2024-06-07_b7d36db90188836bf0f8b7a923ff02e2_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-07_b7d36db90188836bf0f8b7a923ff02e2_avoslocker_revil
Size

2.1MB
MD5

b7d36db90188836bf0f8b7a923ff02e2
SHA1

be36c2fc193fd4f667631844dadf8315f9b3e3e2
SHA256

b868efa5a512b78877eb048921211242f9a9f2e08af430ebf4289071ab6425e3
SHA512

3a4c2d5e0fcbb9d57c43e2a3ce7d9c1a76831c902446f46a091f536141866acf75e0132abdd2058e7f35f8040e6c099f674bb0b7138e4dc0a6c67b69a8220507
SSDEEP

49152:5CGCc3ZHBteXBsB0UKgHVPnbzsBeGlRCrDZ:5CGCiZ6sZKgR0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_b7d36db90188836bf0f8b7a923ff02e2_avoslocker_revil

Files

2024-06-07_b7d36db90188836bf0f8b7a923ff02e2_avoslocker_revil
.exe windows:6 windows x86 arch:x86

78122045779a9b3ccf12ea53e35a2fea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

ws2_32

WSAStartup
shutdown
setsockopt
connect
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
WSAGetLastError
WSACleanup
gethostbyname
select
ntohs
getsockopt
ioctlsocket
bind
WSAIoctl
closesocket
ntohl
WSASocketW
socket
WSAAddressToStringW
htonl
htons

crypt32

CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

advapi32

CryptGetProvParam
CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptSetHashParam
CryptAcquireContextW

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

shell32

CommandLineToArgvW

iphlpapi

GetIpAddrTable

netapi32

NetApiBufferFree
NetShareEnum

rstrtmgr

RmShutdown
RmStartSession
RmEndSession
RmGetList
RmRegisterResources

bcrypt

BCryptGenRandom

kernel32

HeapFree
HeapAlloc
GetCommandLineA
GetModuleFileNameW
CompareStringW
LCMapStringW
HeapReAlloc
GetConsoleOutputCP
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
SetConsoleCtrlHandler
GetModuleHandleExW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
ReadFile
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetLogicalDrives
FindFirstFileW
EnterCriticalSection
FindNextFileW
LeaveCriticalSection
FindClose
ExitThread
Sleep
CreateThread
lstrcmpiW
GetDriveTypeW
GetCommandLineW
GetCurrentProcess
WaitForMultipleObjects
InitializeCriticalSection
InitializeConditionVariable
WaitForSingleObject
GetLastError
CloseHandle
GetProcAddress
DeleteCriticalSection
ExitProcess
GetModuleHandleW
lstrcmpW
CancelIo
GetQueuedCompletionStatus
CreateIoCompletionPort
SleepConditionVariableCS
DecodePointer
GetFileSizeEx
WriteFile
WakeAllConditionVariable
GetProcessId
SetEndOfFile
lstrlenA
CreateFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetNativeSystemInfo
SetFilePointerEx
MoveFileExW
FlushFileBuffers
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
VirtualFree
MultiByteToWideChar
GetEnvironmentVariableW
WideCharToMultiByte
GetStdHandle
GetFileType
GetACP
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
UnhandledExceptionFilter

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78122045779a9b3ccf12ea53e35a2fea

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

crypt32

advapi32

user32

shell32

iphlpapi

netapi32

rstrtmgr

bcrypt

kernel32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 498KB - Virtual size: 498KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 498KB - Virtual size: 498KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 78KB - Virtual size: 78KB