C:\BuildAgent\work\33b2b67282fffa05\tminstaller\Teramind.Setup\Teramind.Setup.Remover\obj\Release\Teramind.Setup.Remover.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-11_2452f34f9ad4dc3546ea7f2217341aee_avoslocker_revil.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-11_2452f34f9ad4dc3546ea7f2217341aee_avoslocker_revil.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-11_2452f34f9ad4dc3546ea7f2217341aee_avoslocker_revil
-
Size
6.5MB
-
MD5
2452f34f9ad4dc3546ea7f2217341aee
-
SHA1
459ddfad16fecf6a6fcd3c135a01efadc71c42d6
-
SHA256
4dc83a9a840b9e94778e5e8a8a01758d413a9e018cf4ee979340c483d36537ce
-
SHA512
5e1d347a7cac895dbec41c97986f1c6bc695a88ddd5f827bd3f66cdd73c70c310430c95e403bc09597c43d2e2c4def3fea91312773fdf072ea075cd9f4b48528
-
SSDEEP
98304:AI9tiSH6a6gfFCZ8th/yp3qvZ4ypOKRxoBBTxBQk6dtQV3:AAH6aff4+4p84yjRyBNxqQV3
Malware Config
Signatures
-
Detects executables manipulated with Fody 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_Fody -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-11_2452f34f9ad4dc3546ea7f2217341aee_avoslocker_revil
Files
-
2024-06-11_2452f34f9ad4dc3546ea7f2217341aee_avoslocker_revil.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.4MB - Virtual size: 6.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 101KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ