2024-05-23_be156042c322aca550b346eb4cf11334_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-23_be156042c322aca550b346eb4cf11334_avoslocker
Size

1.3MB
MD5

be156042c322aca550b346eb4cf11334
SHA1

06e32daf923eaf2594e025bee7d72e9914a34c4d
SHA256

d53467ffd61523ea6d4bcd19b3f5b712413ead3911b7581303a96e4a36ef6505
SHA512

a6e0717bbd0acdfcf0d738a574e7dec0caab15f093c02468099d71f870fb87e4bb90641d5ba491e61a68d6a339d811224b063c61913df7a84e13b94c3fbbfff6
SSDEEP

24576:fAg34qU5tdv/yPzmVqjdpsIc14RUEHc0lG341IPBTrLe0m:JsR/0zmVqjd6Is46E8D3pPtLe0m

Score

1^/10

Malware Config

Signatures

Files

2024-05-23_be156042c322aca550b346eb4cf11334_avoslocker
.exe windows:6 windows x86 arch:x86

e718fc662d7ae1e4c47710812fe230a7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:eb:c8:50:f2:9e:5d:fa:14:8e:36:d0:54:7f:17:9e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/02/2022, 00:00

Not After

05/02/2025, 23:59

Subject

SERIALNUMBER=215-86-68402,CN=JNESS\, Inc.,O=JNESS\, Inc.,L=Seongdong-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:fe:41:c5:6f:4a:ea:6b:5a:36:c2:fe:fb:d7:45:2b:78:62:c7:82:ce:3b:25:13:6d:ec:0a:d5:79:49:e6:df
Signer

Actual PE Digest

cf:fe:41:c5:6f:4a:ea:6b:5a:36:c2:fe:fb:d7:45:2b:78:62:c7:82:ce:3b:25:13:6d:ec:0a:d5:79:49:e6:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_MyProject\MOffice4.0\moffice_4.0_agent_win\Release\SwitchAgent.pdb

Imports

advapi32

CryptReleaseContext
LookupAccountNameW
CryptGetHashParam
InitializeAcl
InitializeSecurityDescriptor
CryptDestroyHash
CryptHashData
CryptCreateHash
SetEntriesInAclW
CryptAcquireContextW
SetFileSecurityW
SetSecurityDescriptorDacl
GetTokenInformation
CreateProcessAsUserW
OpenProcessToken
RevertToSelf
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegisterEventSourceW
DeregisterEventSource
GetLengthSid
CopySid
AllocateAndInitializeSid
FreeSid
GetEffectiveRightsFromAclW
GetNamedSecurityInfoA
GetNamedSecurityInfoW
GetSecurityInfo
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountSidA
LookupAccountNameA
RegOpenKeyExA
ImpersonateLoggedOnUser
CryptAcquireContextA
CryptGenRandom
ReportEventW

shell32

SHGetFolderPathW

kernel32

DeleteTimerQueueTimer
CreateThread
CopyFileW
GetExitCodeThread
MoveFileW
EnterCriticalSection
LeaveCriticalSection
CancelIo
GetSystemTimeAsFileTime
ReadFile
WriteFile
GetTempPathW
LocalAlloc
GetFileAttributesW
SetFileAttributesW
DeleteFileW
LocalFree
MoveFileExW
GetTempFileNameW
GetModuleFileNameW
CreateDirectoryW
GetCurrentDirectoryW
TerminateProcess
CreatePipe
Sleep
FileTimeToSystemTime
CreateProcessW
SystemTimeToTzSpecificLocalTime
GetExitCodeProcess
MultiByteToWideChar
ReleaseMutex
WideCharToMultiByte
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetDriveTypeW
SetFilePointer
DuplicateHandle
SystemTimeToFileTime
GetFileType
GetFileInformationByHandle
GetCommandLineW
FreeConsole
GetConsoleWindow
GetVersionExA
CreateFileA
CreateMutexA
InitializeCriticalSection
SetHandleInformation
GetHandleInformation
GetEnvironmentVariableW
GetDriveTypeA
ExpandEnvironmentStringsW
CreateEventA
GetOverlappedResult
DeviceIoControl
GetFileAttributesExW
FindFirstFileA
WaitForSingleObject
FindClose
InitializeCriticalSectionEx
FindNextFileW
HeapFree
FindFirstFileW
SetUnhandledExceptionFilter
GetCurrentProcessId
GetWindowsDirectoryW
GetLocalTime
GetCurrentThreadId
CreateFileW
GetCurrentProcess
LoadLibraryA
LockFile
WriteConsoleW
SetEndOfFile
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OutputDebugStringW
GetLastError
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateNamedPipeA
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
GetStdHandle
ExitProcess
PeekNamedPipe
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
LockFileEx
UnlockFile
UnlockFileEx
HeapSize
FormatMessageW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
FormatMessageA
GetStringTypeW
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceFrequency
EncodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
RtlUnwind

user32

ShowWindow
FindWindowW

dbghelp

MiniDumpWriteDump

gdiplus

GdiplusStartup
GdiplusShutdown

ws2_32

recv
inet_addr
connect
send
WSAStartup
WSACleanup
ntohl
getpeername
getsockname
htons
ntohs
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
__WSAFDIsSet
accept
bind
setsockopt
closesocket
getsockopt
listen
select
shutdown
socket
sendto
WSASend
ioctlsocket

Sections

.text
Size: 995KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e718fc662d7ae1e4c47710812fe230a7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:eb:c8:50:f2:9e:5d:fa:14:8e:36:d0:54:7f:17:9eCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cf:fe:41:c5:6f:4a:ea:6b:5a:36:c2:fe:fb:d7:45:2b:78:62:c7:82:ce:3b:25:13:6d:ec:0a:d5:79:49:e6:dfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

kernel32

user32

dbghelp

gdiplus

ws2_32

Sections

.text Size: 995KB - Virtual size: 994KB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 30KB - Virtual size: 38KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 62KB - Virtual size: 62KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:eb:c8:50:f2:9e:5d:fa:14:8e:36:d0:54:7f:17:9e
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cf:fe:41:c5:6f:4a:ea:6b:5a:36:c2:fe:fb:d7:45:2b:78:62:c7:82:ce:3b:25:13:6d:ec:0a:d5:79:49:e6:df
Signer

.text
Size: 995KB - Virtual size: 994KB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 30KB - Virtual size: 38KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 62KB - Virtual size: 62KB