2024-06-02_b67ae61b8ed56fd1dd2ddabc5fbfc769_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-02_b67ae61b8ed56fd1dd2ddabc5fbfc769_avoslocker
Size

5.1MB
MD5

b67ae61b8ed56fd1dd2ddabc5fbfc769
SHA1

e50995c56d1ec6f561c9de6ac08cd0cea8710ccb
SHA256

524b6ad065e69fb8d222dc3547bcbf699410589bdebd7713d54c1bfb4a976451
SHA512

a6f771704048df307412daa03f162b798a63973fee94b4f62f361c74cb87980c79dbcd0e3cd96faf512853ca2e9980dc4cd8466fab0e46e7ca536a3ffdd5677d
SSDEEP

98304:tsv1CdY3zYSd8jDkFAjkjnRZ0J09OyfAcnF+LKXCaiqKFFIsbU8kxknLSFLOAkGO:WtQSd8jD7jgn/0ZKXCaiqKvErxeSFLOV

Score

1^/10

Malware Config

Signatures

Files

2024-06-02_b67ae61b8ed56fd1dd2ddabc5fbfc769_avoslocker
.exe windows:6 windows x86 arch:x86

16f0c39806126e3746a502ea9e7d1034

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

52:28:16:5f:41:53:00:b6:e3:95:b6:98
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/06/2021, 01:24

Not After

18/06/2022, 01:24

Subject

SERIALNUMBER=91510100083344430Y,CN=成都趣乐多科技有限公司,O=成都趣乐多科技有限公司,STREET=高新区拓新东街81号10栋3层,L=成都市,ST=四川省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13074348454e474455,1.3.6.1.4.1.311.60.2.1.2=#13075349434855414e,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:8c:ee:9d:6d:8e:a1:98:f6:c0:6d:c7:12:80:f6:43:09:a9:9e:df
Signer

Actual PE Digest

a2:8c:ee:9d:6d:8e:a1:98:f6:c0:6d:c7:12:80:f6:43:09:a9:9e:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\svn\f2web\trunk\src\launchers\XzgLauncher.shunwang.cpp\Release\XzgLauncher.pdb

Imports

ws2_32

ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
gethostname
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
listen
WSAIoctl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
socket
WSAGetLastError
send
closesocket

wldap32

ord147
ord301
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord133
ord145
ord219
ord46
ord14
ord208
ord216

kernel32

GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
lstrcmpiW
GetTempPathW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
FindResourceExW
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
GetTempFileNameW
ResetEvent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
VirtualQuery
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
GlobalFlags
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
LCMapStringW
GetConsoleOutputCP
GetFullPathNameW
GetConsoleMode
SetStdHandle
HeapQueryInformation
GetCommandLineA
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
GetFileInformationByHandle
GetDriveTypeW
WriteConsoleW
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCPInfo
GetStringTypeW
OutputDebugStringW
FlushFileBuffers
GetCurrentDirectoryW
GetFileSize
GetFileAttributesW
SizeofResource
HeapFree
EnterCriticalSection
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
lstrcpyW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetVersionExW
GetCurrentThread
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
GetModuleFileNameW
WaitForMultipleObjects
LeaveCriticalSection
ReadConsoleW
GetThreadLocale
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetModuleHandleA
EncodePointer
OutputDebugStringA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalSize
FormatMessageA
SetLastError
ExpandEnvironmentStringsA
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
QueryPerformanceCounter
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
CreateProcessW
Sleep
GetCommandLineW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateMutexW
RemoveDirectoryW
CreateDirectoryW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
GetLocalTime
GetCurrentThreadId
CreateFileW
SetErrorMode
GetTickCount
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalMemoryStatus
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask
GetProcAddress
GetCurrentProcess
WideCharToMultiByte
CopyFileW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
FindResourceW
LoadResource
CreateThread
RaiseException
CloseHandle
HeapReAlloc
DeleteFileW
LockResource
TerminateThread
GetLastError
MultiByteToWideChar
HeapSize
WaitForSingleObject
InitializeCriticalSectionEx
VirtualProtect

user32

PostThreadMessageW
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
WaitMessage
GetUpdateRect
DestroyAcceleratorTable
ModifyMenuW
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
WindowFromPoint
DeleteMenu
GetSystemMenu
CharUpperW
IsZoomed
MonitorFromPoint
SetParent
LoadImageW
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
RealChildWindowFromPoint
CopyImage
RegisterClipboardFormatW
SendDlgItemMessageA
GetMenuItemInfoW
DestroyMenu
EnumDisplayMonitors
SystemParametersInfoW
LoadCursorW
SetRectEmpty
EndDialog
CreateDialogIndirectParamW
SetCursor
ShowOwnedPopups
DrawIconEx
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
GetActiveWindow
GetMessageW
LoadMenuW
MapVirtualKeyW
GetKeyNameTextW
ClientToScreen
GetWindowDC
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CharNextW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SubtractRect
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetClassNameW
PtInRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
RegisterWindowMessageW
MapDialogRect
SetWindowContextHelpId
IsDialogMessageW
GetWindow
GetTopWindow
GetParent
KillTimer
SetWindowLongW
SendNotifyMessageW
RegisterClassExW
UnregisterClassW
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
IsChild
GetDesktopWindow
EqualRect
IsRectEmpty
OffsetRect
IntersectRect
InvalidateRgn
CopyAcceleratorTableW
IsWindowEnabled
ReleaseCapture
SetCapture
GetFocus
SetFocus
IsWindowVisible
SetWindowPos
IsWindow
UnhookWindowsHookEx
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
CharUpperBuffW
TranslateAcceleratorW
GetWindowThreadProcessId
GetWindowRgn
DestroyCursor
InvertRect
HideCaret
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
GetSubMenu
GetMenuState
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
IsClipboardFormatAvailable
FrameRect
ReuseDDElParam
UnpackDDElParam
GetScrollInfo
ShowWindowAsync
DispatchMessageW
EnumWindows
SetLayeredWindowAttributes
TranslateMessage
GetWindowRect
GetDC
GetSystemMetrics
CreatePopupMenu
DrawIcon
LoadIconW
AppendMenuW
CreateWindowExW
InsertMenuItemW
DestroyWindow
DefWindowProcW
GetWindowLongW
InvalidateRect
GetClassLongW
TrackMouseEvent
SetClassLongW
CallWindowProcW
GetAsyncKeyState
MessageBoxW
GetKeyState
EnableWindow
CopyRect
SetTimer
SetRect
DrawTextW
GetClientRect
DrawTextExW
SendMessageW
FillRect
GrayStringW
TabbedTextOutW
PostQuitMessage
GetCursorPos
ReleaseDC
IsIconic
SetForegroundWindow
UpdateLayeredWindow
GetMenuStringW

gdi32

GetTextColor
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
GetStockObject
ScaleWindowExtEx
PatBlt
CombineRgn
CreateEllipticRgn
Ellipse
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateDIBitmap
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
SetPixel
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
GetBkColor
SetTextColor
SetBkColor
GetRgnBox
CreateRectRgnIndirect
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
StretchBlt
GetObjectW
CreateFontW
CreateCompatibleBitmap
RectVisible
TextOutW
CreateSolidBrush
Escape
PtVisible
ExtTextOutW
BitBlt
SelectObject
CreateCompatibleDC
ScaleViewportExtEx
DeleteDC
DeleteObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptDestroyKey
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
CryptEncrypt
CryptImportKey
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetFileInfoW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

UrlEscapeW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetThemePartSize
GetWindowTheme
DrawThemeText
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
GetThemeSysColor

ole32

OleLockRunning
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleDuplicateData
ReleaseStgMedium
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
RevokeDragDrop
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
SysAllocStringByteLen
VariantCopy
VarBstrFromDate
LoadTypeLi
SysStringLen
VariantInit
SysFreeString
VariantClear
SysAllocString

oledlg

OleUIBusyW

urlmon

ObtainUserAgentString

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipGetImagePaletteSize
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipFree
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromStream
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight

dbghelp

MiniDumpWriteDump

wininet

HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetOpenW
InternetCrackUrlW
InternetConnectW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16f0c39806126e3746a502ea9e7d1034

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

52:28:16:5f:41:53:00:b6:e3:95:b6:98Certificate

Extended Key Usages

Key Usages

a2:8c:ee:9d:6d:8e:a1:98:f6:c0:6d:c7:12:80:f6:43:09:a9:9e:dfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

urlmon

gdiplus

dbghelp

wininet

iphlpapi

oleacc

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 385KB - Virtual size: 384KB

.data Size: 78KB - Virtual size: 98KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 160KB - Virtual size: 159KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

52:28:16:5f:41:53:00:b6:e3:95:b6:98
Certificate

a2:8c:ee:9d:6d:8e:a1:98:f6:c0:6d:c7:12:80:f6:43:09:a9:9e:df
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 385KB - Virtual size: 384KB

.data
Size: 78KB - Virtual size: 98KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 160KB - Virtual size: 159KB