2024-05-29_1888b9d6fd4e2d22b64f8c06fd2cad28_avoslocker_floxif

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-29_1888b9d6fd4e2d22b64f8c06fd2cad28_avoslocker_floxif
Size

1.5MB
MD5

1888b9d6fd4e2d22b64f8c06fd2cad28
SHA1

bbee6c86c1a52c3d2f8ee987640666984da970fb
SHA256

23cfd5b31b7225c5d475c23c2af24b9381ffcd58f2a7746546febf27098e2eee
SHA512

d5adf33acfbbe3363abb3171ad973d93616e2dd809fc43524d32463ba4fe4ae62463ba675276ff3b5ce6262ff361ca7d87816da519c03702c6b3ae40f3f7b7ea
SSDEEP

24576:jIqz/zQGmr177GLhm7E1HEiI669XNW45RdrTQKXZ242gzk8lEOusoNrEH7M:Krh7GLhm7E1n69dW45brjIn8fusoD

Score

1^/10

Malware Config

Signatures

Files

2024-05-29_1888b9d6fd4e2d22b64f8c06fd2cad28_avoslocker_floxif
.exe windows:6 windows x86 arch:x86

5d2f7b01308e94c361a46be0512f190e

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:dc:12:4e:a4:a8:32:96:01:ad:08:d3:13:2b:c2:41:2e:9b:d7:e7:c0:26:28:19:a1:c5:bd:1c:17:14:32:e8
Signer

Actual PE Digest

11:dc:12:4e:a4:a8:32:96:01:ad:08:d3:13:2b:c2:41:2e:9b:d7:e7:c0:26:28:19:a1:c5:bd:1c:17:14:32:e8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\exe\Win32\Release\WinObj.pdb

Imports

kernel32

SetFilePointer
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
LoadLibraryExA
FileTimeToLocalFileTime
QueryInformationJobObject
FileTimeToSystemTime
CreateDirectoryW
MulDiv
lstrcmpW
FreeResource
FormatMessageW
DecodePointer
GetTickCount64
GetCurrentProcessId
lstrcmpiW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
DebugBreak
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
WideCharToMultiByte
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
MultiByteToWideChar
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
OutputDebugStringW
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
LoadLibraryW
GetModuleFileNameW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
GetFileSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
WriteConsoleW
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GetFileAttributesW
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
GetConsoleMode
SetLastError

user32

CreatePopupMenu
LoadAcceleratorsW
GetCapture
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
DrawEdge
RegisterWindowMessageW
LoadStringA
EnableMenuItem
GetCursorPos
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
MonitorFromPoint
GetMenuItemID
LockWindowUpdate
GetMenuItemInfoW
ModifyMenuW
SetCursorPos
GetMenuItemCount
GetSubMenu
GetMenuStringW
SetMenu
GetMenu
LoadMenuW
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
GetWindowThreadProcessId
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetIconInfo
SetMenuItemInfoW
DestroyMenu
AppendMenuW
RemoveMenu
SetMenuDefaultItem
UnhookWindowsHookEx
MessageBeep
CheckMenuRadioItem
SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
SetCursor
GetSysColorBrush
WindowFromPoint
InsertMenuW
SetRectEmpty
LoadImageW
CheckDlgButton
SetDlgItemInt
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
EnableWindow
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
SetWindowsHookExW
InflateRect
LoadCursorW
OpenClipboard
CloseClipboard
DialogBoxParamW
SystemParametersInfoW
SetClipboardData
EmptyClipboard
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
GetClassNameW
SetClassLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
DrawIconEx
GetParent
SetWindowLongW
GetWindowLongW
GetSysColor
GetClientRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
EndPaint
BeginPaint
DrawTextW
KillTimer
SetTimer
GetFocus
SetFocus
CreateWindowExW

gdi32

SetBrushOrgEx
PatBlt
ExcludeClipRect
CreatePatternBrush
CreateBitmap
CreateDIBSection
GetCurrentObject
SetViewportOrgEx
Polyline
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
ExtTextOutW
GetObjectW
SetTextColor
SetBkMode
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateFontIndirectW
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps

comdlg32

PrintDlgW
ChooseFontW

advapi32

RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetKernelObjectSecurity
MapGenericMask
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW

shell32

SHGetStockIconInfo
ShellExecuteW
ExtractIconExW
SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_Duplicate
ImageList_GetIcon
InitCommonControlsEx
ImageList_Draw
ImageList_Destroy

uxtheme

SetWindowTheme
IsThemeActive
IsAppThemed

msimg32

GradientFill

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

aclui

ord1

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d2f7b01308e94c361a46be0512f190e

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

11:dc:12:4e:a4:a8:32:96:01:ad:08:d3:13:2b:c2:41:2e:9b:d7:e7:c0:26:28:19:a1:c5:bd:1c:17:14:32:e8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

uxtheme

msimg32

dwmapi

version

aclui

Sections

.text Size: 717KB - Virtual size: 716KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 19KB - Virtual size: 25KB

.detourc Size: 14KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.rsrc Size: 471KB - Virtual size: 471KB

.reloc Size: 36KB - Virtual size: 35KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

11:dc:12:4e:a4:a8:32:96:01:ad:08:d3:13:2b:c2:41:2e:9b:d7:e7:c0:26:28:19:a1:c5:bd:1c:17:14:32:e8
Signer

.text
Size: 717KB - Virtual size: 716KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 19KB - Virtual size: 25KB

.detourc
Size: 14KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 471KB - Virtual size: 471KB

.reloc
Size: 36KB - Virtual size: 35KB