2024-05-23_49d0d29f68cd7a860be1e78fd656b9c1_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_49d0d29f68cd7a860be1e78fd656b9c1_avoslocker
Size

9.1MB
MD5

49d0d29f68cd7a860be1e78fd656b9c1
SHA1

8dd581b620dff22c8bd1e847854325653e573bd6
SHA256

bc3b4d4449ea7607c4c6a068f9590303a334e3566691d95407c500ff2727a1ec
SHA512

c593acd19b4f65c5f49c09412116f321c73756680fe177f79b81e870b0a454976dc45308da819eca31dacc3d97d6292c1e0460166be40b93fbe25cf2cfbd7e1f
SSDEEP

196608:rLno2R4+m8+VEiPGMoQolWCeLUyBgNTcazbdZOvf/:nnofHAQvxK4a3fOv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-23_49d0d29f68cd7a860be1e78fd656b9c1_avoslocker

Files

2024-05-23_49d0d29f68cd7a860be1e78fd656b9c1_avoslocker
.exe windows:6 windows x86 arch:x86

3fa8f4c84c81e2ab6d91566bed77b600

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\多开器\倩女幽魂手游桌面版多开器\Release\Client.pdb

Imports

kernel32

FindResourceExW
SearchPathW
GetProfileIntW
GetTempFileNameW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
VerifyVersionInfoW
GetSystemDefaultUILanguage
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
GetFileType
SetStdHandle
GetSystemInfo
QueryPerformanceFrequency
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
GetTimeZoneInformation
RtlUnwind
GetCPInfo
GetStringTypeW
OutputDebugStringW
GetTickCount64
VerSetConditionMask
GlobalFlags
GetLocaleInfoW
GetCurrentDirectoryW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
CompareStringW
GetUserDefaultUILanguage
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
GlobalDeleteAtom
GetVersionExW
lstrcmpA
CopyFileW
FormatMessageW
GlobalSize
GetThreadLocale
lstrcmpiW
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
DeleteFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
LoadLibraryExW
VirtualQuery
GetCurrentThread
GetCurrentThreadId
VirtualAlloc
VirtualProtect
GetExitCodeProcess
VirtualQueryEx
IsWow64Process
CreateProcessW
ExitProcess
VirtualProtectEx
SetLastError
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
SetThreadPriority
GlobalMemoryStatusEx
WinExec
lstrlenW
GetWindowsDirectoryW
MulDiv
GetExitCodeThread
WriteFile
AssignProcessToJobObject
CreateJobObjectW
ReadProcessMemory
Module32NextW
Module32FirstW
GetProcessId
GetNativeSystemInfo
GetFileAttributesW
LocalFree
LocalAlloc
DeviceIoControl
CreateFileW
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DuplicateHandle
OpenProcess
GetModuleHandleW
GetCurrentProcess
GetSystemTimes
lstrcmpW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
FreeLibrary
SetEvent
CreateEventW
GetProcAddress
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
Sleep
GetCurrentProcessId
CloseHandle
GetLastError
CreateMutexW
ResumeThread
CreateThread
lstrcatA
GetTempPathA
lstrcatW
GetTempPathW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
WriteConsoleW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CopyImage
ReleaseCapture
SetCapture
WaitMessage
GetSysColorBrush
IntersectRect
WindowFromPoint
LoadMenuW
DrawStateW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
OffsetRect
SetRectEmpty
SendDlgItemMessageA
FillRect
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
RegisterWindowMessageW
CopyRect
MapVirtualKeyW
GetKeyNameTextW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetLastActivePopup
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
GetDlgCtrlID
DeleteMenu
RealChildWindowFromPoint
CharNextW
EmptyClipboard
MessageBoxW
SetForegroundWindow
SetActiveWindow
SendMessageW
CheckDlgButton
GetDlgItem
MoveWindow
ShowWindow
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
CopyAcceleratorTableW
InvalidateRgn
SetRect
IsRectEmpty
GetNextDlgGroupItem
DestroyIcon
GetAsyncKeyState
TrackMouseEvent
LoadImageW
SetLayeredWindowAttributes
EnumDisplayMonitors
IsZoomed
SetWindowRgn
NotifyWinEvent
GetSubMenu
GetMenuState
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuW
PostQuitMessage
SetWindowLongW
LoadBitmapW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetDC
ReleaseDC
wsprintfW
GetParent
IsWindowVisible
GetWindowThreadProcessId
PostMessageW
EnumWindows
SetTimer
KillTimer
UpdateWindow
InvalidateRect
GetDesktopWindow
MessageBeep
GetMessagePos
ScreenToClient
PtInRect
SetCursor
GetSysColor
IsWindow
GetWindowRect
InflateRect
LoadCursorW
CopyIcon
UnregisterClassW
CharUpperW
GetMenuStringW
SetClassLongW
SetClipboardData
SetParent
DrawEdge
DrawFrameControl
SetCursorPos
FrameRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
CharUpperBuffW
ModifyMenuW
PostThreadMessageW
GetComboBoxInfo
IsCharLowerW
MapVirtualKeyExW
GetDoubleClickTime
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
DestroyCursor
GetWindowRgn
CloseClipboard
OpenClipboard
InvertRect
HideCaret
GetIconInfo
DrawIconEx
DrawFocusRect
RegisterClipboardFormatW
ReuseDDElParam
UnpackDDElParam
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateSolidBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgn
GetMapMode
SetRectRgn
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
LPtoDP
OffsetRgn
Rectangle
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
SetTextColor
SetBkColor
PatBlt
CreateRectRgnIndirect
CreateBitmap
CreateDCW
CopyMetaFileW
DeleteDC
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
GetDeviceCaps
StretchBlt
GetObjectW
CombineRgn
SelectObject
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegOpenKeyExW

shell32

SHGetKnownFolderPath
ShellExecuteW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderW
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW

uxtheme

IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeText
DrawThemeParentBackground
GetThemePartSize
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
GetThemeSysColor

ole32

CoInitializeEx
OleIsCurrentClipboard
DoDragDrop
OleFlushClipboard
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleInitialize
CoFreeUnusedLibraries
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoRevokeClassObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
OleUninitialize
CreateILockBytesOnHGlobal

oleaut32

VarBstrFromDate
VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipDrawImageRectI

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

ioctlsocket
closesocket
htons
socket
WSACleanup
WSAStartup
recv
send
connect
select
WSAGetLastError
setsockopt
inet_addr

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmps0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmps1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fa8f4c84c81e2ab6d91566bed77b600

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

version

ws2_32

oleacc

imm32

winmm

wtsapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 362KB - Virtual size: 362KB

.data Size: 24KB - Virtual size: 46KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.vmps0 Size: 3.4MB - Virtual size: 3.4MB

.vmps1 Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 153KB - Virtual size: 153KB

.rsrc Size: 872KB - Virtual size: 872KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 362KB - Virtual size: 362KB

.data
Size: 24KB - Virtual size: 46KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.vmps0
Size: 3.4MB - Virtual size: 3.4MB

.vmps1
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 153KB - Virtual size: 153KB

.rsrc
Size: 872KB - Virtual size: 872KB