2024-06-06_c1ca1f26ee144ca30e26d76b07e84ac0_avoslocker_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_c1ca1f26ee144ca30e26d76b07e84ac0_avoslocker_magniber_revil
Size

16.8MB
MD5

c1ca1f26ee144ca30e26d76b07e84ac0
SHA1

5638c265f719d60e5928c6e9fd7ace169f26a309
SHA256

99622411f92761f492bf8900d43584caad86708ef276991f0378bf7e965bfad1
SHA512

9b7e6c88963f3c2c20b4e5aa1b8bd5b5e16c4a0bb321f2eb0743b273d23c1d167fca49370f07cc90db790fc8ffd97b62edbf4e2c47b9c9fd28847d60e660693b
SSDEEP

393216:KIidA6NUxAXSotJfJ21zJ+Jsv6tWKFdu9CLb:b8A6Ni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_c1ca1f26ee144ca30e26d76b07e84ac0_avoslocker_magniber_revil

Files

2024-06-06_c1ca1f26ee144ca30e26d76b07e84ac0_avoslocker_magniber_revil
.exe windows:5 windows x86 arch:x86

f237a68a63ee1a32e57188dd75b33c10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyWindow
GetSystemMetrics
GetWindowThreadProcessId
DestroyIcon
GetSysColor
SystemParametersInfoW
SetWindowRgn
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
PostMessageW
AttachThreadInput
IsChild
ShowWindow
FlashWindowEx
MoveWindow
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
DestroyCursor
GetAncestor
GetKeyboardLayoutList
UnregisterClassW
GetClassInfoW
RegisterClassExW
CreateWindowExW
GetClientRect
GetCursorPos
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
LoadIconW
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetAsyncKeyState
GetKeyboardLayout
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
SetWindowsHookExW
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW
MessageBoxW
DrawIconEx
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
UnhookWindowsHookEx
PostThreadMessageW
CharNextExA
DefWindowProcW
SendMessageW
RegisterWindowMessageW
EnableMenuItem
GetSystemMenu
ReleaseDC
GetDC
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsW
SetWindowPos
CallNextHookEx
GetFocus
CreateCursor

ole32

OleGetClipboard
OleSetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
StringFromGUID2
CoUninitialize

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd

winmm

PlaySoundW

oleaut32

SysFreeString
SysAllocStringLen
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocString
SysStringLen

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
Shell_NotifyIconW
CommandLineToArgvW
SHBrowseForFolderW

gdi32

GetDIBits
CreateBitmap
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

ws2_32

closesocket
bind
__WSAFDIsSet
WSAGetLastError
gethostbyname
gethostbyaddr
inet_addr
getsockopt
ntohl
htonl
htons
listen
getpeername
shutdown
send
recv
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
select
WSASocketW
WSASendTo
setsockopt
WSAAccept
WSASetLastError
getsockname
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect

advapi32

CryptReleaseContext
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
GetLengthSid
FreeSid
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
RegSetValueExW
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CopySid
OpenProcessToken

crypt32

CertCloseStore
CertCreateCertificateContext
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

kernel32

UnhandledExceptionFilter
ReleaseMutex
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
InterlockedPushEntrySList
IsProcessorFeaturePresent
InitializeSListHead
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
WriteFileEx
SleepEx
CancelIo
PeekNamedPipe
ReadFileEx
GetModuleHandleExW
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
VirtualFree
VirtualAlloc
LoadLibraryExW
SetConsoleCtrlHandler
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetFileAttributesW
SetStdHandle
HeapAlloc
HeapReAlloc
HeapFree
EnumSystemLocalesW
GetFileSizeEx
SetConsoleMode
ReadConsoleInputW
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
GetSystemInfo
GetLastError
CloseHandle
CreateMutexW
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetVolumeInformationW
OpenProcess
GetProcAddress
GetLongPathNameW
GetDriveTypeW
lstrcmpW
LocalFree
FormatMessageW
IsValidLanguageGroup
IsValidLocale
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetCurrentProcessId
CreateFileW
ReadFile
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetConsoleWindow
ExitProcess
DeviceIoControl
CreateEventW
WaitForMultipleObjects
LoadLibraryW
SetHandleInformation
GetStdHandle
GetFileType
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
FreeLibrary
GlobalMemoryStatus
FlushConsoleInputBuffer
SetLastError
GetSystemTime
SystemTimeToFileTime
CompareStringW
GetUserDefaultLCID
DuplicateHandle
SetEvent
WaitForSingleObject
Sleep
GetCurrentProcess
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
GetCommandLineW
GetLocalTime
WaitForSingleObjectEx
GetStartupInfoW
ResetEvent
OutputDebugStringW
QueryPerformanceFrequency
GetSystemDirectoryW
LCMapStringW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
GetFileAttributesExW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
GetTempPathW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
MoveFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ConnectNamedPipe
CreateNamedPipeW
TerminateProcess
GetExitCodeProcess
GetProcessId
GetModuleFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f237a68a63ee1a32e57188dd75b33c10

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

imm32

winmm

oleaut32

shell32

gdi32

iphlpapi

ws2_32

advapi32

crypt32

kernel32

Sections

.text Size: 9.2MB - Virtual size: 9.2MB

.rdata Size: 6.9MB - Virtual size: 6.9MB

.data Size: 171KB - Virtual size: 231KB

.qtmetad Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 2KB - Virtual size: 1KB

_RDATA Size: 1024B - Virtual size: 560B

.rsrc Size: 151KB - Virtual size: 150KB

.reloc Size: 350KB - Virtual size: 350KB

.text
Size: 9.2MB - Virtual size: 9.2MB

.rdata
Size: 6.9MB - Virtual size: 6.9MB

.data
Size: 171KB - Virtual size: 231KB

.qtmetad
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 2KB - Virtual size: 1KB

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 151KB - Virtual size: 150KB

.reloc
Size: 350KB - Virtual size: 350KB