2024-06-09_8e90edd335a74a7c383e03a6fb28c3c5_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-09_8e90edd335a74a7c383e03a6fb28c3c5_avoslocker
Size

4.2MB
MD5

8e90edd335a74a7c383e03a6fb28c3c5
SHA1

66c8f97cd826032a1106cc6daafbb5a9d1fd6f45
SHA256

e257fb55a1c3155efb4960f0c78736d43186a6fab7f3fdbbf1163c02522b01de
SHA512

c3997563e13a55ab0d464631bed1a19d6904804807ef432f9a3cb4c1faa3872c2e8a001c9ad63b18c25e89928114c8244bc1d6bb8d2cc2ae3faad0c9188f1ad5
SSDEEP

49152:UV+Yd/8EUzl8KubT8pTKA+1iTYvYITTs3tn6xY1cFTlqmzriuEjdJbnVLVTzrB9k:Gh18EgE177s3tiY1ArihP5dDYIrAPcw

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-09_8e90edd335a74a7c383e03a6fb28c3c5_avoslocker

Files

2024-06-09_8e90edd335a74a7c383e03a6fb28c3c5_avoslocker
.exe windows:6 windows x86 arch:x86

7800c4522f0501d90829eb4bf19adcc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetTickCount
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetStringTypeW
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetFileType
LCMapStringW
CompareStringW
SetEnvironmentVariableW
DecodePointer
GetStdHandle
GetACP
IsValidCodePage
HeapQueryInformation
HeapSize
GetCommandLineW
GetModuleHandleExW
EncodePointer
LoadLibraryExW
RtlUnwind
RaiseException
GetStartupInfoW
InitializeSListHead
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
ResetEvent
CreateEventA
CreateThread
WritePrivateProfileStringA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
Process32NextW
Process32FirstW
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32EnumProcessModulesEx
OpenProcess
QueryDosDeviceW
GetTickCount64
IsBadStringPtrA
GetFileSize
FindNextFileW
FindFirstFileW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
ReadProcessMemory
GetLocalTime
IsDebuggerPresent
SetFilePointer
CreateFileW
GlobalAddAtomW
VirtualQuery
VirtualAlloc
VirtualFree
VirtualProtect
FlushInstructionCache
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetThreadContext
SetThreadContext
SuspendThread
HeapDestroy
InterlockedExchange
InterlockedCompareExchange
HeapCreate
GetModuleHandleW
LoadLibraryW
GetCurrentProcess
GetSystemTimeAsFileTime
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
lstrlenW
CloseHandle
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile

user32

wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
ReleaseCapture
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
UnregisterClassA
LoadIconW
GetWindowTextLengthW
PostThreadMessageW
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollPos
ScrollWindow
GetWindowDC
TrackMouseEvent
MoveWindow
GetWindowLongW
GetAncestor
GetClassNameW
GetWindowTextW
GetDlgItem
RegisterWindowMessageW
SystemParametersInfoW
LoadCursorW
UnhookWindowsHookEx
EndPaint
BeginPaint
DrawTextW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
SendMessageW
RemovePropW
SetWindowLongW
DefWindowProcW
GetAsyncKeyState
CallWindowProcW
CallNextHookEx
SetPropW
PostMessageW
GetClassLongW
SetClassLongW
GetPropW
MessageBoxW
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
GetWindowThreadProcessId
IsWindowEnabled
EnumWindows
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetWindowTextA
GetWindowTextLengthA
CharUpperA
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
GetClientRect
GetFocus
GetParent

gdi32

ExtTextOutA
Escape
RectVisible
SetWindowExtEx
PtVisible
ExcludeClipRect
GetClipBox
GetViewportExtEx
ScaleWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SaveDC
RestoreDC
TextOutA
ExtSelectClipRgn
SetPolyFillMode
GetTextMetricsA
FillRgn
MoveToEx
LineTo
SetTextColor
SetBkMode
CreateFontIndirectW
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
SetROP2
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
CreatePatternBrush
SelectObject
GetObjectA
CreatePen
PatBlt
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiStreamOut

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA
GetFileTitleA
ChooseColorA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CLSIDFromString

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ImageList_GetImageCount
ImageList_Destroy
InitializeFlatSB
ImageList_Read
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetIconSize
ord17

ws2_32

closesocket
WSACleanup
inet_ntoa
recv
getpeername
accept
WSAAsyncSelect
recvfrom
ioctlsocket

gdiplus

GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdiplusStartup
GdipFillRectangleI
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDrawImageRectI

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7800c4522f0501d90829eb4bf19adcc5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

gdiplus

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 92KB - Virtual size: 159KB

.msvcjmc Size: 4KB - Virtual size: 3KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 76KB - Virtual size: 76KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 92KB - Virtual size: 159KB

.msvcjmc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 76KB - Virtual size: 76KB