2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber
Size

8.3MB
MD5

430ab8ee36c9dcbee1be84b6b87e9c83
SHA1

9c14423e5b70db0814e3818088efc99a6928f4fb
SHA256

ec741e3901dc0eb0e1ac3ac87e245581804610d9a8f920cc5643859ba0cd11ab
SHA512

b9a307832b4f87542444f2a6e6732e8150ed47ac1e037cce9d73e1b4a62696638f8bd9e39b1060713cff6617680b88c755e5e28c52f4bf1dc8bf7ede094616b4
SSDEEP

98304:es5LohbYG+cNttOO23A1Q6PKU74G9IvJLAX68i0uCt9pSMpBdWzVXb/MQT:gbnttO294G9IvJLgiox8VYw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber

Files

2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber
.exe windows:5 windows x86 arch:x86

1db03ef829f2b875f24406e682d5a018

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\CI\CCHyperdrive\build\x64\main\ccd-hyperdrive\build\msvs_win32\Release\x86\sym\HDBootStrapper\HDBootStrapper\Set-up.pdb

Imports

kernel32

LCMapStringW
GetCurrentProcessId
GetUserDefaultLangID
GetUserDefaultUILanguage
OpenMutexW
SetWaitableTimer
CreateWaitableTimerW
WaitForMultipleObjects
CancelWaitableTimer
CreateEventW
SetEvent
ResetEvent
GetOverlappedResult
ReadDirectoryChangesW
GetFileSizeEx
GetLocalTime
GetTimeFormatW
GetDateFormatW
ExpandEnvironmentStringsW
DeviceIoControl
GetComputerNameExW
FileTimeToSystemTime
GetNativeSystemInfo
GetWindowsDirectoryW
InitializeCriticalSection
GetLocaleInfoA
EnumSystemLocalesW
GetACP
GetSystemDirectoryW
ReleaseMutex
CreateMutexW
GetConsoleWindow
FreeConsole
AttachConsole
GetStdHandle
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
WideCharToMultiByte
FreeLibrary
LoadLibraryW
Process32FirstW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
IsValidLocale
WriteConsoleW
ExitProcess
ExitThread
SetStdHandle
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetUserDefaultLCID
Process32NextW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
MapViewOfFile
CreateFileMappingW
CreateFileA
UnmapViewOfFile
GetFullPathNameW
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetProcAddress
WaitForSingleObject
GetCurrentProcess
GetDriveTypeW
lstrcmpW
lstrcmpiW
CopyFileW
GetFileSize
MoveFileExW
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
CloseHandle
DeleteFileW
GetDiskFreeSpaceExW
GetLastError
FormatMessageW
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
CompareStringW
GetCPInfo
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
GetStringTypeW
SetThreadPriority
ResumeThread
SetFilePointerEx
VirtualAlloc
VirtualFree
GetTimeZoneInformation
ConnectNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
QueryFullProcessImageNameW
lstrcpyW
GetVersionExW
LoadLibraryA
FindResourceExW
TerminateThread
ProcessIdToSessionId
DuplicateHandle
CreateThread
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetThreadTimes
QueryPerformanceFrequency
CreateSemaphoreW
OpenSemaphoreW
ReleaseSemaphore
CreateDirectoryW
TryEnterCriticalSection
GetTickCount
QueryPerformanceCounter
FormatMessageA
GetSystemTimeAsFileTime
LockFileEx
CreateFileMappingA
UnlockFile
ReadFile
HeapCompact
GetSystemInfo
DeleteFileA
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
FlushFileBuffers
GetSystemTime
SystemTimeToFileTime
WriteFile
GetFileAttributesExW
SetDllDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateFileW
LocalAlloc
FindClose
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
lstrlenW
FindNextFileW
SetLastError
FindFirstFileW
VirtualProtect

user32

RegisterWindowMessageW
GetParent
GetClassInfoExW
PostQuitMessage
GetDlgItem
GetClientRect
SetWindowLongW
SetCapture
GetClassNameW
LoadCursorW
TranslateMessage
TranslateAcceleratorW
BringWindowToTop
SetClassLongW
AppendMenuW
GetClassLongW
AllowSetForegroundWindow
GetShellWindow
EnumWindows
GetSystemMenu
LoadIconW
EnableMenuItem
SystemParametersInfoW
LoadImageW
PostThreadMessageW
wsprintfW
CharNextW
SetForegroundWindow
CreateAcceleratorTableW
MoveWindow
GetForegroundWindow
GetSysColor
AttachThreadInput
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
SetWindowPos
DispatchMessageW
InvalidateRgn
MessageBoxW
SendMessageW
IsWindow
ShowWindow
GetActiveWindow
RegisterClassExW
SetWindowTextW
ScreenToClient
GetDC
GetWindowRect
GetWindowTextW
EndPaint
BeginPaint
IsIconic
CreateWindowExW
ReleaseCapture
SetFocus
FillRect
DestroyWindow
GetFocus
GetWindow
UnregisterClassW
PostMessageW
CallWindowProcW
DefWindowProcW
GetDesktopWindow
GetMessageW
ReleaseDC
InvalidateRect
GetWindowTextLengthW
GetSystemMetrics
GetAsyncKeyState
GetWindowLongW
GetWindowThreadProcessId

gdi32

CreateSolidBrush
DeleteObject
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
GetObjectW
GetDeviceCaps

advapi32

CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
RevertToSelf
ConvertStringSidToSidW
ImpersonateLoggedOnUser
ConvertSidToStringSidW
DuplicateTokenEx
EqualSid
LookupAccountSidW
CryptReleaseContext
RegQueryValueExA
RegDeleteKeyExW
RegEnumValueW
GetUserNameW
CredWriteW
CredReadW
CredEnumerateW
CredFree
CredDeleteW
RegCloseKey
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
CryptCreateHash

shell32

SHGetPathFromIDListW
SHGetFolderLocation
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetMalloc
ord680
SHGetSpecialFolderLocation
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath
SHCreateDirectoryExW
ord51
SHBrowseForFolderW

ole32

CLSIDFromString
OleLockRunning
OleInitialize
CoUninitialize
OleRun
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx
CoSetProxyBlanket
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoInitialize
CoTaskMemFree
CLSIDFromProgID

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantCopy
DispCallFunc
GetErrorInfo
SysFreeString
LoadRegTypeLi
VariantInit
LoadTypeLi
OleCreateFontIndirect
SysAllocString
VariantClear
VariantChangeType
SysStringLen
SysAllocStringLen

iphlpapi

GetAdaptersAddresses

winhttp

WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpQueryOption
WinHttpOpen
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCrackUrl

wininet

InternetCanonicalizeUrlW

bcrypt

BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyHash
BCryptEncrypt
BCryptDecrypt
BCryptDestroyKey

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

credui

CredUnPackAuthenticationBufferW
CredUIPromptForWindowsCredentialsW

shlwapi

PathFileExistsW
PathFindFileNameW
PathIsRelativeW
PathIsUNCW
PathStripPathW
PathIsRootW
PathAddBackslashW
PathStripToRootW
UrlIsW
SHGetValueW
PathIsSystemFolderW
PathFileExistsA
PathAppendW
PathIsFileSpecW
PathAddExtensionW
PathRemoveExtensionW
UrlEscapeW
PathIsNetworkPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathRenameExtensionW
PathRemoveBackslashW

crypt32

CryptProtectData
CryptUnprotectData
CryptStringToBinaryW
CertOpenStore
CertGetIssuerCertificateFromStore
CertCloseStore
CertAddCertificateContextToStore
CertVerifySubjectCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptImportPublicKeyInfoEx2
CryptHashCertificate2
CertCreateCertificateContext
CertFreeCertificateContext

ws2_32

WSAStartup
WSACleanup
getnameinfo

secur32

GetUserNameExW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

msi

ord70
ord113

comctl32

InitCommonControlsEx

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1003KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 804KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1db03ef829f2b875f24406e682d5a018

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

winhttp

wininet

bcrypt

version

wtsapi32

credui

shlwapi

crypt32

ws2_32

secur32

wintrust

msi

comctl32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1003KB - Virtual size: 1002KB

.data Size: 157KB - Virtual size: 186KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 804KB - Virtual size: 808KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1003KB - Virtual size: 1002KB

.data
Size: 157KB - Virtual size: 186KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 804KB - Virtual size: 808KB