2024-06-16_0b503e0c9c06b24b7baf1118a1e19108_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_0b503e0c9c06b24b7baf1118a1e19108_avoslocker
Size

16.5MB
MD5

0b503e0c9c06b24b7baf1118a1e19108
SHA1

5b74bea4d36c01996da23b09c87e67e995fb85b2
SHA256

146cd076b599a2dda9c267ad246eb7449b605022d2f9ed9dc6610ae680b4ed5d
SHA512

d4a6d1563c504d2b2e63983adeaaf6a3738bb2ef90291934d6a47c63042c8fae59cdf96072e9b084856d7e46b254451aba6716947111096f0fc181a3af62f0cb
SSDEEP

196608:3m6SP9ey2wt+asFqQ28Zb+2mIpJyltlnwdvjEJsv6tWKFdu9CR4JF:WPZ+PFD2c62WwNjEJsv6tWKFdu9CqJF

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_0b503e0c9c06b24b7baf1118a1e19108_avoslocker
.exe windows:6 windows x86 arch:x86

fd76937507f36ec25a45ad7cc01c3470

Code Sign

0a:de:81:14:d7:67:9b:06:6f:2d:b2:df:d2:f6:7a:c2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/04/2021, 00:00

Not After

05/04/2023, 23:59

Subject

CN=Intel Corporation,O=Intel Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:39:27:a8:6e:47:f9:57:76:45:24:57:d3:3f:21:29:5e:bb:7e:eb:29:e4:be:49:28:ff:82:52:52:cc:5c:77
Signer

Actual PE Digest

51:39:27:a8:6e:47:f9:57:76:45:24:57:d3:3f:21:29:5e:bb:7e:eb:29:e4:be:49:28:ff:82:52:52:cc:5c:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
GetCurrentThemeName
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
OpenThemeData
CloseThemeData

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

oleaut32

SysFreeString
SafeArrayCreateVector
SysAllocString
SafeArrayPutElement

imm32

ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

WSAAsyncSelect

kernel32

DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrcmpW
GetModuleHandleW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
GlobalSize
GetUserDefaultLangID
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
CompareStringEx
GetCommandLineW
GetLocalTime
DuplicateHandle
SetEvent
CreateEventW
WaitForMultipleObjects
GetCurrentProcess
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentProcessId
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
IsProcessorFeaturePresent
GetSystemDirectoryW
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
QueryPerformanceFrequency
GetTickCount64
SetCurrentDirectoryW
GetCurrentDirectoryW
HeapReAlloc
FindClose
FindFirstFileW
GetFileInformationByHandle
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
GetStartupInfoW
GetModuleFileNameW
GetFileType
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
ConnectNamedPipe
CreateNamedPipeW
GetExitCodeProcess
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
ReleaseMutex
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
SetLastError
RaiseException
DecodePointer
EncodePointer
GetStringTypeW
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CloseHandle
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeConsole
SetErrorMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
InterlockedFlushSList
LoadLibraryExW
GetConsoleCP
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetFileAttributesW
SetStdHandle
IsValidLocale
EnumSystemLocalesW
DeleteFileW
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
CreateDirectoryW
GetFileSize
SetConsoleMode
ReadConsoleInputW
GetFileSizeEx
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
SetThreadPriority

ole32

StringFromGUID2
CoCreateGuid
CoGetMalloc
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
OleUninitialize
CoUninitialize
CoInitializeEx
CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
OleInitialize
ReleaseStgMedium

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
SHCreateItemFromIDList
Shell_NotifyIconGetRect
SHGetKnownFolderPath
SHCreateItemFromParsingName
ShellExecuteW
ord727
Shell_NotifyIconW
SHGetFileInfoW
SHGetStockIconInfo

winmm

timeKillEvent
timeSetEvent
PlaySoundW

advapi32

AccessCheck
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey

user32

AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
GetClientRect
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
PostThreadMessageW
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
SetWindowTextW
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
GetWindowRect
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsWindowVisible
IsIconic
SetWindowPlacement
GetWindowPlacement
ToAscii
SetWindowPos

gdi32

SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
GetBitmapBits
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
OffsetRgn
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
CombineRgn

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd76937507f36ec25a45ad7cc01c3470

Code Sign

0a:de:81:14:d7:67:9b:06:6f:2d:b2:df:d2:f6:7a:c2Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

51:39:27:a8:6e:47:f9:57:76:45:24:57:d3:3f:21:29:5e:bb:7e:eb:29:e4:be:49:28:ff:82:52:52:cc:5c:77Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

userenv

version

netapi32

ws2_32

kernel32

ole32

shell32

winmm

advapi32

user32

gdi32

Sections

.text Size: 8.9MB - Virtual size: 8.9MB

.rdata Size: 4.9MB - Virtual size: 4.9MB

.data Size: 139KB - Virtual size: 243KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 2.2MB - Virtual size: 2.2MB

_RDATA Size: 512B - Virtual size: 292B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 319KB - Virtual size: 319KB

0a:de:81:14:d7:67:9b:06:6f:2d:b2:df:d2:f6:7a:c2
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

51:39:27:a8:6e:47:f9:57:76:45:24:57:d3:3f:21:29:5e:bb:7e:eb:29:e4:be:49:28:ff:82:52:52:cc:5c:77
Signer

.text
Size: 8.9MB - Virtual size: 8.9MB

.rdata
Size: 4.9MB - Virtual size: 4.9MB

.data
Size: 139KB - Virtual size: 243KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

_RDATA
Size: 512B - Virtual size: 292B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 319KB - Virtual size: 319KB