2024-06-19_c6216eab168d6922e50f2d88ed05b3db_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_c6216eab168d6922e50f2d88ed05b3db_avoslocker
Size

5.0MB
MD5

c6216eab168d6922e50f2d88ed05b3db
SHA1

c390bb20543c8486c3eb71a96fa16e0bbe31b634
SHA256

6a95cfc834ac34c2d271ec58fd612d0a532089d22ffe350800eae3859915ea10
SHA512

87847b15729f7929195303f91f9bbc5e29bc6e25b6c771d775f92fc98ef482ae666f2f9edd57dc7327865a29fa8b02032bb10636e78324800a52a33167707819
SSDEEP

98304:9cR+11yPNvSyVlgKXuz0IMMyAacwyCGCmuGxVCU///nBAp:y3PFXVlWz8PcwnGCGVl0

Score

1^/10

Malware Config

Signatures

Files

2024-06-19_c6216eab168d6922e50f2d88ed05b3db_avoslocker
.exe windows:6 windows x86 arch:x86

729ac1fcab99f60c799b8dda2a774b36

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:1c:b2:06:a6:f0:06:17:cc:97:b4:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/09/2022, 13:33

Not After

03/09/2023, 13:33

Subject

CN=OOO Nanosoft Razrabotka,O=OOO Nanosoft Razrabotka,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:fc:7e:29:5e:94:d3:b1:8b:3b:9b:e5:0b:c6:a7:06:3e:cf:a2:a5:f4:30:de:29:e2:0e:78:6a:66:72:a0:11
Signer

Actual PE Digest

4b:fc:7e:29:5e:94:d3:b1:8b:3b:9b:e5:0b:c6:a7:06:3e:cf:a2:a5:f4:30:de:29:e2:0e:78:6a:66:72:a0:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

user32

DestroyWindow
SetWindowPos
DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetSystemMetrics
GetParent
GetWindowLongA
ScreenToClient
MessageBeep
GetWindowRect
GetClientRect
SetWindowTextA
EnableWindow
GetWindowPlacement
SetFocus
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
EndDialog
MoveWindow
SetWindowPlacement
DrawIcon
BeginPaint
EndPaint
LoadIconA
LoadStringA
IsWindowVisible
SendDlgItemMessageA
SetTimer
OffsetRect
GetDesktopWindow
PeekMessageA
CallMsgFilterA
GetActiveWindow
PostMessageA
SendMessageA
DefWindowProcA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
RegisterClassExA
MessageBoxA
SendNotifyMessageA
wsprintfA
GetFocus

advapi32

RegQueryValueExW
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
DeregisterEventSource
RegisterEventSourceA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegSetValueExW
RegSetValueExA
RegCreateKeyExA
GetUserNameW
GetUserNameA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
ReportEventA

wsock32

WSACleanup
WSAStartup
getsockname
getpeername
getsockopt
htonl
getprotobyname
WSAGetLastError
socket
sendto
send
select
recv
inet_ntoa
connect
closesocket
__WSAFDIsSet
gethostname
htons
recvfrom
ioctlsocket
inet_addr
bind
gethostbyaddr
gethostbyname
setsockopt

comctl32

ord17

shell32

ShellExecuteA
ord680

kernel32

EnumSystemLocalesW
GetConsoleMode
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineA
GetModuleFileNameW
GetStdHandle
FindFirstFileExW
GetUserDefaultLCID
GetFileAttributesExW
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
GetCurrentThread
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
MoveFileExW
CreateDirectoryW
HeapReAlloc
ResumeThread
ExitThread
GetModuleHandleExW
ExitProcess
UnlockFileEx
LockFileEx
TzSpecificLocalTimeToSystemTime
SetFileTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
RaiseException
SetEndOfFile
EncodePointer
IsValidLocale
SetEnvironmentVariableW
GetStringTypeW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
GetCPInfo
WriteConsoleW
RtlUnwind
HeapSize
SetConsoleCtrlHandler
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushInstructionCache
SystemTimeToFileTime
LocalFileTimeToFileTime
IsBadStringPtrW
IsBadStringPtrA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
UnlockFile
LockFile
FreeLibraryAndExitThread
IsValidCodePage
TerminateThread
GetUserDefaultUILanguage
GetFileAttributesA
OutputDebugStringA
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcpynA
lstrcatA
GetVersionExA
CreateMutexA
OpenMutexA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
ReleaseMutex
CloseHandle
Sleep
lstrlenA
GetCurrentProcessId
LocalAlloc
CreateEventA
CreateThread
SetEvent
GetTempPathA
CreateFileA
SetFilePointer
WriteFile
CreateDirectoryA
DeleteFileA
ReadFile
OpenProcess
GetModuleHandleA
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateFileW
DeleteFileW
GetFileSize
GetCurrentProcess
GetSystemTimeAsFileTime
VirtualProtect
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
GetSystemTime
GetCurrentThreadId
GetComputerNameA
GetTickCount
GetProcessHeap
HeapAlloc
HeapFree
DeviceIoControl
FindFirstFileW
FindNextFileW
FindClose
GetProfileStringA
GetFullPathNameA
GetEnvironmentVariableA
GetSystemInfo
FindFirstFileA
ReleaseSemaphore
GetVersion
CreateSemaphoreA
SetConsoleTitleA
FormatMessageA
GetLocalTime
GetTimeZoneInformation
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleInformation
SetErrorMode
VerSetConditionMask
VerifyVersionInfoW
ResetEvent
GetWindowsDirectoryA
GetCommandLineW
GetEnvironmentVariableW
SetNamedPipeHandleState
SleepEx
WaitNamedPipeA
FindNextFileA
GetSystemWindowsDirectoryA
VirtualAlloc
VirtualFree
GetDriveTypeA
GetVolumeInformationA
SetLastError
GetProcessTimes
LoadLibraryExA
MapViewOfFile
lstrcmpA
OpenFile
CreateFileMappingA
GetSystemDirectoryA
GlobalAlloc
GlobalFree
OpenEventA
WaitForMultipleObjects
GetExitCodeThread
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingA
VerifyVersionInfoA
QueryPerformanceCounter
DefineDosDeviceA
QueryDosDeviceA
QueryPerformanceFrequency
GetPrivateProfileIntA
WinExec
GetProfileIntA
OutputDebugStringW

netapi32

Netbios

comdlg32

GetOpenFileNameA

oleaut32

VariantClear
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
VariantInit
SysAllocStringLen
SysFreeString
SafeArrayDestroy
SafeArrayGetUBound

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

ws2_32

getaddrinfo
freeaddrinfo
getnameinfo

psapi

GetProcessMemoryInfo

shlwapi

PathRemoveBackslashW

dhcpcsvc

DhcpRequestParams

userenv

GetProfilesDirectoryA

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 720KB - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

729ac1fcab99f60c799b8dda2a774b36

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

5e:1c:b2:06:a6:f0:06:17:cc:97:b4:16Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4b:fc:7e:29:5e:94:d3:b1:8b:3b:9b:e5:0b:c6:a7:06:3e:cf:a2:a5:f4:30:de:29:e2:0e:78:6a:66:72:a0:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

user32

advapi32

wsock32

comctl32

shell32

kernel32

netapi32

comdlg32

oleaut32

ole32

ws2_32

psapi

shlwapi

dhcpcsvc

userenv

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.textidx Size: 720KB - Virtual size: 719KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 26KB - Virtual size: 108KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 68KB - Virtual size: 68KB

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

5e:1c:b2:06:a6:f0:06:17:cc:97:b4:16
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4b:fc:7e:29:5e:94:d3:b1:8b:3b:9b:e5:0b:c6:a7:06:3e:cf:a2:a5:f4:30:de:29:e2:0e:78:6a:66:72:a0:11
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.textidx
Size: 720KB - Virtual size: 719KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 26KB - Virtual size: 108KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 68KB