2024-05-27_8bfa9a5ed9d4b11a65feb257a3d7d090_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_8bfa9a5ed9d4b11a65feb257a3d7d090_avoslocker
Size

7.3MB
MD5

8bfa9a5ed9d4b11a65feb257a3d7d090
SHA1

03188382a9f9dc2918215386922e56df53217b10
SHA256

f6944599c414cf5d9aef8efbbfd9cb5cff79ca90d4965e0a8ffde0540401d2e6
SHA512

f522af4545834519621010f7c18c104642a6b56bfd3319fc5df8671c287b6d8fde9a907d1f3b00f7a7af45a7ba59c833ea96465ac21ddd12136e31d8d17c501f
SSDEEP

196608:RU1SZXkAG/IO/Uaf/SYP5zM4XdLfyqiuvqO:usZXkABO/UgSYP5yqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_8bfa9a5ed9d4b11a65feb257a3d7d090_avoslocker

Files

2024-05-27_8bfa9a5ed9d4b11a65feb257a3d7d090_avoslocker
.exe windows:6 windows x86 arch:x86

ee27c9d9cda254b6698776416f44f78d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymInitialize
SymFromAddr
SymGetLineFromAddr64

advapi32

SystemFunction036
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyW
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

ws2_32

recv
closesocket
send
WSAGetLastError
gethostname
WSACleanup
gethostbyname
WSAStartup
bind
WSASend
WSADuplicateSocketW
shutdown
WSARecvFrom
WSARecv
WSASocketW
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect

shell32

CommandLineToArgvW
ShellExecuteA

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
CertFindCertificateInStore
CertOpenStore
PFXIsPFXBlob
PFXImportCertStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

kernel32

SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetLogicalProcessorInformation
FreeLibraryAndExitThread
SetThreadPriority
SignalObjectAndWait
CreateTimerQueueTimer
GetThreadTimes
CreateTimerQueue
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
SystemTimeToTzSpecificLocalTime
ExitThread
ExitProcess
FindFirstFileExW
GetCommandLineA
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
GetThreadPriority
GetStdHandle
GetFileSizeEx
GetFileType
ReadFile
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
FlushConsoleInputBuffer
SetStdHandle
CreateFileW
GetFileAttributesW
GetFileSize
SetFileAttributesW
CloseHandle
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
LocalFree
FormatMessageA
MoveFileExW
GetConsoleScreenBufferInfo
GetFileAttributesExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetOEMCP
GetCPInfoExW
IsDBCSLeadByteEx
GetVersionExW
IsWow64Process
LockFileEx
UnlockFileEx
CreatePipe
GetConsoleOutputCP
FormatMessageW
GetFileTime
SetFileTime
GetVolumeInformationA
GetSystemDirectoryA
GetWindowsDirectoryA
ExpandEnvironmentStringsW
CompareFileTime
DeleteFileW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetFullPathNameW
GetShortPathNameW
RemoveDirectoryW
SetLastError
DeviceIoControl
Sleep
GetModuleHandleW
GetProcAddress
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeZoneInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
TerminateProcess
GetExitCodeProcess
CreateThread
ResumeThread
CreateProcessW
OpenProcess
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
SetConsoleTextAttribute
FreeLibrary
LoadLibraryExW
RtlCaptureStackBackTrace
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
LoadLibraryW
lstrcmpiW
CreateDirectoryW
SetEndOfFile
SetFilePointer
LoadLibraryA
GetTempPathW
FindNextFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
HeapReAlloc
CancelIo
ResetEvent
CreateEventW
VirtualAlloc
VirtualFree
IsValidCodePage
CreateFileA
GetFileAttributesA
PeekNamedPipe
SearchPathA
SetHandleInformation
CreateProcessA
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoA
GetTickCount
MoveFileExA
GetEnvironmentVariableA
FlushFileBuffers
GetFinalPathNameByHandleW
SetFilePointerEx
FlushViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
SetErrorMode
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CancelIoEx
CancelSynchronousIo
DeleteCriticalSection
CreateEventA
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
GetNamedPipeHandleStateA
RegisterWaitForSingleObject
UnregisterWait
GetStartupInfoW
DebugBreak
SetEvent
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleInputW
GetEnvironmentVariableW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetProcessAffinityMask
SetProcessAffinityMask
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreA
GetLongPathNameW
ReadDirectoryChangesW
SetFileCompletionNotificationModes
GetProcessHeap
GetCPInfo
GetStringTypeW
GetLocaleInfoW
CompareStringW
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetExitCodeThread
WaitForSingleObjectEx
IsProcessorFeaturePresent
HeapSize
EnumSystemLocalesW
GetCurrentThreadId
GetHandleInformation
GetOverlappedResult
GetModuleHandleExW
RaiseException

user32

DispatchMessageA
CharPrevExA
WaitForInputIdle
GetMessageA
TranslateMessage
MapVirtualKeyW
GetSystemMetrics

ole32

CoCreateInstance
GetRunningObjectTable
CreateBindCtx
CoInitialize
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SafeArrayDestroy
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 943KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee27c9d9cda254b6698776416f44f78d

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

advapi32

ws2_32

shell32

crypt32

kernel32

user32

ole32

oleaut32

Sections

.text Size: 6.0MB - Virtual size: 6.0MB

.rdata Size: 943KB - Virtual size: 943KB

.data Size: 88KB - Virtual size: 2.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 240KB - Virtual size: 239KB

.text
Size: 6.0MB - Virtual size: 6.0MB

.rdata
Size: 943KB - Virtual size: 943KB

.data
Size: 88KB - Virtual size: 2.6MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 240KB - Virtual size: 239KB