2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil
Size

15.1MB
MD5

1d7c3981c488013cd062d05709765e85
SHA1

04c2672adff1b107299d2563be85be7dfac3bc12
SHA256

a3cf2e5260a9ee5afafcb65879150ecc9a4c2e5d3d38cbb35dc6917b5bf046e1
SHA512

3bdd253c069d57e52b819af88b9b6ca40639b66ad71aa22acc6fc36306fc2b3e6b2645694c9d2ccd3ed95207ae2ac66bb9a6f434e768bf5ca90eea9808b61189
SSDEEP

196608:IrX4wo6Ir7PVYn69zqUlZGOJsv6tWKFdu9CZUfz+yj:I4tvC69zjlZpJsv6tWKFdu9CZa+u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil

Files

2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil
.exe windows:6 windows x86 arch:x86

ebe70b0bdae480e79caffb7724a4d81f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
GetLastError
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
HeapReAlloc
HeapAlloc
HeapFree
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
RtlUnwind
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
GetModuleHandleA
GetSystemDirectoryA
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
OpenProcess
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcess
WriteProfileStringW
GetProfileStringW
GetTickCount
GetLocalTime
GetNativeSystemInfo
GetDiskFreeSpaceExW
InitializeSListHead
IsDebuggerPresent
lstrcmpW
GetCurrentThreadId
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
LoadLibraryW
GlobalSize
GetCurrentProcessId
GetUserDefaultLangID
CreateFileW
ReadFile
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LocalAlloc
WaitForMultipleObjects
GlobalFree
SetHandleInformation
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetStdHandle
GetEnvironmentVariableW
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
FreeLibrary
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
OutputDebugStringW
TerminateProcess
IsProcessorFeaturePresent
CompareStringEx
GetCommandLineW
DuplicateHandle
SetEvent
WaitForSingleObject
Sleep
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
WaitForSingleObjectEx
GetSystemDirectoryW
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceFrequency
GetTickCount64
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
GetStartupInfoW
GetModuleFileNameW
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ConnectNamedPipe
CreateNamedPipeW
GetExitCodeProcess
GetProcessId
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RaiseException
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

wsprintfW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
PostThreadMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
RegisterClassW
DispatchMessageW
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
GetProcessWindowStation
GetUserObjectInformationW
TranslateMessage
EnumDisplayDevicesW

advapi32

RegEnumKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
SystemFunction036
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
OpenProcessToken
RegNotifyChangeKeyValue
RegDeleteValueW
RegDeleteKeyW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck

ole32

CoInitialize
CoCreateGuid
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoUninitialize

shlwapi

AssocQueryStringW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
CloseThemeData
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow

iphlpapi

ConvertInterfaceNameToLuidW
GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid

mpr

WNetGetUniversalNameW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetShareEnum
NetApiBufferFree

winmm

timeSetEvent
timeKillEvent

ws2_32

htonl
ntohl
getaddrinfo
WSAWaitForMultipleEvents
freeaddrinfo
getnameinfo
getsockopt
__WSAFDIsSet
bind
closesocket
inet_pton
recvfrom
sendto
getpeername
getsockname
htons
listen
select
setsockopt
WSAGetLastError
WSAAccept
WSAConnect
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
ntohs
recv
send
WSASetLastError
ioctlsocket
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAAsyncSelect
gethostname
socket
connect
accept
WSACleanup
WSAStartup
WSAResetEvent
shutdown

wldap32

ord33
ord35
ord79
ord30
ord32
ord46
ord143
ord200
ord301
ord27
ord26
ord22
ord41
ord60
ord50
ord211

crypt32

CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreW
CertCreateCertificateContext
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage

bcrypt

BCryptGenRandom

gdi32

CreateCompatibleDC
CombineRgn
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
GetPixelFormat
SwapBuffers
GetBitmapBits
GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW

shell32

SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetMalloc
SHGetStockIconInfo
ShellExecuteW
ord727
CommandLineToArgvW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetKnownFolderPath

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebe70b0bdae480e79caffb7724a4d81f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

wtsapi32

uxtheme

dwmapi

imm32

iphlpapi

mpr

userenv

version

netapi32

winmm

ws2_32

wldap32

crypt32

bcrypt

gdi32

shell32

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.rdata Size: 4.8MB - Virtual size: 4.8MB

.data Size: 111KB - Virtual size: 194KB

.qtmetad Size: 1KB - Virtual size: 1KB

_RDATA Size: 1024B - Virtual size: 548B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 331KB - Virtual size: 330KB

.text
Size: 9.9MB - Virtual size: 9.9MB

.rdata
Size: 4.8MB - Virtual size: 4.8MB

.data
Size: 111KB - Virtual size: 194KB

.qtmetad
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 1024B - Virtual size: 548B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 331KB - Virtual size: 330KB