2024-05-24_8c9651454712940b97958dec6e7fba52_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_8c9651454712940b97958dec6e7fba52_avoslocker
Size

1.8MB
MD5

8c9651454712940b97958dec6e7fba52
SHA1

9b70a57ba34608491756cbaf8e5a57604d863fe2
SHA256

ee445a2278b9bc8c274cb5d800c20f9fddb925dd50cf2150cd3468011f5bf37d
SHA512

ca7254772ffcb725b948deba1627641a19ce0f86679a0464fd219e979bc948f0638e32407acbb4e9ac9f87677ac6d0681db240ac4fcf9d3b8ec0249c57180c63
SSDEEP

49152:aKeAFsZhEaI4KjDEfwRDcQAYPC8+WxNTEYsOKCmXb/EQGd2T:9FjDdDDAYPCzTVXb/MQT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_8c9651454712940b97958dec6e7fba52_avoslocker

Files

2024-05-24_8c9651454712940b97958dec6e7fba52_avoslocker
.exe windows:5 windows x86 arch:x86

afc76a8e8265f1b8dc2d9dde4c6006a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\CI\CCHyperdrive\build\x64\main\ccd-hyperdrive\build\msvs_win32\Release\x86\sym\UpdateURIHandler\UpdateURIHandler\Adobe Update Helper.pdb

Imports

kernel32

lstrcmpW
GetCurrentProcess
WaitForSingleObject
GetProcAddress
CreateProcessW
GetModuleHandleW
GetVersionExW
GetFileSize
UnmapViewOfFile
CreateFileA
CreateFileMappingW
MapViewOfFile
Sleep
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FreeLibrary
MoveFileExW
LocalFree
CloseHandle
DeleteFileW
FormatMessageW
SetFileAttributesW
GetFileAttributesW
CreateFileW
FindClose
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
FindNextFileW
SetLastError
FindFirstFileW
ReadFile
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
WriteConsoleW
GetConsoleCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetCommandLineW
GetCommandLineA
ExitProcess
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetTimeZoneInformation
GetFileType
LoadLibraryExW
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
CompareStringW
SizeofResource
GetFullPathNameW
WriteFile
LockResource
LoadResource
FindResourceW
FlushFileBuffers
GetUserDefaultLangID
GetUserDefaultUILanguage
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapFree
TerminateProcess
OpenProcess
HeapSize
CreateEventW
SetEvent
GlobalAlloc
GlobalFree
HeapReAlloc
CreateThread
ResetEvent
HeapAlloc
HeapDestroy
GetProcessHeap
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
LockFileEx
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
GetTickCount
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer

user32

GetWindowThreadProcessId
AllowSetForegroundWindow
GetShellWindow
MessageBoxW
EnumWindows

advapi32

EqualSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DuplicateTokenEx
FreeSid
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFolderLocation

ole32

CoCreateInstance
StringFromGUID2
CLSIDFromProgID
OleRun
CoCreateGuid
CoTaskMemFree
CoInitialize
CLSIDFromString
CoUninitialize

oleaut32

SysStringLen
SysFreeString
SysAllocString
GetErrorInfo
VariantClear

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetCanonicalizeUrlW

shlwapi

PathIsSystemFolderW
PathIsDirectoryW
PathFindFileNameW
PathFileExistsW
PathIsRootW
PathAppendW
PathRenameExtensionW
PathRemoveFileSpecW
PathFileExistsA
PathRemoveExtensionW
PathAddExtensionW
PathIsFileSpecW

Sections

.text
Size: 972KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

afc76a8e8265f1b8dc2d9dde4c6006a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

wininet

shlwapi

Sections

.text Size: 972KB - Virtual size: 972KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 11KB - Virtual size: 17KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 600KB - Virtual size: 604KB

.text
Size: 972KB - Virtual size: 972KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 11KB - Virtual size: 17KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 600KB - Virtual size: 604KB