2024-06-15_d4cf25541e25d0de7d94962518ad0f9b_avoslocker_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_d4cf25541e25d0de7d94962518ad0f9b_avoslocker_magniber
Size

4.8MB
MD5

d4cf25541e25d0de7d94962518ad0f9b
SHA1

31488bf85cae1d28f555f2768358bb121c248ed5
SHA256

0b1e1c38d6af6925ddd17ae026a7423d9839d073a544dfc4b4461315db4f1566
SHA512

a271a2787a45fc275e50ac7c5d23db3db093d69bd6356b855bf478571354b88a4f54632b87fe7e5db36166a77c81e942ab90f5761db8fd89128c6e8510a30602
SSDEEP

98304:2i+B5lBhFZ57JXPtnjZ9V3MtY2wfnX00yh0gBqKPFHdXB//DcZG3jjB7yv:EPZ1JXPX9VkAfnXqzv/2G1yv

Score

10^/10

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-15_d4cf25541e25d0de7d94962518ad0f9b_avoslocker_magniber

Files

2024-06-15_d4cf25541e25d0de7d94962518ad0f9b_avoslocker_magniber
.exe windows:6 windows x86 arch:x86

a607075282cc97714709bf95ebde9401

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ITS\Azure Agent 02\_work\87\s\ITSEdgeSecureBrowser\Release\ITSEdgeBrowser.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FormatMessageW
FindClose
FindFirstFileA
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
DeleteFileA
GetFileAttributesExA
FileTimeToSystemTime
FreeLibrary
LoadLibraryA
CreateDirectoryA
CreateFileA
DeleteFileW
RemoveDirectoryA
WriteFile
GetTempPathA
SetEvent
CreateMutexA
CreateThread
GetTickCount64
GetModuleFileNameW
GetModuleHandleA
LoadResource
LockResource
SizeofResource
OpenMutexA
FindResourceA
GlobalReAlloc
GetDriveTypeA
GetFileAttributesW
RemoveDirectoryW
TerminateProcess
CreateProcessW
OpenProcess
GetVersionExA
LocalAlloc
CreateMutexExW
lstrcmpA
lstrcpyW
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCommandLineW
CreateDirectoryW
GetTempPathW
GetTempFileNameA
DecodePointer
RaiseException
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
RegisterApplicationRestart
GlobalMemoryStatusEx
GlobalMemoryStatus
GetComputerNameA
GetSystemTime
SystemTimeToFileTime
LoadLibraryExW
LoadLibraryW
GetEnvironmentVariableW
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
LocalFree
GetProcessHeap
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
ReadFile
ExitProcess
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
CreateFileW
SetLastError
HeapAlloc
GetLastError
CloseHandle
OutputDebugStringW
DebugBreak
IsDebuggerPresent
GlobalFree
GlobalAlloc
FlushFileBuffers
GetConsoleOutputCP
SetEndOfFile
HeapReAlloc
WriteConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileSizeEx

user32

SetWindowDisplayAffinity
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetRawInputData
GetClassNameA
GetWindowLongA
GetClientRect
SetWindowTextA
EndPaint
BeginPaint
SetWindowTextW
EnableWindow
GetKeyState
EndDialog
DialogBoxParamA
RegisterClassExW
PostQuitMessage
LoadStringW
RegisterRawInputDevices
SetWindowPos
GetAncestor
EnumDisplayMonitors
IsDialogMessageA
GetDesktopWindow
SetWindowLongA
MessageBoxA
UpdateWindow
TranslateAcceleratorA
LoadAcceleratorsA
GetAsyncKeyState
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostMessageA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
EmptyClipboard
CloseClipboard
OpenClipboard
wsprintfA
MessageBoxW
GetSystemMetrics
CreateWindowExW

advapi32

RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHCreateItemFromParsingName
SHGetSpecialFolderPathA
ShellExecuteExA
SHChangeNotify
SetCurrentProcessExplicitAppUserModelID
ShellExecuteA

shlwapi

PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFindFileNameA
PathFileExistsA

ole32

CoTaskMemAlloc
OleUninitialize
CoCreateInstance
CoInitializeEx
OleInitialize
CoTaskMemFree

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
LoadTypeLi
SysAllocString
SysFreeString

urlmon

CoInternetCreateZoneManager
CreateUri
URLDownloadToFileA

wininet

InternetQueryOptionA
InternetGetConnectedState
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
InternetSetOptionA

crypt32

CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringA
CryptQueryObject
CertGetNameStringW
CertFreeCertificateChain
CryptMsgGetParam

wintrust

WinVerifyTrust

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a607075282cc97714709bf95ebde9401

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

wininet

crypt32

wintrust

Sections

.text Size: 429KB - Virtual size: 428KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 239KB - Virtual size: 1.1MB

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 429KB - Virtual size: 428KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 239KB - Virtual size: 1.1MB

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 30KB - Virtual size: 29KB