2024-06-15_91c5479a6f5fd1a7685cf7e5be5d1a76_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_91c5479a6f5fd1a7685cf7e5be5d1a76_avoslocker_revil
Size

6.1MB
MD5

91c5479a6f5fd1a7685cf7e5be5d1a76
SHA1

e5d71fd566d8b40e89eabe1d38eedbfb1a6a2b58
SHA256

87c0f704df1cb6356edd5db280befdab59d288be86991daa715caa010ef38591
SHA512

b38440bb4b59493e8cfb09d3d14af98837eed57b02ce85184df9102465812b90815bcb2c33127bb015528efe9e3a5fb2b661bf7037069281cfe825d66520da7e
SSDEEP

98304:mchEQBFMlJuW0sp4Wxf6qO7mdA/4V+7fddkYngM0BbxtRlS:miF4JuW0sp4Wxf6qWN7fddlB0BdtrS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-15_91c5479a6f5fd1a7685cf7e5be5d1a76_avoslocker_revil

Files

2024-06-15_91c5479a6f5fd1a7685cf7e5be5d1a76_avoslocker_revil
.exe windows:6 windows x86 arch:x86

783b6be12bf68766a4e027990141a2f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\tmclient\out_stealth\Release\ut.pdb

Imports

user32

GetDesktopWindow
MessageBoxW
LoadStringW
GetProcessWindowStation
GetUserObjectInformationW
LoadStringA

advapi32

CryptDestroyHash
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
CopySid
CreateWellKnownSid
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
InitializeAcl
IsValidSid
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
CryptReleaseContext
CryptGetHashParam
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegisterEventSourceW
CryptHashData
CryptCreateHash
RegCreateKeyExA
ReportEventA
RegisterEventSourceA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
CryptAcquireContextW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

shlwapi

UrlEscapeA
PathRemoveFileSpecW

ws2_32

getpeername
sendto
recvfrom
recv
listen
gethostname
getsockname
bind
accept
__WSAFDIsSet
WSAIoctl
socket
htons
ntohs
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
closesocket
connect
ioctlsocket
freeaddrinfo
getaddrinfo
WSASocketW
WSASendTo
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
shutdown
setsockopt
select
getsockopt
ntohl

netapi32

NetUserEnum

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

dbghelp

MiniDumpWriteDump

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

kernel32

FreeLibraryAndExitThread
GetModuleHandleExW
K32EnumProcessModules
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
ConvertThreadToFiberEx
ConvertFiberToThread
GetSystemDirectoryA
FindFirstFileW
CreateFiberEx
DeleteFiber
CreateFileW
OutputDebugStringA
OutputDebugStringW
CloseHandle
GetLastError
DeviceIoControl
ReleaseSRWLockShared
AcquireSRWLockShared
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
LocalFree
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemTimeAsFileTime
GetCurrentThread
GetCurrentThreadId
SleepEx
FormatMessageA
FormatMessageW
WideCharToMultiByte
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
CreateEventW
SetEvent
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjects
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
RaiseException
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ProcessIdToSessionId
GetModuleHandleA
GetProcAddress
ReleaseMutex
GetModuleFileNameA
GetFileInformationByHandle
GetFileSize
ReadFile
K32GetModuleInformation
WriteFile
GetLocalTime
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
SystemTimeToFileTime
CreateFileA
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
RtlCaptureContext
InitializeCriticalSection
CreateSemaphoreW
CreateThread
OpenThread
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
VirtualQueryEx
FreeLibrary
LoadLibraryW
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ResetEvent
GetEnvironmentVariableW
QueryPerformanceCounter
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
Sleep
MultiByteToWideChar
MoveFileExW
CompareFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
GetStringTypeW
TryEnterCriticalSection
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
SetConsoleCtrlHandler
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileExW
AreFileApisANSI
InitializeSListHead
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
SwitchToThread
WaitForMultipleObjectsEx
OpenEventA
GetSystemInfo
GetLogicalProcessorInformation
CreateWaitableTimerA
GetLocaleInfoA
IsValidCodePage
EnumSystemLocalesA
FoldStringW
LCMapStringW
CompareStringW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
IsDBCSLeadByteEx
LCMapStringA
GetStringTypeExA
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitThread
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
SetFilePointer
SwitchToFiber
VirtualLock
VirtualFree
VirtualProtect
VirtualAlloc
ReadConsoleA
SetConsoleMode
GetSystemTime
WriteConsoleW
HeapQueryInformation
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
SetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
GetCurrentProcessorNumber

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

783b6be12bf68766a4e027990141a2f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

shell32

ole32

shlwapi

ws2_32

netapi32

crypt32

wtsapi32

dbghelp

bcrypt

kernel32

wldap32

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 1016KB - Virtual size: 1015KB

.data Size: 99KB - Virtual size: 132KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 241KB - Virtual size: 241KB

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 1016KB - Virtual size: 1015KB

.data
Size: 99KB - Virtual size: 132KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 241KB - Virtual size: 241KB