2024-06-10_f14371b96093c609b697479c4a1eaac5_avoslocker_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-10_f14371b96093c609b697479c4a1eaac5_avoslocker_magniber_revil
Size

16.1MB
MD5

f14371b96093c609b697479c4a1eaac5
SHA1

5274a947d3833d08fad808d5ce2deeffe2765fe1
SHA256

4fa85000e62565501a8bfa3ad994fc6b18036bdb13b0554707a7b895df10f9a2
SHA512

a36adfc3367ed597015de263c61a12a5e337e69e752383bed0f88bece43d1ab074bb0b6d6ca67bbf2a774540785bbace795b4afcbd8e0a0a02f37e5f67548e80
SSDEEP

393216:HaXeImCdLacjZ5kbCkXExEK5s0srK5rqNkEbDST7:MhmMlNWbCwKe0s1bD

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-06-10_f14371b96093c609b697479c4a1eaac5_avoslocker_magniber_revil

Files

2024-06-10_f14371b96093c609b697479c4a1eaac5_avoslocker_magniber_revil
.exe windows:5 windows x86 arch:x86

df9045530b4322e1643c0c6f5d441aae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TemporaryBuilds\installer_builder_1\58\s\_bin\architect8\Win32\PDF_Architect_8_Installer.pdb

Imports

kernel32

GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentProcess
GetStdHandle
SetFileTime
GetEnvironmentVariableA
FindClose
CreateFileW
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTime
DebugBreak
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateDirectoryW
TlsAlloc
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
CreateEventA
TlsFree
LocalAlloc
QueryPerformanceFrequency
GetDriveTypeW
GetModuleHandleW
GetCommandLineW
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateThread
CreateEventW
GetModuleFileNameW
TerminateProcess
SetUnhandledExceptionFilter
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
SetFileAttributesW
CopyFileW
CreateProcessW
RemoveDirectoryW
FindNextFileW
SetLastError
GetWindowsDirectoryW
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjectsEx
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetShortPathNameW
GetUserDefaultLCID
OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
IsWow64Process
GetExitCodeProcess
Process32FirstW
Process32NextW
GetModuleHandleA
LockResource
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ProcessIdToSessionId
CreateMutexA
GetModuleFileNameA
LoadLibraryExA
DuplicateHandle
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileW
TlsSetValue
MoveFileW
GetSystemDirectoryW
MoveFileExA
CompareFileTime
GetFileType
PeekNamedPipe
GetCurrentThread
GetThreadTimes
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
ResetEvent
CreateSemaphoreW
ResumeThread
GetComputerNameW
CompareStringW
CompareStringA
GetNumberFormatW
GetCurrencyFormatW
GetSystemDefaultLCID
MulDiv
GetTempFileNameA
GlobalSize
AllocConsole
SetErrorMode
ExitProcess
LocalSize
lstrlenW
GetCPInfo
SetHandleInformation
CancelIo
RegisterWaitForSingleObject
UnregisterWait
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeHandleStateW
SwitchToThread
QueueUserWorkItem
CreateNamedPipeA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleInputW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LCMapStringW
GetFileInformationByHandle
SetFilePointerEx
DeviceIoControl
MoveFileExW
CreateHardLinkW
GetLongPathNameW
ReadDirectoryChangesW
SetEnvironmentVariableW
GetVolumeInformationW
GetStartupInfoW
VirtualAlloc
VirtualFree
lstrcmpW
SetThreadPriority
GetThreadPriority
VirtualProtect
GetWindowsDirectoryA
GetComputerNameA
InterlockedPopEntrySList
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SignalObjectAndWait
CreateTimerQueue
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
CreatePipe
EnumSystemLocalesW
IsValidLocale
GetFileSizeEx
GetConsoleCP
SetStdHandle
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
FoldStringW
EnumSystemLocalesA
GetLocaleInfoA
IsDBCSLeadByteEx
IsValidCodePage
GetStringTypeExA
LCMapStringA
GetStringTypeExW
CreateWaitableTimerA
GetLogicalProcessorInformation
OpenEventA
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
GetStringTypeW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
MapViewOfFileEx
lstrcpynW
VirtualQuery
TlsGetValue
SetConsoleCtrlHandler
QueryDepthSList

winspool.drv

ord203

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdiplus

GdipSetPageUnit
GdipTransformPoints
GdipDrawLine
GdipDrawArc
GdipDrawRectangle
GdipDrawEllipse
GdipDrawPie
GdipDrawPath
GdipGraphicsClear
GdipFillRectangle
GdipFillRectangleI
GdipFillRectanglesI
GdipFillEllipse
GdipFillPie
GdipFillPath
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRectI
GdipGetClipBoundsI
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipEndContainer
GdiplusStartup
GdiplusShutdown
GdipDeleteFontFamily
GdipGetEmHeight
GdipGetCellAscent
GdipGetLineSpacing
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipGetFontSize
GdipCreateBitmapFromGraphics
GdipCreateHBITMAPFromBitmap
GdipDrawImageI
GdipDrawDriverString
GdipGetImageWidth
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipGetWorldTransform
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHWND
GdipCreateFromHDC
GdipTranslateWorldTransform
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPenDashArray
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipSetPathGradientTransform
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipSetPathGradientCenterPoint
GdipCreatePathGradientFromPath
GdipMultiplyLineTransform
GdipSetLineWrapMode
GdipSetLinePresetBlend
GdipCreateLineBrush
GdipCreateSolidFill
GdipCreateTexture
GdipDeleteBrush
GdipCloneBrush
GdipGetMatrixElements
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipIsVisiblePathPoint
GdipGetPathWorldBounds
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipAddPathEllipse
GdipAddPathBezier
GdipAddPathArc
GdipAddPathLine
GdipClosePathFigure
GdipStartPathFigure
GdipSetPathFillMode
GdipResetPath
GdipDeletePath
GdipClonePath
GdipCreatePath
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipMultiplyWorldTransform
GdipGetImageGraphicsContext

uxtheme

SetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

usp10

ScriptFreeCache
ScriptApplyDigitSubstitution
ScriptBreak
ScriptPlace
ScriptShape
ScriptItemize

Exports

Exports

??0?$singleton@V?$extended_type_info_typeid@UAppMdiData@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vdate@gregorian@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vptime@posix_time@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UAppMdiData@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UAppMdiData@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vdate@gregorian@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vdate@gregorian@boost@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vptime@posix_time@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vptime@posix_time@boost@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?unlock@singleton_module@serialization@boost@@QAEXXZ

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df9045530b4322e1643c0c6f5d441aae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

winspool.drv

userenv

gdiplus

uxtheme

usp10

Exports

Exports

Sections

.text Size: 9.5MB - Virtual size: 9.5MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 360KB - Virtual size: 514KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 535KB - Virtual size: 535KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 9.5MB - Virtual size: 9.5MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 360KB - Virtual size: 514KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 535KB - Virtual size: 535KB

.zero
Size: 4KB - Virtual size: 3KB