D:\jenkins\CI\CCHyperdrive\build\x64\main\ccd-hyperdrive\build\msvs_win32\Release\x86\sym\HDBootStrapper\HDBootStrapper\Set-up.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber.exe
Resource
win7-20240221-en
General
-
Target
2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber
-
Size
8.3MB
-
MD5
430ab8ee36c9dcbee1be84b6b87e9c83
-
SHA1
9c14423e5b70db0814e3818088efc99a6928f4fb
-
SHA256
ec741e3901dc0eb0e1ac3ac87e245581804610d9a8f920cc5643859ba0cd11ab
-
SHA512
b9a307832b4f87542444f2a6e6732e8150ed47ac1e037cce9d73e1b4a62696638f8bd9e39b1060713cff6617680b88c755e5e28c52f4bf1dc8bf7ede094616b4
-
SSDEEP
98304:es5LohbYG+cNttOO23A1Q6PKU74G9IvJLAX68i0uCt9pSMpBdWzVXb/MQT:gbnttO294G9IvJLgiox8VYw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber
Files
-
2024-05-24_430ab8ee36c9dcbee1be84b6b87e9c83_avoslocker_magniber.exe windows:5 windows x86 arch:x86
1db03ef829f2b875f24406e682d5a018
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LCMapStringW
GetCurrentProcessId
GetUserDefaultLangID
GetUserDefaultUILanguage
OpenMutexW
SetWaitableTimer
CreateWaitableTimerW
WaitForMultipleObjects
CancelWaitableTimer
CreateEventW
SetEvent
ResetEvent
GetOverlappedResult
ReadDirectoryChangesW
GetFileSizeEx
GetLocalTime
GetTimeFormatW
GetDateFormatW
ExpandEnvironmentStringsW
DeviceIoControl
GetComputerNameExW
FileTimeToSystemTime
GetNativeSystemInfo
GetWindowsDirectoryW
InitializeCriticalSection
GetLocaleInfoA
EnumSystemLocalesW
GetACP
GetSystemDirectoryW
ReleaseMutex
CreateMutexW
GetConsoleWindow
FreeConsole
AttachConsole
GetStdHandle
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
WideCharToMultiByte
FreeLibrary
LoadLibraryW
Process32FirstW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
IsValidLocale
WriteConsoleW
ExitProcess
ExitThread
SetStdHandle
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetUserDefaultLCID
Process32NextW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
MapViewOfFile
CreateFileMappingW
CreateFileA
UnmapViewOfFile
GetFullPathNameW
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetProcAddress
WaitForSingleObject
GetCurrentProcess
GetDriveTypeW
lstrcmpW
lstrcmpiW
CopyFileW
GetFileSize
MoveFileExW
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
CloseHandle
DeleteFileW
GetDiskFreeSpaceExW
GetLastError
FormatMessageW
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
CompareStringW
GetCPInfo
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
GetStringTypeW
SetThreadPriority
ResumeThread
SetFilePointerEx
VirtualAlloc
VirtualFree
GetTimeZoneInformation
ConnectNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
QueryFullProcessImageNameW
lstrcpyW
GetVersionExW
LoadLibraryA
FindResourceExW
TerminateThread
ProcessIdToSessionId
DuplicateHandle
CreateThread
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetThreadTimes
QueryPerformanceFrequency
CreateSemaphoreW
OpenSemaphoreW
ReleaseSemaphore
CreateDirectoryW
TryEnterCriticalSection
GetTickCount
QueryPerformanceCounter
FormatMessageA
GetSystemTimeAsFileTime
LockFileEx
CreateFileMappingA
UnlockFile
ReadFile
HeapCompact
GetSystemInfo
DeleteFileA
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
FlushFileBuffers
GetSystemTime
SystemTimeToFileTime
WriteFile
GetFileAttributesExW
SetDllDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateFileW
LocalAlloc
FindClose
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
lstrlenW
FindNextFileW
SetLastError
FindFirstFileW
VirtualProtect
user32
RegisterWindowMessageW
GetParent
GetClassInfoExW
PostQuitMessage
GetDlgItem
GetClientRect
SetWindowLongW
SetCapture
GetClassNameW
LoadCursorW
TranslateMessage
TranslateAcceleratorW
BringWindowToTop
SetClassLongW
AppendMenuW
GetClassLongW
AllowSetForegroundWindow
GetShellWindow
EnumWindows
GetSystemMenu
LoadIconW
EnableMenuItem
SystemParametersInfoW
LoadImageW
PostThreadMessageW
wsprintfW
CharNextW
SetForegroundWindow
CreateAcceleratorTableW
MoveWindow
GetForegroundWindow
GetSysColor
AttachThreadInput
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
SetWindowPos
DispatchMessageW
InvalidateRgn
MessageBoxW
SendMessageW
IsWindow
ShowWindow
GetActiveWindow
RegisterClassExW
SetWindowTextW
ScreenToClient
GetDC
GetWindowRect
GetWindowTextW
EndPaint
BeginPaint
IsIconic
CreateWindowExW
ReleaseCapture
SetFocus
FillRect
DestroyWindow
GetFocus
GetWindow
UnregisterClassW
PostMessageW
CallWindowProcW
DefWindowProcW
GetDesktopWindow
GetMessageW
ReleaseDC
InvalidateRect
GetWindowTextLengthW
GetSystemMetrics
GetAsyncKeyState
GetWindowLongW
GetWindowThreadProcessId
gdi32
CreateSolidBrush
DeleteObject
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
GetObjectW
GetDeviceCaps
advapi32
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
RevertToSelf
ConvertStringSidToSidW
ImpersonateLoggedOnUser
ConvertSidToStringSidW
DuplicateTokenEx
EqualSid
LookupAccountSidW
CryptReleaseContext
RegQueryValueExA
RegDeleteKeyExW
RegEnumValueW
GetUserNameW
CredWriteW
CredReadW
CredEnumerateW
CredFree
CredDeleteW
RegCloseKey
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
CryptCreateHash
shell32
SHGetPathFromIDListW
SHGetFolderLocation
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetMalloc
ord680
SHGetSpecialFolderLocation
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath
SHCreateDirectoryExW
ord51
SHBrowseForFolderW
ole32
CLSIDFromString
OleLockRunning
OleInitialize
CoUninitialize
OleRun
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx
CoSetProxyBlanket
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoInitialize
CoTaskMemFree
CLSIDFromProgID
oleaut32
SysAllocStringByteLen
SysStringByteLen
VariantCopy
DispCallFunc
GetErrorInfo
SysFreeString
LoadRegTypeLi
VariantInit
LoadTypeLi
OleCreateFontIndirect
SysAllocString
VariantClear
VariantChangeType
SysStringLen
SysAllocStringLen
iphlpapi
GetAdaptersAddresses
winhttp
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpQueryOption
WinHttpOpen
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCrackUrl
wininet
InternetCanonicalizeUrlW
bcrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyHash
BCryptEncrypt
BCryptDecrypt
BCryptDestroyKey
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wtsapi32
WTSEnumerateSessionsW
WTSFreeMemory
credui
CredUnPackAuthenticationBufferW
CredUIPromptForWindowsCredentialsW
shlwapi
PathFileExistsW
PathFindFileNameW
PathIsRelativeW
PathIsUNCW
PathStripPathW
PathIsRootW
PathAddBackslashW
PathStripToRootW
UrlIsW
SHGetValueW
PathIsSystemFolderW
PathFileExistsA
PathAppendW
PathIsFileSpecW
PathAddExtensionW
PathRemoveExtensionW
UrlEscapeW
PathIsNetworkPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathRenameExtensionW
PathRemoveBackslashW
crypt32
CryptProtectData
CryptUnprotectData
CryptStringToBinaryW
CertOpenStore
CertGetIssuerCertificateFromStore
CertCloseStore
CertAddCertificateContextToStore
CertVerifySubjectCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptImportPublicKeyInfoEx2
CryptHashCertificate2
CertCreateCertificateContext
CertFreeCertificateContext
ws2_32
WSAStartup
WSACleanup
getnameinfo
secur32
GetUserNameExW
wintrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
msi
ord70
ord113
comctl32
InitCommonControlsEx
Sections
.text Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1003KB - Virtual size: 1002KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 157KB - Virtual size: 186KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 804KB - Virtual size: 808KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE