2024-05-23_0441db03f1dcd1d5f9fe8cd84f1f6786_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_0441db03f1dcd1d5f9fe8cd84f1f6786_avoslocker
Size

4.9MB
MD5

0441db03f1dcd1d5f9fe8cd84f1f6786
SHA1

97c3a6d157cd5e220edc01fc6367110733573a0a
SHA256

2f77ebd60ea1a466b7f40f576bf91100704fcd936f35920875a674eda14231f9
SHA512

2174553179590a77c7642a1ce414d27d0b50dcfc611b91b94c372cf2a82bdbc61a0899535c9696ea45444e69a7e4470defb3bbf21826cc54a0d5a791272e25a3
SSDEEP

49152:rF3N58Y5NnIFNAwYGTpujf+PD7QhXsgCYuBbIwQretqq/hAyGWv4uA2fm4GGyEWy:dP8Yrn1GpTZQre48G09fnT

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_0441db03f1dcd1d5f9fe8cd84f1f6786_avoslocker

Files

2024-05-23_0441db03f1dcd1d5f9fe8cd84f1f6786_avoslocker
.exe windows:6 windows x86 arch:x86

bc02bbee814113ffac02c69c54bedb5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA
RasGetConnectStatusA

kernel32

DecodePointer
GetStdHandle
GetFileType
SetStdHandle
GetACP
IsValidCodePage
HeapQueryInformation
HeapSize
GetCommandLineW
GetModuleHandleExW
EncodePointer
LoadLibraryExW
RtlUnwind
RaiseException
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetProcessVersion
GetDateFormatW
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
InterlockedDecrement
InterlockedIncrement
GetTimeFormatW
CompareStringW
LCMapStringW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
ReleaseMutex
CreateMutexA
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
SuspendThread
TerminateThread
CreateEventW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32EnumProcessModulesEx
OpenProcess
QueryDosDeviceW
IsBadStringPtrA
GetFileSize
FindNextFileW
FindFirstFileW
LoadLibraryW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
ReadProcessMemory
VirtualProtect
GetLocalTime
GetCurrentProcess
IsDebuggerPresent
SetFilePointer
CreateFileW
GlobalAddAtomW
GetTickCount64
GetModuleHandleW
VirtualQuery
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WriteConsoleW
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
WritePrivateProfileStringA
CreateThread
CreateEventA
ResetEvent
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
SetEnvironmentVariableW
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
GetStringTypeW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetErrorMode

user32

LoadIconW
PostThreadMessageW
GetWindowTextLengthW
GetAncestor
GetClassNameW
GetWindowTextW
GetDlgItem
RegisterWindowMessageW
UnhookWindowsHookEx
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
LoadCursorW
SetClassLongW
GetClassLongW
RemovePropW
GetPropW
ShowScrollBar
GetScrollPos
ScrollWindow
EndPaint
BeginPaint
GetWindowDC
DrawTextW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
TrackMouseEvent
SetWindowLongW
GetWindowLongW
SetPropW
CallWindowProcW
PostMessageW
SendMessageW
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
GetSysColorBrush
LoadStringA
GetDesktopWindow
GetClassNameA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
MoveWindow
RegisterClassA
GetMenuItemCount
GetMenuItemID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
ShowWindow
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
GetWindowThreadProcessId
IsWindowEnabled
EnumWindows
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
ReleaseCapture
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
FindWindowExA
SetWindowTextA
UnregisterClassA
MessageBoxW
GetWindowTextA
GetWindowTextLengthA
CharUpperA
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup

gdi32

EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
FillRgn
CreateBitmap
GetSystemPaletteEntries
CreatePen
PatBlt
CreateRectRgn
CombineRgn
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
BeginPath
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetTextMetricsA
SetPixel
CreateDIBSection
CreateRectRgnIndirect
SetBkColor
CreateFontIndirectW
LineTo
SetBkMode
MoveToEx
SetTextColor
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreateCompatibleDC
CreatePalette
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateSolidBrush

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
OleRun

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SafeArrayAccessData
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayUnaccessData

comctl32

ord17
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_Read
InitializeFlatSB
ImageList_Destroy
ImageList_GetImageCount

ws2_32

socket
htonl
bind
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
inet_addr
gethostname
ntohl
getsockname
sendto
ntohs
__WSAFDIsSet
recvfrom
ioctlsocket
connect
recv
listen
getpeername
accept

gdiplus

GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusStartup
GdipFillRectangleI
GdipCreateSolidFill

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
InternetSetOptionA
InternetCloseHandle

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseColorA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc02bbee814113ffac02c69c54bedb5c

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

gdiplus

wininet

comdlg32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 103KB - Virtual size: 294KB

.msvcjmc Size: 4KB - Virtual size: 3KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 83KB - Virtual size: 83KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 103KB - Virtual size: 294KB

.msvcjmc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 83KB - Virtual size: 83KB