2024-06-15_31c680c73261d867169c9859b0235fc4_avoslocker_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-15_31c680c73261d867169c9859b0235fc4_avoslocker_magniber
Size

1.6MB
MD5

31c680c73261d867169c9859b0235fc4
SHA1

5a94d51dfe4c37acebc1b51d995ea1fcc8ab5f76
SHA256

cd4de592833fb5bc3ff1897cecb02cd0b24b4db6b9b09649c444388ca4425921
SHA512

d2f85d52108ee936743e5fc2e81a124d241b223bf4f10d10c807dc00146b537a757c9f6e5451b91f605b6245e4335544d4e1e80def515d219afb17794f41cb07
SSDEEP

49152:pTxjy1pHYffcWnSRSqO6Kbzya64k+UOJYv86k:njy/YSQqO6KV6k

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_31c680c73261d867169c9859b0235fc4_avoslocker_magniber
.exe windows:6 windows x86 arch:x86

9e116a2445ff78967fe56f5aa5acd58e

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/09/2023, 00:00

Not After

19/09/2024, 23:59

Subject

SERIALNUMBER=3482342,CN=Amazon.com Services LLC,OU=Amazon Game Studios,O=Amazon.com Services LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:68:4b:f2:9e:a5:cf:4c:5e:a2:1d:1c:65:5a:f4:d1:13:b0:64:f9:7d:92:d2:77:f1:c5:29:c1:9c:af:ad:00
Signer

Actual PE Digest

44:68:4b:f2:9e:a5:cf:4c:5e:a2:1d:1c:65:5a:f4:d1:13:b0:64:f9:7d:92:d2:77:f1:c5:29:c1:9c:af:ad:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\a32503736090ae0\.build_sonic\App\Amazon Games.pdb

Imports

kernel32

QueryPerformanceFrequency
DeleteFileW
Process32FirstW
HeapReAlloc
RaiseException
CreateThread
HeapAlloc
GetCurrentDirectoryW
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GlobalMemoryStatusEx
WideCharToMultiByte
LocaleNameToLCID
GetDiskFreeSpaceExA
QueryPerformanceCounter
FindNextFileW
ReleaseSemaphore
FindClose
K32GetProcessMemoryInfo
FileTimeToSystemTime
GetSystemTime
CreateSemaphoreA
WaitNamedPipeA
CreateNamedPipeA
CreateFileA
GetCurrentThread
CreateEventA
ConnectNamedPipe
GetExitCodeThread
MoveFileExW
CopyFileW
SetFilePointerEx
FreeLibrary
SetLastError
GetThreadTimes
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
FormatMessageA
IsProcessorFeaturePresent
InitOnceComplete
InitOnceBeginInitialize
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockShared
AcquireSRWLockShared
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedPushEntrySList
VirtualAlloc
VirtualProtect
RtlUnwind
ExitThread
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
WriteConsoleW
GetSystemInfo
VirtualQuery
SetStdHandle
ExitProcess
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
Process32NextW
FormatMessageW
ProcessIdToSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
GetCurrentProcess
HeapFree
GetFileSizeEx
ReadFile
HeapSize
GetModuleHandleA
CreateDirectoryW
GetComputerNameW
OutputDebugStringW
GetDynamicTimeZoneInformation
ReleaseMutex
GetVersionExW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetModuleFileNameW
TerminateProcess
GetSystemDefaultUILanguage
WriteFile
GetStdHandle
Sleep
GetLastError
CreateProcessW
GetCurrentProcessId
GetExitCodeProcess
WaitForMultipleObjects
CreateEventW
OpenProcess
SetEvent
CloseHandle
SetConsoleCtrlHandler
LocalFree
GetCommandLineW
SetEndOfFile
GetCurrentThreadId

shell32

SHGetFolderPathW
CommandLineToArgvW
SetCurrentProcessExplicitAppUserModelID

winhttp

WinHttpConnect
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

rpcrt4

UuidCreate

user32

GetWindowThreadProcessId
GetFocus
ShowWindow
GetClassNameW
PostMessageW
EnumWindows
SetForegroundWindow
IsIconic
GetWindowTextW

advapi32

SetSecurityDescriptorDacl
SetEntriesInAclA
InitializeSecurityDescriptor
InitializeAcl
OpenThreadToken
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
EqualSid
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
OpenProcessToken
FreeSid
CheckTokenMembership
GetLengthSid
LookupAccountSidW
GetTokenInformation
GetUserNameW

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e116a2445ff78967fe56f5aa5acd58e

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

44:68:4b:f2:9e:a5:cf:4c:5e:a2:1d:1c:65:5a:f4:d1:13:b0:64:f9:7d:92:d2:77:f1:c5:29:c1:9c:af:ad:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

winhttp

version

userenv

rpcrt4

user32

advapi32

ole32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 269KB - Virtual size: 269KB

.data Size: 72KB - Virtual size: 96KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 77KB - Virtual size: 77KB

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

44:68:4b:f2:9e:a5:cf:4c:5e:a2:1d:1c:65:5a:f4:d1:13:b0:64:f9:7d:92:d2:77:f1:c5:29:c1:9c:af:ad:00
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 269KB - Virtual size: 269KB

.data
Size: 72KB - Virtual size: 96KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 77KB - Virtual size: 77KB