2024-06-14_d7f2e4d231c7d7e1b2572831075289c8_avoslocker_floxif

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_d7f2e4d231c7d7e1b2572831075289c8_avoslocker_floxif
Size

2.4MB
MD5

d7f2e4d231c7d7e1b2572831075289c8
SHA1

11f2f026de39f8ab614323f443585adad092ff72
SHA256

1666f2c70d7a4227df5e67ec3bd77b1df90d26a29cec96ad66d6cfb4c9fb6ce0
SHA512

c8dfb543ac242c0f96a2b11585e6b7757b71143aae7012a66d09e15e862e9e0c06d246a3f8a4a1e38c7b28f695dc68435d033294454b44c0b4a5372fb23b6e49
SSDEEP

49152:OIoNkiIzHlGR0bgkxiIQ/ejSYTxsnwxz69D2KmZMS5:Vo6HlGR2Q/aSmzT

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_d7f2e4d231c7d7e1b2572831075289c8_avoslocker_floxif
.exe windows:6 windows x86 arch:x86

e2cc08dc3c4579d9ddb949d173b84c83

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2020, 00:00

Not After

26/03/2023, 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2020, 00:00

Not After

26/03/2023, 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:6c:70:27:f0:9d:a0:37:7b:63:80:fc:6b:a0:ff:2b:de:ed:a4:84:99:97:e4:e9:21:94:fd:7b:47:14:12:79
Signer

Actual PE Digest

e7:6c:70:27:f0:9d:a0:37:7b:63:80:fc:6b:a0:ff:2b:de:ed:a4:84:99:97:e4:e9:21:94:fd:7b:47:14:12:79

Digest Algorithm

sha256

PE Digest Matches

false

57:c7:6d:17:ec:19:26:31:70:20:d8:ce:57:b0:76:77:fe:d7:c5:e0
Signer

Actual PE Digest

57:c7:6d:17:ec:19:26:31:70:20:d8:ce:57:b0:76:77:fe:d7:c5:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\devel\Ark7\bin.win32\Bandizip.x86.pdb

Imports

kernel32

OpenProcess
TerminateProcess
GetSystemInfo
LocalAlloc
FileTimeToLocalFileTime
GetModuleHandleExW
MulDiv
GlobalLock
GlobalUnlock
FormatMessageW
CreateThread
ExitProcess
SetUnhandledExceptionFilter
CompareStringOrdinal
VirtualProtect
GlobalSize
lstrlenA
InitializeCriticalSection
CreateEventW
SetEvent
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
CompareFileTime
GetVersion
ResetEvent
GetUserDefaultUILanguage
lstrcpyA
GetTickCount
GetStdHandle
SetConsoleTextAttribute
CompareStringW
MoveFileW
GlobalMemoryStatusEx
TerminateThread
SetPriorityClass
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetLongPathNameW
FreeConsole
AllocConsole
IsDebuggerPresent
GetCommandLineW
SetCurrentDirectoryW
GetComputerNameW
GetPrivateProfileStringW
CreateMutexW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
lstrcmpiW
DecodePointer
SetErrorMode
CreateFileMappingW
GetShortPathNameW
GetUserDefaultLangID
SetThreadPriority
lstrcatA
WaitForMultipleObjects
GetPrivateProfileIntW
ReleaseMutex
GetExitCodeThread
WriteConsoleW
SetEndOfFile
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
RemoveDirectoryW
SetFileAttributesW
lstrcpyW
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
GetFileAttributesW
lstrlenW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetModuleFileNameW
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GetCurrentThread
GetCurrentProcess
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
DeviceIoControl
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
OutputDebugStringW
GetCurrentProcessId
Sleep
GetTickCount64
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
InitializeCriticalSectionEx
DeleteCriticalSection
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
DeleteFileW
GetLastError
FindResourceExW
FindResourceW
VirtualQuery
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetDriveTypeW
HeapDestroy

user32

GetSubMenu
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuStringW
GetMenuItemCount
EnumChildWindows
IntersectRect
SetWindowRgn
AdjustWindowRectEx
SetProcessDPIAware
SubtractRect
GetClassLongW
GetClassNameW
RegisterClipboardFormatW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseCapture
SetCapture
wsprintfW
DestroyIcon
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetWindowPlacement
GetWindowThreadProcessId
SetPropW
IsDialogMessageW
ClientToScreen
MonitorFromPoint
CopyRect
MonitorFromRect
SystemParametersInfoW
FindWindowW
GetClassInfoExW
RegisterClassExW
InflateRect
EqualRect
KillTimer
SetTimer
SendMessageTimeoutW
PostMessageW
LoadIconW
GetFocus
CreateDialogIndirectParamW
GetCapture
GetMessageW
DrawIconEx
CreatePopupMenu
TrackPopupMenu
GetMenuDefaultItem
EnumWindows
EnumDisplayMonitors
UnionRect
WaitForInputIdle
GetPropW
RemovePropW
GetDlgItemInt
SetDlgItemInt
DeleteMenu
InsertMenuW
PostQuitMessage
GetMenu
TranslateAcceleratorW
LoadAcceleratorsW
CharNextW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetClientRect
MapWindowPoints
GetParent
GetSysColor
GetWindowRect
InvalidateRect
GetDlgItem
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetDlgItemTextW
GetShellWindow
EnableMenuItem
SetWindowTextA
CheckMenuItem
SetWindowPlacement
CreateDialogParamW
ScrollWindow
GetScrollInfo
MessageBoxW
DestroyMenu
LoadMenuW
TrackMouseEvent
UpdateWindow
RegisterClassW
IsWindowEnabled
GetKeyState
IsWindow
GetCursorPos
PtInRect
SetRect
OffsetRect
GetWindowDC
SetScrollInfo
SetScrollRange
ScreenToClient
IsRectEmpty
ReleaseDC
GetDC
EnableWindow
GetActiveWindow
UnregisterClassW
DialogBoxParamW
EndDialog
MoveWindow
FindWindowExW
SetFocus
ShowWindow
GetCaretPos
LoadCursorW
SetCursor
DefWindowProcW
DestroyWindow
GetDlgCtrlID
CallWindowProcW
IsWindowVisible
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowTextW
RegisterWindowMessageW
PeekMessageW
TranslateMessage
SetScrollPos
CreateWindowExW
GetSystemMetrics
EndPaint
BeginPaint
DrawTextW
GetDesktopWindow
SetRectEmpty
DispatchMessageW
RedrawWindow

gdi32

SetPixel
CombineRgn
ExtCreateRegion
LineTo
MoveToEx
OffsetRgn
CreateDIBSection
OffsetWindowOrgEx
CreateFontW
CreateRectRgn
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
ExcludeClipRect
GetTextMetricsW
DeleteDC
BitBlt
SetBkMode
SetWindowOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
ExtTextOutW
SetBkColor
CreateFontIndirectW
GetObjectW
DeleteObject
CreateSolidBrush

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptGenRandom
CryptReleaseContext
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RevertToSelf
AreAllAccessesGranted
AccessCheck
ImpersonateSelf
GetFileSecurityW
RegCloseKey
CryptAcquireContextW

shell32

SHOpenFolderAndSelectItems
ord190
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
DragFinish
DragQueryFileW
ord155
SHGetSpecialFolderPathW
ExtractIconExW
ord16
SHCreateDirectoryExW
ord2
ord4
ord21
SHGetDataFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFolderLocation
ord727
SHGetFileInfoW
SHChangeNotify
SHAppBarMessage
ShellExecuteExW
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconW
DragAcceptFiles

ole32

OleInitialize
CoTaskMemRealloc
CoUninitialize
CoInitialize
OleSetContainedObject
OleCreate
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
CoAllowSetForegroundWindow
CoCreateInstance
DoDragDrop

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
VarUI4FromStr

shlwapi

StrFormatByteSizeW
PathIsDirectoryW
PathMatchSpecW
PathFileExistsW
PathGetDriveNumberW
StrStrW
PathCanonicalizeW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_SetBkColor
ImageList_SetIconSize
ord381
ImageList_GetIcon
ImageList_Add
_TrackMouseEvent
ord17
ImageList_Destroy

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dbghelp

MiniDumpWriteDump

wininet

HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpSendRequestW
InternetErrorDlg
HttpQueryInfoW
HttpAddRequestHeadersW
InternetConnectA
InternetSetOptionW
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
InternetCheckConnectionW
InternetQueryDataAvailable
HttpOpenRequestA
InternetQueryOptionW
InternetReadFile

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2cc08dc3c4579d9ddb949d173b84c83

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

e7:6c:70:27:f0:9d:a0:37:7b:63:80:fc:6b:a0:ff:2b:de:ed:a4:84:99:97:e4:e9:21:94:fd:7b:47:14:12:79Signer

57:c7:6d:17:ec:19:26:31:70:20:d8:ce:57:b0:76:77:fe:d7:c5:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

dbghelp

wininet

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 401KB - Virtual size: 401KB

.data Size: 34KB - Virtual size: 79KB

.didat Size: 512B - Virtual size: 28B

ve_share Size: 2KB - Virtual size: 1KB

.rsrc Size: 163KB - Virtual size: 163KB

.reloc Size: 84KB - Virtual size: 84KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e7:6c:70:27:f0:9d:a0:37:7b:63:80:fc:6b:a0:ff:2b:de:ed:a4:84:99:97:e4:e9:21:94:fd:7b:47:14:12:79
Signer

57:c7:6d:17:ec:19:26:31:70:20:d8:ce:57:b0:76:77:fe:d7:c5:e0
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 401KB - Virtual size: 401KB

.data
Size: 34KB - Virtual size: 79KB

.didat
Size: 512B - Virtual size: 28B

ve_share
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 163KB - Virtual size: 163KB

.reloc
Size: 84KB - Virtual size: 84KB