2024-06-20_cf5e73ddb11f3c066d40a7d61b2e56d4_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_cf5e73ddb11f3c066d40a7d61b2e56d4_avoslocker
Size

5.0MB
MD5

cf5e73ddb11f3c066d40a7d61b2e56d4
SHA1

353a242dc8c057b6fa929ec447564ece866fe3f1
SHA256

9900fc71076b2f53c21592a5e2e80adb2f1d522ff8a8c58fa241ed2c379f71f7
SHA512

effe75910bcb49320668b8ffc1bc1fe9aa2b052c284e0120fbf43bd02e8dc6acfb762f350b69eb254e72348ea53541368cf68b6be7cd979fbb978ad3043847a9
SSDEEP

98304:mMnJw+l5uWeAsk+IvF7aDDz16mAb4zKgFKvEpFLOAkGkzdnEVomFHKnPN:mMJiJkcrKgFK+FLOyomFHKnPN

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_cf5e73ddb11f3c066d40a7d61b2e56d4_avoslocker
.exe windows:6 windows x86 arch:x86

96e643ab428bb9a8c1ae412bde07ddf9

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:cf:06:00:f7:02:99:e0:e2:31:f7:33
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

12/04/2024, 18:37

Not After

25/05/2027, 18:54

Subject

SERIALNUMBER=3332172,CN=VISUALWARE\, INC.,O=VISUALWARE\, INC.,STREET=937 Sierra Dr,L=Turlock,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:03:eb:ba:ad:b7:be:ab:75:3f:c1:0b:71:1d:da:ea:cd:77:f4:84:5e:a3:f6:16:27:37:ac:09:27:92:bf:80
Signer

Actual PE Digest

2d:03:eb:ba:ad:b7:be:ab:75:3f:c1:0b:71:1d:da:ea:cd:77:f4:84:5e:a3:f6:16:27:37:ac:09:27:92:bf:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Visualware Products\NQCSatellites\Five9\Release\WinRAPro.pdb

Imports

iphlpapi

IcmpCreateFile
GetBestRoute
GetIfEntry
IcmpSendEcho

kernel32

CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetStringTypeW
SetFilePointerEx
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
QueryPerformanceFrequency
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
RtlUnwind
OutputDebugStringW
MulDiv
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetModuleFileNameA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetCurrentThreadId
GetComputerNameA
Beep
CloseHandle
SetEvent
CreateEventA
GetVolumeInformationA
GetWindowsDirectoryA
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId
OutputDebugStringA
SetLastError
GetCurrentThread
GetVersionExA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
CompareStringA
GlobalFree
FindResourceA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
VerSetConditionMask
lstrcpyA
VerifyVersionInfoA
GlobalSize
LocalFree
WriteConsoleW
CopyFileA
SetThreadPriority
ResumeThread
GlobalAddAtomA
EncodePointer
GetSystemDirectoryW
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentDirectoryA
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
DeleteFileA
GetThreadLocale
CreateFileA
GetFileAttributesA
GetFileSize
GetACP
SetFilePointer
GetTempPathA
FileTimeToSystemTime
FindClose
FindFirstFileA
FlushFileBuffers
GetFullPathNameA
LockFile
ReadFile
SetEndOfFile
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiA
VirtualProtect
GetOEMCP
GetCPInfo
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTickCount
GetProfileIntA
SearchPathA
GetTempFileNameA
FindResourceExW
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead

user32

DestroyAcceleratorTable
ModifyMenuA
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
LoadMenuW
GetAsyncKeyState
CharUpperA
IsZoomed
TrackMouseEvent
MonitorFromPoint
SetParent
LoadImageW
LoadImageA
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MessageBeep
GetNextDlgGroupItem
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableA
CharNextA
KillTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
ShowWindow
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongA
SetWindowLongA
EqualRect
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
SetClassLongA
GetScrollRange
SetScrollRange
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
GetClientRect
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
GetMessageTime
GetMessagePos
GetMenuItemInfoA
DestroyMenu
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
SetFocus
GetClassNameA
InvalidateRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowRect
MapWindowPoints
GetSysColor
GetSysColorBrush
UpdateWindow
SetCursor
ShowOwnedPopups
ValidateRect
GetKeyState
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
GetUpdateRect
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
MapVirtualKeyA
LoadAcceleratorsW
CreateAcceleratorTableA
UpdateLayeredWindow
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
GetSystemMetrics
DrawTextExA
DrawTextA
UnregisterClassA
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
LoadBitmapW
SetTimer
ShowScrollBar
DrawFocusRect
FillRect
InflateRect
OffsetRect
IsRectEmpty
DrawStateA
DrawIconEx
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetDesktopWindow
DefWindowProcA
GetClassInfoA
SetLayeredWindowAttributes
SetRectEmpty
CopyRect
LoadCursorA
LoadCursorW
SystemParametersInfoA
GetMonitorInfoA
EnumDisplayMonitors
MessageBoxA
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
RemoveMenu
GetProcessWindowStation
GetUserObjectInformationA
PostMessageA
PostQuitMessage
IsIconic
SetWindowPos
SetWindowContextHelpId
GetParent
GetWindow
MapDialogRect
RegisterWindowMessageA
DrawEdge
DrawFrameControl
GetFocus
SetWindowRgn
InvertRect
HideCaret
DrawIcon
GetWindowRgn
DestroyCursor
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
CharUpperBuffA
SubtractRect
GetKeyNameTextA
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
IsChild

gdi32

CreateDIBSection
GetObjectA
CreateCompatibleDC
SetDIBColorTable
SelectObject
DeleteObject
GetStockObject
Polygon
BitBlt
GetTextFaceA
SetPixelV
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExA
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
RoundRect
OffsetRgn
Rectangle
CreateRoundRectRgn
StretchBlt
SetPixel
RealizePalette
DPtoLP
SetRectRgn
GetMapMode
GetRgnBox
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
TextOutA
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateBitmap
CreateDCA
CopyMetaFileA
GetTextCharsetInfo
GetDeviceCaps
EnumFontFamiliesA
CreatePatternBrush
CreatePen
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
Polyline
CombineRgn
CreatePolygonRgn
ExtTextOutA
PatBlt
GetTextExtentPoint32A
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
CreateServiceA
ChangeServiceConfig2A
CloseServiceHandle
ControlService
DeleteService
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
OpenSCManagerA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHAppBarMessage
SHGetFileInfoA
ShellExecuteA
DragFinish
DragQueryFileA
SHGetMalloc

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathIsUNCA
PathFindFileNameA

uxtheme

DrawThemeParentBackground
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed

ole32

OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
CoDisconnectObject
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CoGetClassObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
OleCreateFontIndirect
VariantCopy
VarBstrFromDate
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen

oledlg

ord8

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown

ws2_32

recv
__WSAFDIsSet
listen
accept
WSAGetLastError
WSAStartup
gethostbyname
socket
shutdown
setsockopt
sendto
send
select
recvfrom
ntohs
inet_addr
htons
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
ntohl
inet_ntoa
htonl

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

timeBeginPeriod
PlaySoundA
timeGetDevCaps
timeGetTime

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96e643ab428bb9a8c1ae412bde07ddf9

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

5b:cf:06:00:f7:02:99:e0:e2:31:f7:33Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

2d:03:eb:ba:ad:b7:be:ab:75:3f:c1:0b:71:1d:da:ea:cd:77:f4:84:5e:a3:f6:16:27:37:ac:09:27:92:bf:80Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 379KB - Virtual size: 379KB

.data Size: 24KB - Virtual size: 105KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 149KB - Virtual size: 148KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

5b:cf:06:00:f7:02:99:e0:e2:31:f7:33
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

2d:03:eb:ba:ad:b7:be:ab:75:3f:c1:0b:71:1d:da:ea:cd:77:f4:84:5e:a3:f6:16:27:37:ac:09:27:92:bf:80
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 379KB - Virtual size: 379KB

.data
Size: 24KB - Virtual size: 105KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 149KB - Virtual size: 148KB