2024-06-14_83dab39e11692acb492d647ef69ad778_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_83dab39e11692acb492d647ef69ad778_avoslocker
Size

1.8MB
MD5

83dab39e11692acb492d647ef69ad778
SHA1

78ae1448667ff3fed66ad24b050f5bd91a013594
SHA256

815ca6da3ac99d412a8add196c479fed46b6bc967805d2084b7269a1c5d0a268
SHA512

7c6e2fc1a85f6af9f6a4b6a09099a78cefea8a16f0c7f04b49182dea479b659a92fe544f87ea2fb5196264ba7cbaa1de47b3a83b74ec1ad78e40ae87bbde6f3f
SSDEEP

24576:CziiayeEcVkzfSJsLlmc2/H9oZNPwIeq1RDo+D1pRBZDu5UoGH:siiPe7V2qSEHUNIIeq1a+JpRBBu5UoGH

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_83dab39e11692acb492d647ef69ad778_avoslocker
.exe windows:6 windows x86 arch:x86

045224210d2e691689b36d466cc6d6ea

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:2e:9e:fd:50:e5:13:a8:63:73:b7:34
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

19/12/2022, 13:03

Not After

21/04/2025, 16:34

Subject

SERIALNUMBER=03975626,CN=LIFE RACING LIMITED,O=LIFE RACING LIMITED,STREET=Unit 6 Repton Close\, Burnt Mills Industrial Estate,L=Basildon,ST=Essex,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:71:51:8d:d1:c6:c8:7f:a1:3d:dc:bf:18:85:93:52:a7:3a:75:0b:20:d6:2d:1a:08:2f:af:12:c9:cc:0e:5a
Signer

Actual PE Digest

cd:71:51:8d:d1:c6:c8:7f:a1:3d:dc:bf:18:85:93:52:a7:3a:75:0b:20:d6:2d:1a:08:2f:af:12:c9:cc:0e:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cpp-src\GIT\PC\LifeNetServerV2\Release as LR\LifeNetServerV2.pdb

Imports

ws2_32

WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAGetOverlappedResult
WSARecv
WSAResetEvent
WSASend
WSAWaitForMultipleEvents
WSAStartup
connect
htonl
ntohl
recv
select
send
WSASocketA
getaddrinfo
gethostname
getpeername
bind
getsockname
freeaddrinfo
closesocket

comdlg32

PrintDlgA

user32

MonitorFromWindow
GetMonitorInfoA
PostMessageA
DefWindowProcA
wsprintfA
FindWindowExA
SetActiveWindow
MonitorFromPoint
LoadIconA
GetWindow
MapWindowPoints
SetWindowTextA
CharNextW
CharNextA
GetWindowTextA
PostThreadMessageA
GetWindowRgn
InflateRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowThreadProcessId
EnumWindows
GetParent
CopyRect
FrameRect
ScreenToClient
DrawAnimatedRects
GetWindowRect
ReleaseCapture
SetCapture
IsWindowVisible
VkKeyScanA
MessageBeep
ClientToScreen
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetKeyState
BringWindowToTop
IsChild
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadBitmapA
PtInRect
OffsetRect
GetCursorPos
SetCursor
GetWindowDC
UpdateWindow
GetAsyncKeyState
MoveWindow
DestroyWindow
PostQuitMessage
TrackMouseEvent
LoadCursorA
SetWindowLongA
GetWindowLongA
EqualRect
GetClientRect
RedrawWindow
InvalidateRect
EndPaint
GetSystemMetrics
SendMessageTimeoutA
CharUpperA
CallWindowProcA
UnregisterClassA
RegisterClassExA
GetClassInfoExA
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
KillTimer
SetTimer
GetWindowPlacement
SetWindowPos
ShowWindow
CreateWindowExA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoSetProxyBlanket
CoInitializeSecurity
CoDisconnectObject
StringFromGUID2
CoCreateInstance
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoReleaseServerProcess

oleaut32

VarUI4FromStr
SafeArrayCopy
VariantClear
VariantInit
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarBstrCat
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SysStringLen
SysFreeString
SysAllocStringLen
SafeArrayGetVartype

kernel32

CreateEventW
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
SetStdHandle
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
ExitProcess
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
GetConsoleCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
FindNextFileW
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetModuleFileNameA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
LCMapStringEx
GetStringTypeW
EncodePointer
InitializeCriticalSectionEx
GetPrivateProfileStringA
GetPrivateProfileIntA
DeviceIoControl
LocalAlloc
lstrcmpA
GetVersion
LocalFree
GlobalFree
WaitForMultipleObjects
OpenEventA
FlushViewOfFile
UnmapViewOfFile
GetTempPathA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
ReleaseMutex
CreateMutexA
CreateFileA
CreateFileW
FlushFileBuffers
GetFileSize
GetFileTime
ReadFile
SetFilePointer
WriteFile
CloseHandle
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetStdHandle
CompareFileTime
CreateDirectoryA
DeleteFileA
DeleteFileW
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
GetFileAttributesA
GetFileAttributesW
GetCurrentProcess
GetWindowsDirectoryA
FindResourceExW
FreeLibrary
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryA
GlobalLock
lstrlenA
MoveFileA
MoveFileW
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
AttachConsole
CreateToolhelp32Snapshot
Process32First
Process32Next
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
FatalAppExitA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
SetEndOfFile
GetSystemTime
SystemTimeToFileTime
GetModuleHandleA
GetEnvironmentVariableA
GetCurrentDirectoryA
OutputDebugStringA
SuspendThread
ResumeThread
GetThreadId
GetThreadContext
GetVersionExA
ReadProcessMemory
GlobalAlloc
GlobalUnlock
SetEvent
ResetEvent
WaitForSingleObject
SleepEx
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventA
Sleep
GetTickCount
SetCurrentDirectoryA
SetFileAttributesA
CreateThread
GetCommandLineA
GetVolumeInformationA
DecodePointer
ReleaseSemaphore
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetModuleHandleW
CreateSemaphoreA
TerminateThread
lstrcpyA
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
LoadLibraryExA
lstrcmpiA
FindResourceA
IsDBCSLeadByte

advapi32

OpenProcessToken
GetTokenInformation
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
GetUserNameA
RegEnumKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryInfoKeyA
RegQueryInfoKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

shell32

ShellExecuteA
Shell_NotifyIconA
SHAppBarMessage
SHGetSpecialFolderPathA

shlwapi

PathFindNextComponentA
SHDeleteKeyA
StrStrA
PathFileExistsA

gdi32

CreateSolidBrush
CreateFontIndirectA
DeleteObject
GetTextExtentPoint32A
LineTo
SelectObject
SetBkColor
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
ExtTextOutA
Polyline
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
StretchBlt
CreateDIBSection
CreateFontA
GetDeviceCaps
CreatePen
CreateRectRgn
SelectClipRgn
SetBkMode
TextOutW
BeginPath
EndPath
StrokePath
SetROP2
Ellipse
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
CreateRectRgnIndirect
PtInRegion
Polygon

msimg32

TransparentBlt
GradientFill

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

045224210d2e691689b36d466cc6d6ea

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

28:2e:9e:fd:50:e5:13:a8:63:73:b7:34Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cd:71:51:8d:d1:c6:c8:7f:a1:3d:dc:bf:18:85:93:52:a7:3a:75:0b:20:d6:2d:1a:08:2f:af:12:c9:cc:0e:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

comdlg32

user32

ole32

oleaut32

kernel32

advapi32

shell32

shlwapi

gdi32

msimg32

version

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 217KB - Virtual size: 217KB

.data Size: 31KB - Virtual size: 174KB

.msvcjmc Size: 2KB - Virtual size: 1KB

.rsrc Size: 324KB - Virtual size: 323KB

.reloc Size: 58KB - Virtual size: 58KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

28:2e:9e:fd:50:e5:13:a8:63:73:b7:34
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cd:71:51:8d:d1:c6:c8:7f:a1:3d:dc:bf:18:85:93:52:a7:3a:75:0b:20:d6:2d:1a:08:2f:af:12:c9:cc:0e:5a
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 217KB - Virtual size: 217KB

.data
Size: 31KB - Virtual size: 174KB

.msvcjmc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 324KB - Virtual size: 323KB

.reloc
Size: 58KB - Virtual size: 58KB