2024-06-05_6b41bdced1ae78f4bad876f05d2b5bc2_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_6b41bdced1ae78f4bad876f05d2b5bc2_avoslocker_revil
Size

4.5MB
MD5

6b41bdced1ae78f4bad876f05d2b5bc2
SHA1

e44b9928d535cd63d95792b05408cf88240c274c
SHA256

57599a19e1d1f300e1683599f2c27de7ccbf517bfb6b64f8a8c9a32334d3fdc2
SHA512

69df0a42fb3464a6e2ce47f5a3a4842ac15986106e948ba0e0d662b83b354f7ceea6fdba36350025edc7a58c4b7a5c79e9e7999ee6775bad358235c20abf5293
SSDEEP

98304:JJvJ9eqPaIXqIDPikZmnUWDEhqZYHHyvet:LJ1XqIjd4JZYn/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_6b41bdced1ae78f4bad876f05d2b5bc2_avoslocker_revil

Files

2024-06-05_6b41bdced1ae78f4bad876f05d2b5bc2_avoslocker_revil
.exe windows:6 windows x86 arch:x86

1729582c0836f71d3cb9999240953387

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\root\workspace\CC\MCC\kle3-88\midicontrolcenter\midicontrolcenter\build\Release\updater.pdb

Imports

ws2_32

freeaddrinfo
sendto
ioctlsocket
setsockopt
WSASetLastError
htons
getsockopt
recv
recvfrom
connect
ntohs
WSAGetLastError
socket
ntohl
WSASend
shutdown
WSASendTo
getpeername
WSARecv
WSARecvFrom
WSAPoll
WSACleanup
accept
bind
closesocket
listen
getaddrinfo
WSAStartup
inet_addr
getsockname
send

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertOpenStore

kernel32

TerminateProcess
RemoveDirectoryW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetEnvironmentVariableW
SetEndOfFile
PeekNamedPipe
GetTempPathW
CreateMutexW
FindClose
GetLocaleInfoW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
GetSystemDirectoryW
CreateEventW
Sleep
GetFileInformationByHandle
FormatMessageW
GetLastError
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
LoadLibraryW
ResetEvent
GetCurrentDirectoryW
DeleteCriticalSection
ExitProcess
CreateProcessW
FreeLibrary
QueryPerformanceCounter
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushFileBuffers
GetExitCodeProcess
FormatMessageA
GetFullPathNameW
DeviceIoControl
SetFilePointerEx
GetModuleHandleW
AreFileApisANSI
MultiByteToWideChar
TryEnterCriticalSection
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
FindNextFileW
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
GetStdHandle
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetLongPathNameW
LoadLibraryExW
GetExitCodeThread
SetEnvironmentVariableW
GetStartupInfoW
GetTimeZoneInformation
WriteConsoleW
FreeConsole
GetModuleFileNameA
GetModuleHandleExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
WaitForSingleObjectEx
RaiseException
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
EnterCriticalSection
FindFirstFileW
SubmitThreadpoolWork
InitializeSRWLock
CloseThreadpoolWork
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
EncodePointer
DecodePointer
ReadFile
SetThreadAffinityMask
CreateDirectoryW
LocalFree
GetCommandLineW
GlobalUnlock
GetCurrentProcessId
GlobalLock
GetProcAddress
GlobalAlloc
GlobalSize
GetModuleHandleA
GetModuleFileNameW
WideCharToMultiByte
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
WriteFile
TlsFree
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
RtlUnwind
InterlockedPushEntrySList
CreateThread
ExitThread
FreeLibraryAndExitThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
HeapAlloc
HeapFree
GetFileSizeEx
GetConsoleCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetVersionExW
HeapSize

user32

GetSystemMetrics
UnregisterClassW
SetWindowTextW
MessageBeep
RegisterClassExW
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
SendMessageW
GetWindowRect
GetMonitorInfoW
CreateIconIndirect
CloseClipboard
EmptyClipboard
PeekMessageW
IsChild
CreateCaret
CreateWindowExW
GetForegroundWindow
EnumWindows
GetMessageTime
SetLayeredWindowAttributes
SetFocus
GetClipboardData
LoadCursorW
DestroyCaret
ScreenToClient
DestroyIcon
SetCapture
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
ShowCaret
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
SetForegroundWindow
MapVirtualKeyW
PostMessageW
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
EnumDisplayMonitors
EnumChildWindows
MessageBoxW
SetWindowPos
IsWindowVisible
GetDC
DestroyWindow
TrackMouseEvent
GetFocus
GetSystemMenu
DefWindowProcW
GetWindowThreadProcessId
GetWindowLongW
GetWindowTextW
TranslateMessage
DispatchMessageW
SendMessageTimeoutW
GetMessageW
AttachThreadInput
GetProcessWindowStation
GetWindowInfo
InvalidateRect
GetAncestor
SetCursorPos
ReleaseDC
GetCursorPos
BeginPaint
EndPaint
GetUserObjectInformationW

gdi32

GetGlyphIndicesW
GetGlyphOutlineW
GetTextMetricsW
SetMapperFlags
GetKerningPairsW
RemoveFontMemResourceEx
CombineRgn
CreateBitmap
SetMapMode
DeleteObject
RestoreDC
ExcludeClipRect
GetRegionData
DeleteDC
CreateRectRgn
GetDeviceCaps
CreateRectRgnIndirect
StretchDIBits
CreateCompatibleDC
CreateDIBSection
SelectObject
SaveDC
CreateFontIndirectW
GetOutlineTextMetricsW

shell32

CommandLineToArgvW
SHGetKnownFolderPath
ExtractAssociatedIconW

ole32

RevokeDragDrop
OleInitialize
RegisterDragDrop
OleUninitialize

advapi32

RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW

winmm

timeGetTime
timeBeginPeriod

imm32

ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmNotifyIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1729582c0836f71d3cb9999240953387

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

gdi32

shell32

ole32

advapi32

winmm

imm32

version

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 65KB - Virtual size: 84KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 153KB - Virtual size: 152KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 65KB - Virtual size: 84KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 153KB - Virtual size: 152KB