2024-06-16_266926aee85b942a2b3a3e5a3d20a5b7_avoslocker_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_266926aee85b942a2b3a3e5a3d20a5b7_avoslocker_magniber
Size

1.8MB
MD5

266926aee85b942a2b3a3e5a3d20a5b7
SHA1

3dd3552a41ee6344b979187a718444412e5d1f59
SHA256

2e7ef43ee0fd925232d21c80c936d41c03ab85ebb2f6b0daa8c9906048b2725b
SHA512

832c3644fcb1ec0cfc3e6eb31f8a8fa627989a11b8e2c31ccaf3ed16255aabe997d6660b19473401cf048b02f1f0744f7c88d0e680d9d7174f1bc59a434cc79a
SSDEEP

49152:eoTcyqxOBMnXm2gwoifDD248BV1DEhsbxBes5aHUEJik+dVW/3:NOsmXXD64SV1D9wH7

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_266926aee85b942a2b3a3e5a3d20a5b7_avoslocker_magniber
.exe windows:6 windows x86 arch:x86

05bcae3c73dca3edf6b2f488b4d69ba1

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/09/2023, 00:00

Not After

19/09/2024, 23:59

Subject

SERIALNUMBER=3482342,CN=Amazon.com Services LLC,OU=Amazon Game Studios,O=Amazon.com Services LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:2c:89:48:12:94:92:6d:0c:aa:a7:74:57:a2:60:5d:8c:3a:47:03:d7:af:41:c0:7d:73:78:3e:13:62:eb:b7
Signer

Actual PE Digest

94:2c:89:48:12:94:92:6d:0c:aa:a7:74:57:a2:60:5d:8c:3a:47:03:d7:af:41:c0:7d:73:78:3e:13:62:eb:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\a32503736090ae0\installer\bin\Win32\Release\Amazon Games Updater.pdb

Imports

kernel32

GetExitCodeThread
MoveFileExW
SystemTimeToFileTime
CopyFileW
GetSystemTime
SetFileAttributesW
GetCurrentThread
SetFilePointerEx
LoadLibraryExA
FreeLibrary
GetTickCount64
GetExitCodeProcess
QueryPerformanceCounter
GetDiskFreeSpaceExA
LocaleNameToLCID
WideCharToMultiByte
CreateProcessW
GlobalMemoryStatusEx
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
GetOverlappedResult
GetCurrentDirectoryW
HeapAlloc
CreateThread
RaiseException
CloseHandle
HeapReAlloc
Process32FirstW
DeleteFileW
QueryPerformanceFrequency
GetDiskFreeSpaceExW
Process32NextW
GetLastError
FormatMessageW
ProcessIdToSessionId
MultiByteToWideChar
CreateEventW
CreateToolhelp32Snapshot
HeapSize
OpenProcess
GetModuleHandleA
ReleaseMutex
GetVersionExW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
SetFilePointer
GetUserDefaultUILanguage
CreateMutexA
GetLocaleInfoEx
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetSystemDefaultUILanguage
WriteFile
GetStdHandle
GetCurrentProcess
GetCommandLineW
HeapFree
GetFileSizeEx
ReadFile
CreateDirectoryW
GetCurrentProcessId
GetComputerNameW
OutputDebugStringW
Sleep
GetDynamicTimeZoneInformation
SetThreadPriority
GetCurrentThreadId
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
SetLastError
GetThreadTimes
LocalFree
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
AreFileApisANSI
GetFileInformationByHandleEx
InitOnceBeginInitialize
WaitForSingleObjectEx
SwitchToThread
GetNativeSystemInfo
GetStringTypeW
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedPushEntrySList
VirtualAlloc
VirtualProtect
RtlUnwind
GetFileType
WriteConsoleW
ExitThread
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemInfo
VirtualQuery
SetStdHandle
ExitProcess
GetDateFormatW
GetTimeFormatW
CompareStringW

user32

ReleaseDC
InvalidateRect
ReleaseCapture
UpdateWindow
SystemParametersInfoW
PostQuitMessage
DrawIconEx
UpdateLayeredWindow
BeginPaint
LoadCursorW
TranslateMessage
TrackMouseEvent
PeekMessageW
SetTimer
DispatchMessageW
ShowWindow
RegisterClassExW
GetSystemMetrics
EndPaint
CreateWindowExW
GetDC
GetWindowRect
PostMessageW
DefWindowProcW
GetCursorPos
MessageBoxExW
SetCapture
DrawTextW
SetWindowPos

advapi32

RegCreateKeyExA
AccessCheck
GetSecurityDescriptorOwner
GetFileSecurityW
DuplicateToken
GetUserNameW
GetTokenInformation
RegQueryValueExW
LookupAccountSidW
GetLengthSid
RegOpenKeyExW
CheckTokenMembership
FreeSid
OpenProcessToken
IsValidSid
InitializeSid
CopySid
GetSidLengthRequired
GetSidSubAuthority
AllocateAndInitializeSid
MapGenericMask
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
GetSecurityDescriptorDacl
RegSetValueExA
RegOpenKeyExA
RegCloseKey
EqualSid
GetSidSubAuthorityCount

shell32

CommandLineToArgvW
SHChangeNotify
ShellExecuteA
ShellExecuteExW
SetCurrentProcessExplicitAppUserModelID
SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
StringFromCLSID
CoCreateGuid

winhttp

WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

rpcrt4

UuidCreate

msimg32

AlphaBlend

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
StretchBlt
CreateDIBitmap
BitBlt
CreateFontW
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreatePen
GdiFlush
Rectangle
SetStretchBltMode
DeleteObject
RoundRect
CreateSolidBrush

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05bcae3c73dca3edf6b2f488b4d69ba1

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

94:2c:89:48:12:94:92:6d:0c:aa:a7:74:57:a2:60:5d:8c:3a:47:03:d7:af:41:c0:7d:73:78:3e:13:62:eb:b7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

winhttp

version

userenv

rpcrt4

msimg32

gdi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 118KB - Virtual size: 137KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 79KB - Virtual size: 79KB

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

94:2c:89:48:12:94:92:6d:0c:aa:a7:74:57:a2:60:5d:8c:3a:47:03:d7:af:41:c0:7d:73:78:3e:13:62:eb:b7
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 118KB - Virtual size: 137KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 79KB - Virtual size: 79KB