2024-06-10_28a6e15bf7ef94d8ca931ce8427d3eba_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-10_28a6e15bf7ef94d8ca931ce8427d3eba_avoslocker
Size

2.5MB
MD5

28a6e15bf7ef94d8ca931ce8427d3eba
SHA1

999ca98c8a1e132af0958a9b1b8805644e249613
SHA256

d07dba6f2418cae75e5a3ec79c4537d13c9fa8742fbcee1ec005f289cbd7ec27
SHA512

a598dd48c3abf3b0356ed33aee9332cd1aaed10ef7e72ec1c23f26c6a701c039c512b86f77e390feb71060f907e0fe422cd818ceb0c2433a207d1e86a6762f27
SSDEEP

49152:+/MZ0q6Ags/BBzl0pWWqV2i2+ITfMTmU3Dl:qMaq6AgqBtlXITgJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-10_28a6e15bf7ef94d8ca931ce8427d3eba_avoslocker

Files

2024-06-10_28a6e15bf7ef94d8ca931ce8427d3eba_avoslocker
.exe windows:6 windows x86 arch:x86

ccd8fa6598e874162d9341b642ef1783

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\rudi\Desktop\git_ultravnc\winvnc\Release\winvnc.pdb

Imports

ws2_32

gethostbyname
inet_ntoa
select
WSAGetLastError
setsockopt
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
gethostname
shutdown
listen
WSAStartup
getpeername
inet_addr
getsockname
send
socket
connect
recv
getsockopt
htonl
htons

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserA

kernel32

Process32First
WriteFile
OutputDebugStringA
WaitForMultipleObjects
WaitForSingleObject
CreateFileW
GetSystemDirectoryW
CreateToolhelp32Snapshot
lstrcatW
Process32Next
LoadLibraryW
GetCurrentProcessId
CreateEventA
WaitNamedPipeW
GetExitCodeProcess
GetEnvironmentVariableA
SetCurrentDirectoryA
SetFileAttributesA
ResumeThread
ResetEvent
CompareFileTime
CreateFileA
GetFileSize
GetFileTime
GetStdHandle
WriteConsoleA
FreeConsole
FormatMessageA
AllocConsole
GetExitCodeThread
MoveFileA
GetDriveTypeA
SetFileTime
SetErrorMode
SetFilePointer
SetEndOfFile
GetFileAttributesA
MoveFileExA
FileTimeToSystemTime
GetLogicalDriveStringsA
SystemTimeToFileTime
CreateDirectoryA
GetSystemTime
FlushFileBuffers
TerminateProcess
VirtualAllocEx
ReadProcessMemory
SetThreadExecutionState
VirtualFreeEx
TerminateThread
SizeofResource
FindResourceA
LockResource
LoadResource
CreateMutexA
ReleaseMutex
GlobalGetAtomNameA
GlobalDeleteAtom
VerSetConditionMask
GlobalAddAtomA
SetLastError
Process32FirstW
SetProcessShutdownParameters
GetVolumeInformationA
ExitThread
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetCPInfo
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
GetModuleHandleExW
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
EncodePointer
RtlUnwind
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateSemaphoreA
TlsFree
TlsGetValue
TlsAlloc
GetCurrentThread
DuplicateHandle
SetThreadPriority
ReleaseSemaphore
TlsSetValue
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SwitchToThread
GetFileType
lstrcatA
lstrcmpiA
lstrcpynA
DosDateTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
SetVolumeLabelA
LocalFileTimeToFileTime
GetVersion
GetLocaleInfoA
GetFullPathNameA
lstrcpyA
ReadFile
Process32NextW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
CreateFileMappingA
WritePrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStructA
WritePrivateProfileStringA
WritePrivateProfileStructA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
WinExec
GetComputerNameA
GetProcessHeap
HeapAlloc
GetSystemInfo
GetSystemDirectoryA
lstrlenA
HeapFree
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
FreeLibrary
DeleteFileA
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetProcessTimes
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
GetVersionExA
SetEvent
GetLastError
OpenProcess
OpenEventA
CreateThread
CloseHandle
VerifyVersionInfoW
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentThreadId
GetModuleFileNameA
GetTickCount
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
MultiByteToWideChar
EnumSystemLocalesW
GetStringTypeW
HeapReAlloc
CreateDirectoryW
GetFileSizeEx
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
MoveFileExW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetUserDefaultLCID
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RemoveDirectoryW
HeapSize
WriteConsoleW
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleW

user32

CheckDlgButton
SetDlgItemInt
RedrawWindow
EnumWindows
LoadMenuA
GetMenuItemID
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
DestroyMenu
RemoveMenu
EnableMenuItem
EnableWindow
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
ToAscii
SendInput
DestroyWindow
SetClipboardViewer
GetClipboardOwner
WaitMessage
PostThreadMessageA
ChangeClipboardChain
SendNotifyMessageA
PeekMessageA
IsWindowVisible
FillRect
GetIconInfo
GetClassNameA
WindowFromPoint
RegisterWindowMessageA
DrawTextA
GetDlgItemInt
OpenDesktopA
EnumDesktopWindows
SetRect
DrawIconEx
DestroyIcon
GetKeyboardState
PtInRect
SetActiveWindow
MessageBeep
FlashWindow
EnumDisplaySettingsExA
EnumDisplayDevicesA
ChangeDisplaySettingsExA
GetKeyState
keybd_event
EnumDisplaySettingsA
GetWindowRect
LoadStringA
ScreenToClient
EndDialog
GetScrollInfo
DialogBoxParamA
GetDlgItemTextA
SetWindowTextA
MoveWindow
SetFocus
IsDlgButtonChecked
GetTopWindow
GetWindow
GetProcessWindowStation
FindWindowExA
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
SetForegroundWindow
GetCursorPos
ExitWindowsEx
DrawIcon
SetLayeredWindowAttributes
GetClientRect
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
GetWindowThreadProcessId
wsprintfA
SystemParametersInfoA
MessageBoxA
GetForegroundWindow
GetDesktopWindow
PostMessageA
SendMessageA
mouse_event
FindWindowA
GetMessageA
LoadImageA
DispatchMessageA
GetUserObjectInformationA
LoadCursorA
SetWindowPos
GetSystemMetrics
SetThreadDesktop
GetThreadDesktop
ShowWindow
CloseDesktop
SetTimer
SetWindowLongA
GetWindowLongA
AdjustWindowRect
DefWindowProcA
IsRectEmpty
CreateWindowExA
OpenInputDesktop
TranslateMessage
LoadIconA
KillTimer
PostQuitMessage
RegisterClassExA
GetDC
ReleaseDC
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
IntersectRect
OemToCharA
CharToOemA
wvsprintfA

gdi32

GetBitmapBits
SetDIBColorTable
GdiFlush
SetTextColor
SelectPalette
CreatePalette
SetBkColor
CreateFontIndirectA
GetObjectA
ExtEscape
GetSystemPaletteEntries
SetRectRgn
OffsetRgn
GetRegionData
PtInRegion
CombineRgn
GetRgnBox
CreateRectRgn
PatBlt
StretchBlt
GetStockObject
GetClipBox
SetBkMode
DeleteObject
DeleteDC
GetPixel
GetDeviceCaps
GetDIBits
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
CreateDCA
RealizePalette
CreateSolidBrush

advapi32

GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
IsValidSid
IsValidSecurityDescriptor
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidAcl
GetUserNameA
LookupAccountSidA
SetSecurityInfo
RegCreateKeyA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
CreateServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
DeleteService
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
RevertToSelf
EqualSid
AllocateAndInitializeSid
ImpersonateLoggedOnUser
FreeSid
GetTokenInformation
EnumServicesStatusA
CloseServiceHandle
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
CreateProcessAsUserA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegDeleteValueA

shell32

Shell_NotifyIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA
ShellExecuteExA
SHGetMalloc

ole32

CoUninitialize
CoCreateInstance
CoInitialize

imm32

ImmGetDefaultIMEWnd

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_final
crc32_init
crc32_update
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
inflate
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccd8fa6598e874162d9341b642ef1783

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

version

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 423KB - Virtual size: 423KB

.data Size: 7KB - Virtual size: 511KB

.rsrc Size: 583KB - Virtual size: 583KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 423KB - Virtual size: 423KB

.data
Size: 7KB - Virtual size: 511KB

.rsrc
Size: 583KB - Virtual size: 583KB

.reloc
Size: 48KB - Virtual size: 47KB