2024-05-23_a7ba6fda3d138ab4c081c80b84705864_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_a7ba6fda3d138ab4c081c80b84705864_avoslocker
Size

8.7MB
MD5

a7ba6fda3d138ab4c081c80b84705864
SHA1

13436a16731af9bf001e63aeb269c65814539aad
SHA256

307b3c50cfd1dd242487c950057e49fcd5f330a81f29195517d5727d4e891826
SHA512

55f8d8998053bad5d5d51e2069050c0e802a89c329adb1d95d1ac2b9cc0bef9d8b94163b6c4b9222f92e4e9b45473ce06328d041e54a904a66d6d62cc02911d9
SSDEEP

196608:jZP/KAwnfoYtiZKcQKGOEf0Dr6+0KMWjaGjRNYi4TiZNue3Y:R/KAwJtxRT+0KMWj5Nue3Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_a7ba6fda3d138ab4c081c80b84705864_avoslocker

Files

2024-05-23_a7ba6fda3d138ab4c081c80b84705864_avoslocker
.exe windows:6 windows x86 arch:x86

8c3e5bf3a78b2dcffe6affe3ad2e82e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymInitialize
SymFromAddr
SymGetLineFromAddr64

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
SystemFunction036

ws2_32

WSAStartup
gethostname
WSAEnumNetworkEvents
WSACleanup
send
WSACloseEvent
gethostbyname
WSACreateEvent
WSAEventSelect
shutdown
WSARecvFrom
WSARecv
WSASocketW
freeaddrinfo
getaddrinfo
ioctlsocket
listen
accept
select
__WSAFDIsSet
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
WSAGetLastError
recv
WSAWaitForMultipleEvents
WSAResetEvent

shell32

CommandLineToArgvW
ShellExecuteA

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
CertFindCertificateInStore
CertOpenStore
PFXIsPFXBlob
PFXImportCertStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

kernel32

InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
UnhandledExceptionFilter
IsDebuggerPresent
SetUnhandledExceptionFilter
LCMapStringEx
DecodePointer
EncodePointer
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwind
ExitProcess
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
SetStdHandle
CreateFileW
GetFileAttributesW
GetFileSize
GetLongPathNameW
ReadFile
SetFileAttributesW
CloseHandle
DuplicateHandle
GetLastError
SetLastError
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExW
GetModuleFileNameW
LocalFree
FormatMessageA
MoveFileExW
GetConsoleScreenBufferInfo
GetFileSizeEx
GetFileType
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
FlushConsoleInputBuffer
GetFileTime
SetFileTime
GetOEMCP
GetCPInfoExW
IsDBCSLeadByteEx
IsWow64Process
GetModuleHandleW
GetProcAddress
LockFileEx
UnlockFileEx
FormatMessageW
GetFileAttributesExW
GetConsoleOutputCP
ExpandEnvironmentStringsW
GetVolumeInformationA
GetSystemDirectoryA
GetWindowsDirectoryA
CreatePipe
GetCommandLineW
GetFullPathNameW
CompareFileTime
DeleteFileW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetShortPathNameW
RemoveDirectoryW
DeviceIoControl
Sleep
CreateSymbolicLinkW
HeapReAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetHandleInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
TerminateProcess
GetExitCodeProcess
CreateThread
ResumeThread
CreateProcessW
OpenProcess
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
SetConsoleTextAttribute
RtlCaptureStackBackTrace
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
FreeLibrary
LoadLibraryW
lstrcmpiW
LoadLibraryExW
CreateDirectoryW
SetEndOfFile
SetFilePointer
LoadLibraryA
GetTempPathW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
GetOverlappedResult
CancelIo
ResetEvent
GetProcessHeap
VirtualAlloc
VirtualFree
IsValidCodePage
CreateFileA
GetFileAttributesA
PeekNamedPipe
SearchPathA
SetHandleInformation
CreateProcessA
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
GetTickCount
SleepEx
GetModuleHandleA
GetEnvironmentVariableA
MoveFileExA
VerSetConditionMask
VerifyVersionInfoW
FlushFileBuffers
GetFinalPathNameByHandleW
SetFilePointerEx
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
SetErrorMode
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CancelIoEx
CancelSynchronousIo
CreateEventA
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
GetNamedPipeHandleStateA
RegisterWaitForSingleObject
UnregisterWait
DebugBreak
SetEvent
GetNumberOfConsoleInputEvents
ReadConsoleInputW
SetConsoleCursorPosition
WriteConsoleInputW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetProcessAffinityMask
SetProcessAffinityMask
LCMapStringW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
WakeAllConditionVariable
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetNativeSystemInfo
CreateSemaphoreA
ReadDirectoryChangesW
GetStartupInfoW
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
InitializeCriticalSectionEx
RaiseException
GetCurrentThreadId
WaitForSingleObjectEx
AreFileApisANSI
HeapSize
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
CreateEventW

user32

CharPrevExA
GetMessageA
GetSystemMetrics
MapVirtualKeyW
TranslateMessage
DispatchMessageA

ole32

CoCreateInstance
GetRunningObjectTable
CreateBindCtx
CoInitialize
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SafeArrayDestroy
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c3e5bf3a78b2dcffe6affe3ad2e82e7

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

advapi32

ws2_32

shell32

rpcrt4

crypt32

kernel32

user32

ole32

oleaut32

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 153KB - Virtual size: 2.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 278KB - Virtual size: 277KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 153KB - Virtual size: 2.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 278KB - Virtual size: 277KB