2024-06-02_3667b3877b48881c2a83b1e2196e81f8_avoslocker_floxif

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-02_3667b3877b48881c2a83b1e2196e81f8_avoslocker_floxif
Size

2.0MB
MD5

3667b3877b48881c2a83b1e2196e81f8
SHA1

748a7f9724645f5f841bfe7a923d7b91a44c39cf
SHA256

24d16d5d37e88a15f3dffe18392c835eb21c704bab419c7417d151540a210661
SHA512

4545b457980516d78279a38ea486d24384384de136cae07044970b4d4ac8cefbf901d28124dbe78ea12604f2ebf7f30be9f94bbeaec0da11a6e5305f2604b4e9
SSDEEP

49152:kcza5yzx5KqEq3uUDWS+mqKdn9H5L/BRXPHUNwu0D+Ds:kcoyzx5Kq/3PHdn9HNZxPHDD+Ds

Score

1^/10

Malware Config

Signatures

Files

2024-06-02_3667b3877b48881c2a83b1e2196e81f8_avoslocker_floxif
.exe windows:6 windows x86 arch:x86

98a408f553b6d8569befde05d9aeb0f0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:ce:9e:0e:c9:d2:71:3f:0d:21:c2:31:9d:31:0a:60
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/06/2022, 00:00

Not After

21/06/2025, 23:59

Subject

SERIALNUMBER=0705579-2,CN=F-Secure Corporation,O=F-Secure Corporation,L=Helsinki,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:e4:af:e4:34:68:20:c2:92:a1:37:de:19:8b:d9:e9:c8:f9:5b:ad:f1:ce:e9:3c:a8:a2:5d:38:14:9f:3b:f2
Signer

Actual PE Digest

39:e4:af:e4:34:68:20:c2:92:a1:37:de:19:8b:d9:e9:c8:f9:5b:ad:f1:ce:e9:3c:a8:a2:5d:38:14:9f:3b:f2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\OneClient\ccf_uninstallation_tool\ccf_uninstallation_tool\output\x86\Release_Static\uninstallation_tool_32.pdb

Imports

gdiplus

GdipAlloc
GdipFree
GdipDisposeImageAttributes
GdipDeletePen
GdipLoadImageFromStream
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath
GdipDrawArcI
GdipGetPenWidth
GdiplusShutdown
GdiplusStartup
GdipFillEllipseI
GdipDrawEllipseI
GdipSetPenLineCap197819
GdipAddPathLineI
GdipFillPath
GdipDrawPath
GdipSetSmoothingMode
GdipSetPenMode
GdipCreateImageAttributes
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDeletePath
GdipCreatePath
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipResetImageAttributes
GdipGetImageBounds
GdipDisposeImage
GdipCloneImage

kernel32

GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
GetTickCount
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetModuleFileNameW
CopyFileW
MoveFileExW
GetCurrentProcess
LocalFree
VerSetConditionMask
IsWow64Process
VerifyVersionInfoW
SetLastError
CreateProcessW
RaiseException
GetCurrentThread
ExpandEnvironmentStringsW
OutputDebugStringA
GetCurrentThreadId
GetSystemTime
GetLocalTime
GetTimeZoneInformation
FlushFileBuffers
GetFileInformationByHandle
ReadFile
SetFilePointerEx
ReleaseMutex
GetTickCount64
HeapAlloc
HeapFree
GetProcessHeap
OpenMutexW
GetLocaleInfoA
GetUserDefaultUILanguage
MulDiv
LoadLibraryExW
GetFileSizeEx
GetShortPathNameW
CreateToolhelp32Snapshot
Module32FirstW
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetCPInfoExW
CreatePipe
SetHandleInformation
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetModuleFileNameA
FindResourceW
FormatMessageA
CreateThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileW
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
ExitThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
Sleep
WaitForSingleObjectEx
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
FindFirstFileW
GetExitCodeProcess
WaitForSingleObject
WriteFile
DuplicateHandle
FindClose
DeleteFileW
CreateDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
ProcessIdToSessionId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
SizeofResource
LockResource
TlsAlloc
LoadResource
CreateFileW
GetCommandLineW
CreateMutexW
SetEvent
WaitForMultipleObjects
GetLastError
CreateEventW
CloseHandle
GetModuleHandleW
GetStdHandle
WriteConsoleW
FreeConsole
AttachConsole
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
GetCPInfo
GetFileAttributesExW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
HeapSize
SetEndOfFile
LoadLibraryExA

user32

SetTimer
GetMonitorInfoW
MonitorFromPoint
SetForegroundWindow
GetWindowThreadProcessId
IsDialogMessageW
KillTimer
SetActiveWindow
IsIconic
CreateWindowExW
RegisterClassExW
PostQuitMessage
AttachThreadInput
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
SetCursor
PtInRect
OffsetRect
ScreenToClient
GetCursorPos
GetNextDlgGroupItem
GetSystemMetrics
DrawIconEx
InflateRect
DrawFocusRect
AdjustWindowRect
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
EnableWindow
IsWindowVisible
SetWindowPos
ShowWindow
GetClientRect
InvalidateRect
EndPaint
BeginPaint
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
TrackMouseEvent
ReleaseDC
GetDC
SetWindowLongW
GetWindowLongW
EndDialog
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetForegroundWindow
AllowSetForegroundWindow
UnregisterClassW
ExitWindowsEx
SetFocus
PostMessageW
LoadIconW
CheckRadioButton
GetDlgItem
DestroyIcon
GetParent
SendMessageW
DrawTextW
FillRect

gdi32

GetObjectW
GetTextExtentExPointW
CreateFontIndirectW
GetTextMetricsW
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreateFontW
SetTextColor
SetBkColor
CreateSolidBrush
DeleteObject
SetBkMode

advapi32

StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorControl
GetSecurityDescriptorDacl
ConvertSidToStringSidW
LookupAccountNameW
IsValidSid
GetLengthSid
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
RegGetValueW
GetNamedSecurityInfoW
GetSidSubAuthority

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
CM_Get_Device_ID_ExW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW

Sections

.text
Size: 610KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98a408f553b6d8569befde05d9aeb0f0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:ce:9e:0e:c9:d2:71:3f:0d:21:c2:31:9d:31:0a:60Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

39:e4:af:e4:34:68:20:c2:92:a1:37:de:19:8b:d9:e9:c8:f9:5b:ad:f1:ce:e9:3c:a8:a2:5d:38:14:9f:3b:f2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

ole32

oleaut32

setupapi

Sections

.text Size: 610KB - Virtual size: 609KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 7KB - Virtual size: 27KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 25KB - Virtual size: 24KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:ce:9e:0e:c9:d2:71:3f:0d:21:c2:31:9d:31:0a:60
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

39:e4:af:e4:34:68:20:c2:92:a1:37:de:19:8b:d9:e9:c8:f9:5b:ad:f1:ce:e9:3c:a8:a2:5d:38:14:9f:3b:f2
Signer

.text
Size: 610KB - Virtual size: 609KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 25KB - Virtual size: 24KB