2024-06-07_0d5dbdceb5206c2b741d3f88c04b73be_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_0d5dbdceb5206c2b741d3f88c04b73be_avoslocker_revil
Size

43.5MB
MD5

0d5dbdceb5206c2b741d3f88c04b73be
SHA1

d2db0cdcf0c8ac9bdedb0eaf0409e794152a30c1
SHA256

18b9cbf67468475f3ef1c7bb013d81d2ef9a27c4b2ef9413eb1a6b6f0b98f8b5
SHA512

6ba222b54803857e0b3a13f589e42d8f7aec8cb796a7a1c943b2d16a735d336a292c385cb5d4f299b5354b79ed398f91a7d9eef670d96cd8a6293d8bcbab4eb3
SSDEEP

786432:3rhmkqhkQgDHZ1h+jxXL3CRZYcRXXx3Jm/29:kkqhkQgDHRAx73FKh3M/29

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_0d5dbdceb5206c2b741d3f88c04b73be_avoslocker_revil

Files

2024-06-07_0d5dbdceb5206c2b741d3f88c04b73be_avoslocker_revil
.exe windows:6 windows x86 arch:x86

214f9088d52a017ececcffd3029afd58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetPropW
SetPropW
CallWindowProcW
WindowFromDC
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
RemovePropW
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UpdateLayeredWindowIndirect
GetCaretBlinkTime
PostMessageW
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
CharUpperW
SendMessageTimeoutW
GetWindowThreadProcessId
EnumWindows
DestroyCaret
TranslateMessage
PostThreadMessageW
SendMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
VariantCopy
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

gdi32

SetBkMode
SetGraphicsMode
SetTextColor
GetCharABCWidthsI
SetWorldTransform
ExtTextOutW
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
SetTextAlign
GetDIBits
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
AddFontResourceExW
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
SetPixelFormat
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
RemoveFontResourceExW

uxtheme

GetThemeSysFont
DrawThemeBackground
DrawThemeTextEx
CloseThemeData
GetThemeTransitionDuration
GetThemePropertyOrigin
GetCurrentThemeName
SetWindowThemeAttribute
IsAppThemed
GetThemeMargins
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
ord47

dwmapi

DwmEnableBlurBehindWindow
DwmDefWindowProc
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

iphlpapi

ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
GetAdaptersAddresses

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCreateCertificateContext

ws2_32

htonl
ntohl
WSAGetLastError
freeaddrinfo
getnameinfo
getsockopt
__WSAFDIsSet
bind
closesocket
getpeername
getsockname
htons
listen
select
setsockopt
WSACleanup
WSAConnect
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
recv
send
WSASetLastError
WSAAsyncSelect
gethostname
WSAStartup
WSAAccept
getaddrinfo

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegNotifyChangeKeyValue
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetFileSecurityW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CryptEnumProvidersW
SystemFunction036
AccessCheck
CopySid
DuplicateToken
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW

mpr

WNetGetUniversalNameA

netapi32

NetShareEnum
NetApiBufferFree

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

DecodePointer
EncodePointer
TryEnterCriticalSection
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
CreateMutexW
GetTempPathA
RaiseException
GetTempFileNameA
QueueUserWorkItem
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
GetUserGeoID
GetGeoInfoW
FindNextChangeNotification
FindFirstFileExW
GetFileInformationByHandleEx
TzSpecificLocalTimeToSystemTime
MoveFileExW
CopyFileW
GetFullPathNameW
GetFileAttributesW
SetFilePointerEx
GetLogicalDrives
SignalObjectAndWait
SleepEx
CancelIoEx
PeekNamedPipe
ReadFileEx
RegisterWaitForSingleObject
UnregisterWaitEx
LCMapStringW
CompareStringW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetTickCount64
QueryPerformanceFrequency
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
GetProcessId
GetLogicalProcessorInformation
Sleep
WaitForSingleObjectEx
DuplicateHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocalTime
GetStartupInfoW
CompareStringEx
IsProcessorFeaturePresent
OutputDebugStringW
GetNativeSystemInfo
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
QueryPerformanceCounter
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetHandleInformation
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
GlobalFree
WaitNamedPipeW
DisconnectNamedPipe
CreateFileMappingW
VirtualProtect
GetTimeZoneInformation
ExitProcess
GetConsoleWindow
GetVolumeInformationW
GetUserDefaultLangID
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
lstrcmpW
WaitForMultipleObjects
GetSystemInfo
VirtualFree
VirtualAlloc
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetVersionExW
FileTimeToDosDateTime
GetSystemTimeAsFileTime
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
GetFileInformationByHandle
MoveFileW
GetModuleHandleW
GetSystemDirectoryW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
GetCommandLineA
GetConsoleCP
SetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
IsValidCodePage
GetACP
FreeLibraryAndExitThread
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
ExitThread
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetExitCodeProcess
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
WriteFileEx
FormatMessageW
GetCurrentDirectoryW
SetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
OpenEventW
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
FreeConsole
GetConsoleProcessList
GetCommandLineW
CloseHandle
CreateProcessW
LocalFree
HeapSize
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
GetEnvironmentVariableW
GetStdHandle
GetFileType
OpenProcess
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
IsWow64Process
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
SetErrorMode
WaitForSingleObject
TerminateProcess
GetLastError
FileTimeToSystemTime
CreateFileW
FlushFileBuffers
LockFile
UnlockFile
WriteFile
DeviceIoControl
CompareFileTime
GetProcAddress

shell32

SHParseDisplayName
CommandLineToArgvW
SHGetKnownFolderPath
SHGetFolderLocation
ord155
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHChangeNotify
ShellExecuteExW
SHGetFolderPathW

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
CoInitializeEx
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
StringFromGUID2

winmm

timeSetEvent
timeKillEvent

d3d9

D3DPERF_SetMarker
D3DPERF_GetStatus
D3DPERF_EndEvent
D3DPERF_BeginEvent
Direct3DCreate9

bcrypt

BCryptGenRandom

Exports

Exports

??0PlatformMethods@angle@@QAE@XZ
??4PlatformMethods@angle@@QAEAAU01@$$QAU01@@Z
??4PlatformMethods@angle@@QAEAAU01@ABU01@@Z
_ANGLEGetDisplayPlatform@20
_ANGLEResetDisplayPlatform@4

Sections

.text
Size: 14.4MB - Virtual size: 14.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 255KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

214f9088d52a017ececcffd3029afd58

Headers

DLL Characteristics

File Characteristics

Imports

user32

imm32

oleaut32

wtsapi32

gdi32

uxtheme

dwmapi

iphlpapi

crypt32

ws2_32

advapi32

mpr

netapi32

userenv

version

kernel32

shell32

ole32

winmm

d3d9

bcrypt

Exports

Exports

Sections

.text Size: 14.4MB - Virtual size: 14.4MB

.rdata Size: 5.7MB - Virtual size: 5.7MB

.data Size: 255KB - Virtual size: 399KB

.qtmetad Size: 512B - Virtual size: 239B

.tls Size: 512B - Virtual size: 13B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 304B

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 572KB - Virtual size: 571KB

.text
Size: 14.4MB - Virtual size: 14.4MB

.rdata
Size: 5.7MB - Virtual size: 5.7MB

.data
Size: 255KB - Virtual size: 399KB

.qtmetad
Size: 512B - Virtual size: 239B

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 304B

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 572KB - Virtual size: 571KB