle
GetModuleHandleExA
GetNativeSystemInfo
GetWindowsDirectoryW
GetModuleHandleExW
LCMapStringEx
EncodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
GetStringTypeW
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetSystemDefaultLCID
GetCurrentProcessId
CreatePipe
ReadFile
MoveFileExW
GlobalLock
GetProcAddress
LoadLibraryW
CloseHandle
DeleteFileW
GlobalAlloc
GetLastError
MultiByteToWideChar
GetLocaleInfoA
GetSystemDirectoryW
GetVersionExW
FindClose
GetTempPathW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
WriteConsoleW
GetCommandLineW
SetLastError
CreateDirectoryW
GlobalUnlock
GetLocaleInfoEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
RtlUnwind
GetDriveTypeW
PeekNamedPipe
GetConsoleCP
GetConsoleMode
GetFullPathNameW
ReadConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

user32

FillRect
DrawTextW
CharPrevW
GetPropW
SetPropW
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
MonitorFromWindow
MessageBoxW
SetWindowRgn
IsZoomed
LoadCursorW
OffsetRect
SetCursor
wvsprintfW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
UnionRect
IntersectRect
MapWindowPoints
ScreenToClient
GetCursorPos
CreateCaret
GetClientRect
InvalidateRect
GetUpdateRect
GetMonitorInfoW
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetRect
WaitMessage
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
FindWindowW
SendMessageW
UnregisterClassW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
ShowWindow
GetWindowThreadProcessId
ReleaseDC
GetDesktopWindow
PostQuitMessage
GetDC
MonitorFromPoint
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
CharNextW
SetFocus
GetActiveWindow
BeginPaint
GetWindowRect
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
EndPaint

gdi32

GetObjectA
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
CreatePatternBrush
SetTextColor
SetStretchBltMode
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetDIBits
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CreateDCW
CombineRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
CreateDIBSection
StretchBlt
SaveDC

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash

shell32

CommandLineToArgvW
ShellExecuteW
SHFileOperationW
SHGetFolderPathW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleLockRunning
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

gdiplus

GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreatePen1
GdipDrawLineI
GdipCreateLineBrushI
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipCreateFontFromDC
GdipSetPixelOffsetMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateStringFormat
GdipDeleteGraphics
GdipGetFamily
GdipDeletePen

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 1002KB - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39d13ad7cd7bb2bead2b09b250aaf8d2

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:8f:89:21:c5:36:49:3e:67:df:84:fb:82:23:b0:92Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

19:90:72:de:e1:88:4e:d2:91:a0:bb:05:1a:f7:72:95:f9:d5:0b:c4:b1:87:8e:16:c3:b2:5a:4d:0b:b3:10:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

shlwapi

version

myinternet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

imm32

winmm

comctl32

Sections

.text Size: 1002KB - Virtual size: 1002KB

.rdata Size: 239KB - Virtual size: 238KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 354KB - Virtual size: 354KB

.reloc Size: 53KB - Virtual size: 52KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:8f:89:21:c5:36:49:3e:67:df:84:fb:82:23:b0:92
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

19:90:72:de:e1:88:4e:d2:91:a0:bb:05:1a:f7:72:95:f9:d5:0b:c4:b1:87:8e:16:c3:b2:5a:4d:0b:b3:10:9f
Signer

.text
Size: 1002KB - Virtual size: 1002KB

.rdata
Size: 239KB - Virtual size: 238KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 354KB - Virtual size: 354KB

.reloc
Size: 53KB - Virtual size: 52KB