2024-06-16_392ec97dcbe2ee6739cfce06eb674f95_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_392ec97dcbe2ee6739cfce06eb674f95_avoslocker
Size

1.5MB
MD5

392ec97dcbe2ee6739cfce06eb674f95
SHA1

8bae4e373a2d401cb35c9203dc06c5f60252985c
SHA256

675d8cd1dde42a2625d16b6120462f6271b7e68d19d44ae86a82c0df11097563
SHA512

889b6ee6e1143e5685a9c678096ae8a615baaa8e8495561c03b9f361deeda46941f61968619edb428bed9db3f0b80e86a7d9a159c7d0a23bcaa8bbef851a70b1
SSDEEP

24576:gjPIrhxzZxkId1cDuDkSiAHnECgYgWj5ZqrMl8rUPopzFv73OZNZ5TD4ThwCqJtR:gb6xzZzD3B8Ml8rUPUhvkTD4qCqJtVv

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_392ec97dcbe2ee6739cfce06eb674f95_avoslocker
.exe windows:6 windows x86 arch:x86

9447a2ef3ef69e561e218116db5c0193

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:c3:84:3c:6b:a4:d6:bc:3a:5e:40:c5:27:19:42:84
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

02/08/2022, 00:00

Not After

01/08/2025, 23:59

Subject

CN=Action1 Corporation,O=Action1 Corporation,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:25:ae:a1:81:15:71:0c:88:af:8f:b4:7f:a8:e9:14:16:ee:c0:9e:5f:f2:13:c8:9e:ad:a0:78:1a:84:e9:7f
Signer

Actual PE Digest

4e:25:ae:a1:81:15:71:0c:88:af:8f:b4:7f:a8:e9:14:16:ee:c0:9e:5f:f2:13:c8:9e:ad:a0:78:1a:84:e9:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\a1-client-libs\tvnserver-2.8.59-a1\Release\action1_remote.pdb

Imports

user32

CloseWindowStation
LockWorkStation
ExitWindowsEx
SetProcessWindowStation
DefWindowProcW
DestroyWindow
CreateWindowExW
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetUserObjectInformationW
OpenDesktopW
EnumChildWindows
ShowWindow
SetFocus
InvalidateRect
GetWindowTextW
DestroyIcon
FindWindowW
EndDialog
SetClassLongW
OpenWindowStationW
SetWindowLongW
DialogBoxParamW
ChangeDisplaySettingsExW
MoveWindow
EnumDisplayDevicesW
GetIconInfo
GetCursorInfo
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
GetDC
FillRect
UnregisterClassW
SetWindowTextW
SetTimer
GetClientRect
KillTimer
GetSysColorBrush
GetDlgItem
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
LoadIconW
MapWindowPoints
IsWindow
GetMessageW
SendMessageW
CreateDialogParamW
MessageBoxW
LoadMenuW
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
DrawIconEx

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

shlwapi

ord12

gdiplus

GdipDrawImageRectI
GdipDisposeImage
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdipLoadImageFromStream
GdipCloneImage
GdipGetImageHeight
GdipFree
GdiplusStartup

kernel32

DisconnectNamedPipe
LocalAlloc
ReadFile
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
HeapSize
HeapReAlloc
CreateProcessW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetProcAddress
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW
ResumeThread
WTSGetActiveConsoleSessionId
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
CreatePipe
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
DuplicateHandle
GetCurrentProcess
CloseHandle
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
FormatMessageW
LocalFree
ProcessIdToSessionId
DecodePointer
OpenThread
OpenProcess
CreateFileW
FreeLibrary
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetSystemDirectoryW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateThread
SwitchToThread
CreateMutexW
ReleaseMutex
SetHandleInformation
CompareStringW

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetObjectW
BitBlt
SelectObject
GetStockObject
SetBkMode
CreateSolidBrush
CreateCompatibleDC
DeleteDC
DeleteObject
CreateDIBSection
GetDIBits
GetCurrentObject

advapi32

RegDeleteValueW
InitializeSecurityDescriptor
DuplicateToken
DeregisterEventSource
SetSecurityInfo
RegisterEventSourceW
ReportEventW
SetTokenInformation
CreateProcessAsUserW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
SetEntriesInAclW
RegOpenKeyW
RegQueryValueExW
OpenProcessToken
RegDeleteValueA
DuplicateTokenEx
OpenThreadToken
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
GetTokenInformation
ConvertStringSidToSidW
CopySid
ImpersonateNamedPipeClient
RevertToSelf

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
ord680

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
gethostname
getsockname
send
socket
connect
recv
ioctlsocket
setsockopt
inet_ntoa
WSACleanup
WSAStartup
WSAGetLastError
ntohs
ntohl
gethostbyname
getpeername
inet_addr

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

comctl32

InitCommonControlsEx

Sections

.text
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 569KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9447a2ef3ef69e561e218116db5c0193

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

fb:c3:84:3c:6b:a4:d6:bc:3a:5e:40:c5:27:19:42:84Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

4e:25:ae:a1:81:15:71:0c:88:af:8f:b4:7f:a8:e9:14:16:ee:c0:9e:5f:f2:13:c8:9e:ad:a0:78:1a:84:e9:7fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

winmm

psapi

shlwapi

gdiplus

kernel32

gdi32

advapi32

shell32

version

ws2_32

wtsapi32

comctl32

Sections

.text Size: 773KB - Virtual size: 773KB

.rdata Size: 569KB - Virtual size: 569KB

.data Size: 18KB - Virtual size: 20KB

.rsrc Size: 105KB - Virtual size: 105KB

.reloc Size: 48KB - Virtual size: 47KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fb:c3:84:3c:6b:a4:d6:bc:3a:5e:40:c5:27:19:42:84
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

4e:25:ae:a1:81:15:71:0c:88:af:8f:b4:7f:a8:e9:14:16:ee:c0:9e:5f:f2:13:c8:9e:ad:a0:78:1a:84:e9:7f
Signer

.text
Size: 773KB - Virtual size: 773KB

.rdata
Size: 569KB - Virtual size: 569KB

.data
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 105KB - Virtual size: 105KB

.reloc
Size: 48KB - Virtual size: 47KB