General

Malware Config

Signatures

Files

• 2024-05-23_a7ba6fda3d138ab4c081c80b84705864_avoslocker

  .exe windows:6 windows x86 arch:x86

  8c3e5bf3a78b2dcffe6affe3ad2e82e7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  dbghelp

  SymInitialize

  SymFromAddr

  SymGetLineFromAddr64

  advapi32

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  CryptAcquireContextW

  CryptReleaseContext

  CryptGenRandom

  RegCreateKeyExW

  RegEnumKeyExW

  RegSetValueExW

  RegDeleteValueW

  RegEnumValueW

  RegEnumKeyW

  RegQueryInfoKeyW

  CryptAcquireContextA

  CryptGetHashParam

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptDestroyKey

  CryptImportKey

  CryptEncrypt

  SystemFunction036

  ws2_32

  WSAStartup

  gethostname

  WSAEnumNetworkEvents

  WSACleanup

  send

  WSACloseEvent

  gethostbyname

  WSACreateEvent

  WSAEventSelect

  shutdown

  WSARecvFrom

  WSARecv

  WSASocketW

  freeaddrinfo

  getaddrinfo

  ioctlsocket

  listen

  accept

  select

  __WSAFDIsSet

  WSAIoctl

  WSASetLastError

  socket

  setsockopt

  ntohs

  htons

  getsockopt

  getsockname

  getpeername

  connect

  closesocket

  bind

  WSAGetLastError

  recv

  WSAWaitForMultipleEvents

  WSAResetEvent

  shell32

  CommandLineToArgvW

  ShellExecuteA

  rpcrt4

  RpcStringFreeW

  UuidCreate

  UuidToStringW

  crypt32

  CertFreeCertificateChain

  CertGetCertificateChain

  CertFreeCertificateChainEngine

  CertCreateCertificateChainEngine

  CryptQueryObject

  CertGetNameStringA

  CertFindExtension

  CertAddCertificateContextToStore

  CryptDecodeObjectEx

  CryptStringToBinaryA

  CertFindCertificateInStore

  CertOpenStore

  PFXIsPFXBlob

  PFXImportCertStore

  CertGetCertificateContextProperty

  CertFreeCertificateContext

  CertEnumCertificatesInStore

  CertCloseStore

  kernel32

  InitializeCriticalSectionAndSpinCount

  GetCPInfo

  CompareStringEx

  GetStringTypeW

  GetLocaleInfoEx

  UnhandledExceptionFilter

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  LCMapStringEx

  DecodePointer

  EncodePointer

  IsProcessorFeaturePresent

  InitializeSListHead

  RtlUnwind

  ExitProcess

  SystemTimeToTzSpecificLocalTime

  ExitThread

  FreeLibraryAndExitThread

  GetCommandLineA

  HeapFree

  HeapAlloc

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetStdHandle

  SetStdHandle

  CreateFileW

  GetFileAttributesW

  GetFileSize

  GetLongPathNameW

  ReadFile

  SetFileAttributesW

  CloseHandle

  DuplicateHandle

  GetLastError

  SetLastError

  GetCurrentProcess

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetVersionExW

  GetModuleFileNameW

  LocalFree

  FormatMessageA

  MoveFileExW

  GetConsoleScreenBufferInfo

  GetFileSizeEx

  GetFileType

  WriteFile

  MultiByteToWideChar

  WideCharToMultiByte

  GetACP

  GetConsoleCP

  GetConsoleMode

  ReadConsoleW

  WriteConsoleW

  FlushConsoleInputBuffer

  GetFileTime

  SetFileTime

  GetOEMCP

  GetCPInfoExW

  IsDBCSLeadByteEx

  IsWow64Process

  GetModuleHandleW

  GetProcAddress

  LockFileEx

  UnlockFileEx

  FormatMessageW

  GetFileAttributesExW

  GetConsoleOutputCP

  ExpandEnvironmentStringsW

  GetVolumeInformationA

  GetSystemDirectoryA

  GetWindowsDirectoryA

  CreatePipe

  GetCommandLineW

  GetFullPathNameW

  CompareFileTime

  DeleteFileW

  FindClose

  FindFirstFileW

  GetFileInformationByHandle

  GetShortPathNameW

  RemoveDirectoryW

  DeviceIoControl

  Sleep

  CreateSymbolicLinkW

  HeapReAlloc

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetHandleInformation

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  ReleaseSemaphore

  WaitForSingleObject

  WaitForMultipleObjects

  CreateSemaphoreW

  TerminateProcess

  GetExitCodeProcess

  CreateThread

  ResumeThread

  CreateProcessW

  OpenProcess

  SetConsoleCtrlHandler

  GenerateConsoleCtrlEvent

  SetConsoleTextAttribute

  RtlCaptureStackBackTrace

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GlobalMemoryStatusEx

  GetSystemInfo

  FreeLibrary

  LoadLibraryW

  lstrcmpiW

  LoadLibraryExW

  CreateDirectoryW

  SetEndOfFile

  SetFilePointer

  LoadLibraryA

  GetTempPathW

  GetDiskFreeSpaceW

  GetDriveTypeW

  GetVolumePathNameW

  GetOverlappedResult

  CancelIo

  ResetEvent

  GetProcessHeap

  VirtualAlloc

  VirtualFree

  IsValidCodePage

  CreateFileA

  GetFileAttributesA

  PeekNamedPipe

  SearchPathA

  SetHandleInformation

  CreateProcessA

  DeleteCriticalSection

  InitializeConditionVariable

  WakeConditionVariable

  SleepConditionVariableCS

  GetTickCount

  SleepEx

  GetModuleHandleA

  GetEnvironmentVariableA

  MoveFileExA

  VerSetConditionMask

  VerifyVersionInfoW

  FlushFileBuffers

  GetFinalPathNameByHandleW

  SetFilePointerEx

  MapViewOfFile

  FlushViewOfFile

  UnmapViewOfFile

  CreateFileMappingA

  ReOpenFile

  CopyFileW

  CreateHardLinkW

  GetFileInformationByHandleEx

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  FileTimeToSystemTime

  CreateToolhelp32Snapshot

  Process32First

  Process32Next

  SetErrorMode

  CreateIoCompletionPort

  GetQueuedCompletionStatus

  PostQueuedCompletionStatus

  ConnectNamedPipe

  SetNamedPipeHandleState

  CreateNamedPipeW

  CancelIoEx

  CancelSynchronousIo

  CreateEventA

  SwitchToThread

  GetCurrentThread

  QueueUserWorkItem

  CreateNamedPipeA

  GetNamedPipeHandleStateA

  RegisterWaitForSingleObject

  UnregisterWait

  DebugBreak

  SetEvent

  GetNumberOfConsoleInputEvents

  ReadConsoleInputW

  SetConsoleCursorPosition

  WriteConsoleInputW

  UnregisterWaitEx

  CreateJobObjectW

  AssignProcessToJobObject

  SetInformationJobObject

  GetProcessAffinityMask

  SetProcessAffinityMask

  LCMapStringW

  InitializeSRWLock

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  TryEnterCriticalSection

  WakeAllConditionVariable

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetNativeSystemInfo

  CreateSemaphoreA

  ReadDirectoryChangesW

  GetStartupInfoW

  GetModuleHandleExW

  CloseThreadpoolWork

  SubmitThreadpoolWork

  CreateThreadpoolWork

  FreeLibraryWhenCallbackReturns

  InitOnceComplete

  InitOnceBeginInitialize

  SleepConditionVariableSRW

  InitializeCriticalSectionEx

  RaiseException

  GetCurrentThreadId

  WaitForSingleObjectEx

  AreFileApisANSI

  HeapSize

  GetTimeZoneInformation

  FindFirstFileExW

  FindNextFileW

  CreateEventW

  user32

  CharPrevExA

  GetMessageA

  GetSystemMetrics

  MapVirtualKeyW

  TranslateMessage

  DispatchMessageA

  ole32

  CoCreateInstance

  GetRunningObjectTable

  CreateBindCtx

  CoInitialize

  CoTaskMemFree

  CoInitializeEx

  CoUninitialize

  oleaut32

  SysAllocString

  SafeArrayDestroy

  SysFreeString

  VariantInit

  VariantClear

  Sections

  .text

  Size: 7.2MB - Virtual size: 7.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 153KB - Virtual size: 2.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 278KB - Virtual size: 277KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ