2024-06-07_6b0bb993fc5ba3cca9e58935ce9892b5_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_6b0bb993fc5ba3cca9e58935ce9892b5_avoslocker
Size

9.4MB
MD5

6b0bb993fc5ba3cca9e58935ce9892b5
SHA1

6d4dae61b70f9ab03109b9f99a8cc2e4639990de
SHA256

edb2233b5f525873f0530c2cb241b482b8b843e41db8d57cdf95a47ea17292c7
SHA512

b513831dc18dd78e76aa7b140608f9afce9bed98f4845b8d8cb6ce89066887599e6af78f3a403da612fe8f339dc4ea20e02ef80a9144ecc0cae31dc2581ab558
SSDEEP

196608:nYBiDwqAcG4RwuuJ3B4xsD5Lnn+ZzxoNQyIm0+Oy9Xfz4:nYBTq6ZH5Lnn+5+p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_6b0bb993fc5ba3cca9e58935ce9892b5_avoslocker

Files

2024-06-07_6b0bb993fc5ba3cca9e58935ce9892b5_avoslocker
.exe windows:6 windows x86 arch:x86

eae5f4061fd62d4409823fdfb4e26033

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymInitialize
SymFromAddr
SymGetLineFromAddr64

shell32

CommandLineToArgvW
ShellExecuteA

ws2_32

gethostbyname
WSAStartup
gethostname
WSACleanup
freeaddrinfo
getaddrinfo
accept
__WSAFDIsSet
ntohs
recv
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSASetLastError
select
WSARecvFrom
WSARecv
WSAIoctl
socket
shutdown
listen
getsockname
getpeername
ioctlsocket
connect
bind
WSASocketW
htons
WSAGetLastError
setsockopt
getsockopt
closesocket

advapi32

RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
SystemFunction036
RegCloseKey

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
PFXImportCertStore
PFXIsPFXBlob
CertOpenStore
CertFindCertificateInStore
CryptStringToBinaryA
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

kernel32

GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapFree
HeapAlloc
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetProcessHeap
HeapSize
InitializeSListHead
AreFileApisANSI
LoadLibraryA
GetStdHandle
SetErrorMode
GetConsoleScreenBufferInfo
Sleep
GetFileSizeEx
GetFileType
ReadFile
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
FlushConsoleInputBuffer
SetStdHandle
CreateFileW
GetFileAttributesW
GetFileSize
GetLongPathNameW
SetFileAttributesW
CloseHandle
DuplicateHandle
SetLastError
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExW
GetModuleFileNameW
LocalFree
FormatMessageA
MoveFileExW
GetOEMCP
GetCPInfoExW
IsDBCSLeadByteEx
GetProcessAffinityMask
CreatePipe
IsWow64Process
GetModuleHandleW
GetProcAddress
GetFileAttributesExW
LockFileEx
UnlockFileEx
GetFileTime
SetFileTime
FormatMessageW
GetConsoleOutputCP
ExpandEnvironmentStringsW
GetVolumeInformationA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCommandLineW
GetFullPathNameW
CompareFileTime
DeleteFileW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetShortPathNameW
RemoveDirectoryW
DeviceIoControl
CreateSymbolicLinkW
FindNextFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetHandleInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
TerminateProcess
GetExitCodeProcess
CreateThread
ResumeThread
CreateProcessW
OpenProcess
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
RtlCaptureStackBackTrace
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
FreeLibrary
LoadLibraryW
lstrcmpiW
SetConsoleTextAttribute
LoadLibraryExW
CreateDirectoryW
SetEndOfFile
SetFilePointer
GetTempPathW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
GetOverlappedResult
CancelIo
ResetEvent
CreateEventW
VirtualAlloc
VirtualFree
IsValidCodePage
CreateFileA
GetFileAttributesA
PeekNamedPipe
SearchPathA
SetHandleInformation
CreateProcessA
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
GetTickCount
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FlushFileBuffers
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CancelIoEx
CancelSynchronousIo
CreateEventA
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
GetNamedPipeHandleStateA
RegisterWaitForSingleObject
UnregisterWait
GetFinalPathNameByHandleW
SetFilePointerEx
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
VerSetConditionMask
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
SetEvent
GetNumberOfConsoleInputEvents
ReadConsoleInputW
SetConsoleCursorPosition
WriteConsoleInputW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
SetProcessAffinityMask
LCMapStringW
DebugBreak
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
WakeAllConditionVariable
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetNativeSystemInfo
CreateSemaphoreA
ReadDirectoryChangesW
GetModuleHandleA
GetStartupInfoW
SleepEx
MoveFileExA
GetEnvironmentVariableA
VerifyVersionInfoW
FindFirstFileExW
LCMapStringEx
DecodePointer
EncodePointer
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
RaiseException
WaitForSingleObjectEx
GetCurrentThreadId
InitializeCriticalSectionEx

user32

GetMessageA
TranslateMessage
DispatchMessageA
MapVirtualKeyW
CharPrevExA
GetSystemMetrics

ole32

CoCreateInstance
GetRunningObjectTable
CreateBindCtx
CoInitialize
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString
SafeArrayDestroy

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eae5f4061fd62d4409823fdfb4e26033

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

shell32

ws2_32

advapi32

crypt32

kernel32

user32

ole32

oleaut32

Sections

.text Size: 7.8MB - Virtual size: 7.8MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 173KB - Virtual size: 2.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 304KB - Virtual size: 303KB

.text
Size: 7.8MB - Virtual size: 7.8MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 173KB - Virtual size: 2.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 304KB - Virtual size: 303KB