2024-05-28_65bd08bd70b8ecda03c432efc0537996_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_65bd08bd70b8ecda03c432efc0537996_avoslocker
Size

3.4MB
MD5

65bd08bd70b8ecda03c432efc0537996
SHA1

19aaaa320183892a075f24a38db1e81ddd35b8d9
SHA256

5b58535c12165d5f090733d7e345bdbf6089bd16bd509e415101fd1e5059965a
SHA512

9f69afe3ca66764fc3e027f47760572266a006d9ea065469ddce28d97cb5e612c1170beca55d661b05599c13886d60240f840b4607d3cc6b8a9c025110207334
SSDEEP

98304:ARVd3EkSlNxUQbqtCRBZOLZvFLOAkGkzdnEVomFHKnP:ARrUpRBZOLZvFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-28_65bd08bd70b8ecda03c432efc0537996_avoslocker

Files

2024-05-28_65bd08bd70b8ecda03c432efc0537996_avoslocker
.exe windows:6 windows x86 arch:x86

e2b6dae586198bada2494e2accacb3f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TRM\南極星\UpdateTool\Release\UpdateTool.pdb

Imports

unrar

RAROpenArchiveEx
RARProcessFile
RARReadHeader
RARSetCallback
RARCloseArchive

kernel32

GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
LCMapStringW
GetTimeZoneInformation
GetStdHandle
QueryPerformanceFrequency
GetFileType
SetStdHandle
GetCPInfo
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
ExitProcess
RtlUnwind
OutputDebugStringW
WriteConsoleW
MultiByteToWideChar
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapQueryInformation
WideCharToMultiByte
GetLastError
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetLogicalDriveStringsW
CreateFileW
WriteFile
CloseHandle
DeleteFileW
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
ResumeThread
CreateThread
WaitForSingleObject
GetExitCodeThread
TerminateThread
Sleep
InitializeCriticalSection
GetSystemTime
RemoveDirectoryW
GetTickCount64
CopyFileW
CreateDirectoryW
CreateEventW
GetDriveTypeW
GetVolumeInformationW
SetEvent
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTempFileNameW
DuplicateHandle
GetCurrentProcess
FormatMessageW
GetStringTypeW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
FindResourceExW
GetTempPathW
GetCurrentDirectoryW
SetErrorMode
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
VerifyVersionInfoW
VerSetConditionMask
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
GetTickCount
CompareStringA
lstrcmpA
GetVersionExW
GetCurrentThread
FindNextFileW
SetThreadPriority
GetThreadLocale
lstrcmpiW
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
LocalAlloc
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
GetCurrentProcessId
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA

user32

ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
UpdateLayeredWindow
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
GetSystemMenu
IsZoomed
TrackMouseEvent
MonitorFromPoint
SetParent
LoadImageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MessageBeep
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
KillTimer
SetTimer
DeleteMenu
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
DestroyIcon
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
GetMenuItemInfoW
DestroyMenu
SendDlgItemMessageA
MapVirtualKeyW
GetKeyNameTextW
SetCursor
ShowOwnedPopups
EnumDisplayMonitors
SystemParametersInfoW
LoadCursorW
SubtractRect
SetLayeredWindowAttributes
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DrawIconEx
IsRectEmpty
OffsetRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageW
CharUpperW
GetDesktopWindow
IntersectRect
InflateRect
GetWindowThreadProcessId
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetWindowRect
RedrawWindow
GetParent
InvalidateRect
UpdateWindow
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
MonitorFromWindow
WinHelpW
HideCaret
InvertRect
DestroyCursor
GetWindowRgn
SetRectEmpty
GetClientRect
FillRect
UnregisterClassW
PostMessageW
SetForegroundWindow
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
LoadMenuW
GetSubMenu
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetScrollInfo
GetKeyState
SendMessageW
GetSysColor
IsWindow
GetCapture
GetMenu
SetMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
MessageBoxW
ScreenToClient
MapWindowPoints
CopyRect
EqualRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
EnableWindow

gdi32

CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateHatchBrush
GetMapMode
PatBlt
SetRectRgn
DPtoLP
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateBitmap
SetTextColor
SetBkColor
DeleteDC
CreateSolidBrush
DeleteObject
GetObjectW
GetStockObject
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
GetViewportExtEx
BitBlt

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueW
RegCloseKey
RegQueryValueExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
SHGetDesktopFolder
ExtractIconW
SHAppBarMessage
DragQueryFileW
ShellExecuteW
DragFinish
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathFindExtensionW
UrlUnescapeW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW

uxtheme

GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetThemeSysColor
DrawThemeParentBackground
IsAppThemed
DrawThemeText

ole32

CoRegisterClassObject
CoRevokeClassObject
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoInitialize
StringFromGUID2
CoDisconnectObject
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
StringFromCLSID
OleUninitialize
CoTaskMemFree
OleInitialize
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoFreeUnusedLibraries

oleaut32

VariantChangeType
SysStringByteLen
VariantCopy
SysStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringLen
VarBstrFromDate
VariantInit
VariantClear
SysAllocString
SysFreeString
OleCreateFontIndirect

oledlg

OleUIBusyW

gdiplus

GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePalette
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipGetImagePixelFormat
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetCheckConnectionW
InternetCrackUrlW
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCanonicalizeUrlW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2b6dae586198bada2494e2accacb3f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unrar

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

imm32

version

wininet

oleacc

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 341KB - Virtual size: 340KB

.data Size: 24KB - Virtual size: 41KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 142KB - Virtual size: 142KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 341KB - Virtual size: 340KB

.data
Size: 24KB - Virtual size: 41KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 142KB - Virtual size: 142KB