General

Malware Config

Signatures

Files

• 2024-05-23_406a3a86c943033b2d6c31b7d35f7f43_avoslocker

  .exe windows:6 windows x86 arch:x86

  b6ad1a57d22bbf807f4f4b01d8278e0e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\Jenkins\workspace\b_Advisor_WABinary_release_4.1.1@2\build\Win32\Release\SaBsi.pdb

  Imports

  kernel32

  DeviceIoControl

  LocalAlloc

  CreateFileW

  GetCurrentThreadId

  GetModuleHandleA

  GetCurrentDirectoryW

  GetProcAddress

  FreeLibrary

  FormatMessageA

  LoadLibraryExW

  GetModuleHandleW

  lstrlenW

  VerSetConditionMask

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  VerifyVersionInfoW

  GlobalAlloc

  FindResourceExW

  LoadResource

  LockResource

  SizeofResource

  FindResourceW

  GetTickCount

  DeleteFileW

  WriteFile

  LoadLibraryW

  GetEnvironmentVariableW

  GetExitCodeProcess

  CreateProcessW

  GetFileSize

  CreateFileMappingW

  MapViewOfFileEx

  UnmapViewOfFile

  SetEvent

  GetModuleHandleExW

  CreateSemaphoreW

  ReleaseSemaphore

  WaitForMultipleObjects

  SetLastError

  GetCurrentProcess

  WritePrivateProfileStructW

  TerminateProcess

  QueryFullProcessImageNameW

  K32EnumProcesses

  OpenProcess

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  WTSGetActiveConsoleSessionId

  OutputDebugStringW

  MoveFileExW

  CreateDirectoryW

  FindNextFileW

  GetFileAttributesW

  LocalFree

  FindClose

  GetLongPathNameW

  ReleaseMutex

  CreateMutexW

  GetCurrentProcessId

  GetProcessHeap

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  WritePrivateProfileStringW

  ReadConsoleW

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  ReadFile

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  GetFileSizeEx

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetTimeZoneInformation

  ExitProcess

  ExitThread

  WriteConsoleW

  GetFileType

  HeapDestroy

  GetModuleFileNameW

  WaitForSingleObject

  CloseHandle

  DecodePointer

  DeleteCriticalSection

  InitializeCriticalSectionEx

  GetLastError

  RaiseException

  GlobalFree

  MultiByteToWideChar

  CreateEventW

  WideCharToMultiByte

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  LoadLibraryExA

  GetStringTypeW

  TryEnterCriticalSection

  QueryPerformanceCounter

  InitOnceBeginInitialize

  InitOnceComplete

  FindFirstFileExW

  RemoveDirectoryW

  SetEndOfFile

  SetFilePointerEx

  AreFileApisANSI

  WaitForSingleObjectEx

  Sleep

  SwitchToThread

  GetExitCodeThread

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetCPInfo

  ResetEvent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  CreateTimerQueue

  SignalObjectAndWait

  CreateThread

  SetThreadPriority

  GetThreadPriority

  GetLogicalProcessorInformation

  CreateTimerQueueTimer

  ChangeTimerQueueTimer

  DeleteTimerQueueTimer

  GetNumaHighestNodeNumber

  GetProcessAffinityMask

  SetThreadAffinityMask

  RegisterWaitForSingleObject

  UnregisterWait

  GetCurrentThread

  GetThreadTimes

  FreeLibraryAndExitThread

  GetVersionExW

  VirtualAlloc

  VirtualFree

  DuplicateHandle

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  InterlockedFlushSList

  QueryDepthSList

  UnregisterWaitEx

  RtlUnwind

  GetStdHandle

  advapi32

  RegFlushKey

  RegQueryValueExA

  RegCreateKeyExW

  RegCloseKey

  RegSetValueExW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  GetSecurityDescriptorDacl

  SetNamedSecurityInfoW

  CryptReleaseContext

  RegQueryValueExW

  CryptGetHashParam

  RegOpenKeyExW

  CryptDestroyHash

  RegDeleteTreeW

  RegDeleteKeyValueW

  RegQueryInfoKeyW

  RegEnumValueW

  RegSetKeySecurity

  RegNotifyChangeKeyValue

  RegGetKeySecurity

  RegSetValueExA

  RegEnumKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  FreeSid

  CryptAcquireContextW

  CryptCreateHash

  CryptHashData

  shell32

  SHGetSpecialFolderPathW

  CommandLineToArgvW

  SHGetKnownFolderPath

  ole32

  StringFromCLSID

  CoCreateGuid

  StringFromGUID2

  CoTaskMemFree

  CoInitializeEx

  CLSIDFromString

  CoUninitialize

  oleaut32

  SysAllocString

  SystemTimeToVariantTime

  VariantClear

  SysFreeString

  VarUdateFromDate

  VariantTimeToSystemTime

  wintrust

  WinVerifyTrust

  shlwapi

  SHDeleteKeyW

  PathFindExtensionW

  PathFileExistsW

  StrRChrW

  crypt32

  CryptDecodeObject

  CryptMsgClose

  CryptMsgGetParam

  CertCloseStore

  CertGetSubjectCertificateFromStore

  CertFreeCertificateContext

  CertGetCertificateContextProperty

  CertGetNameStringW

  CryptQueryObject

  CertGetCertificateChain

  CertFreeCertificateChain

  CertVerifyCertificateChainPolicy

  Sections

  .text

  Size: 881KB - Virtual size: 881KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 201KB - Virtual size: 200KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 32KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 880B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 50KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .zero

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ