C:\BuildAgent\work\33b2b67282fffa05\tminstaller\Teramind.Setup\Teramind.Setup.Remover\obj\Release\Teramind.Setup.Remover.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-22_707dcb12658071e81c002a208de3c91e_avoslocker_revil.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-22_707dcb12658071e81c002a208de3c91e_avoslocker_revil.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-05-22_707dcb12658071e81c002a208de3c91e_avoslocker_revil
-
Size
6.5MB
-
MD5
707dcb12658071e81c002a208de3c91e
-
SHA1
8398ad3a71188f6f530de0e426acb4246be56c0e
-
SHA256
da9725d157e88b0ec3d7aa36ee0093dea859273922017af44b091ad692bb67ba
-
SHA512
6588cf2b79e50bb9df6e753394c5f1e87b6a1d57b2070a46c121c0439abfbee47b09d327ad833a567b63ba17250fff851e96ad4c44415579e94dddb75e346a19
-
SSDEEP
98304:wI9tiSH6a6gfFCZ8th/yp3qvZ4ypOKRxoBBTxBQk6dtQ:wAH6aff4+4p84yjRyBNxqQ
Malware Config
Signatures
-
Detects executables manipulated with Fody 1 IoCs
Processes:
resource yara_rule sample INDICATOR_EXE_Packed_Fody -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-05-22_707dcb12658071e81c002a208de3c91e_avoslocker_revil
Files
-
2024-05-22_707dcb12658071e81c002a208de3c91e_avoslocker_revil.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.4MB - Virtual size: 6.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 101KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ