2024-06-20_a8c876e759454cb3b8aa4b06af7fabda_avoslocker_qakbot

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_a8c876e759454cb3b8aa4b06af7fabda_avoslocker_qakbot
Size

3.9MB
MD5

a8c876e759454cb3b8aa4b06af7fabda
SHA1

924ed24b52ab2292125491a31d10d4497db0d7e0
SHA256

15c8c1d74751aff4642aab3080f124e2b082047ce3982941f7c83d85e462bff0
SHA512

369107b930a81119743ac1da3d4e6319959c363741097a40ba258af86096a1679eae82c8edbed1af29a3f01598b4376a860dca175a1105874c463f86945af5d2
SSDEEP

49152:nOCOmzqbqKqNkLm2h/wJsKTrpy3wrgktVic3HDz5DMcRc/s+kobXnz/q/xnd/c/6:3OzqrkL6rpygrjVic3HJCfgqFjFxjNi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-20_a8c876e759454cb3b8aa4b06af7fabda_avoslocker_qakbot

Files

2024-06-20_a8c876e759454cb3b8aa4b06af7fabda_avoslocker_qakbot
.exe windows:6 windows x86 arch:x86

0636fba589960b706a9df19d2f4ac59d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

start_protected_game.pdb

Imports

kernel32

LoadLibraryW
IsWow64Process
HeapFree
GetProcessHeap
WriteFile
GetBinaryTypeW
DuplicateHandle
SetEnvironmentVariableW
GetTempPathW
OpenProcess
FormatMessageW
CreateProcessW
GetExitCodeProcess
GetCommandLineW
OutputDebugStringW
SetFilePointer
SetFilePointerEx
SetErrorMode
GetTickCount
SetThreadExecutionState
TerminateProcess
GlobalMemoryStatusEx
GetSystemInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
WaitForSingleObjectEx
GetEnvironmentVariableA
SetEnvironmentVariableA
IsDebuggerPresent
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsGetValue
TlsSetValue
VerSetConditionMask
VerifyVersionInfoW
GlobalAlloc
GlobalUnlock
GlobalLock
CompareStringA
MulDiv
GetModuleHandleExW
CreateFileA
GetLocaleInfoA
DeviceIoControl
GetOverlappedResult
CancelIo
CreateEventA
SetLastError
InitializeCriticalSectionEx
SleepEx
MoveFileExA
VirtualFree
SetEndOfFile
WriteConsoleW
HeapSize
GetFileAttributesExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
VirtualProtect
HeapReAlloc
GetTimeZoneInformation
LocalAlloc
EnumSystemLocalesW
GetUserDefaultLCID
LocalFree
LCMapStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetStdHandle
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
SetConsoleCtrlHandler
LoadLibraryExW
TlsFree
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetLocaleInfoW
GetFileTime
GetSystemTime
GetModuleHandleW
SystemTimeToFileTime
CloseHandle
DeleteFileW
GetSystemDirectoryW
GetSystemTimeAsFileTime
ExitProcess
GetLocalTime
FileTimeToSystemTime
GetCurrentProcess
FormatMessageA
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
DeleteFileA
GetFileInformationByHandle
GetFileAttributesW
CreateFileW
FindClose
GetFullPathNameW
CreateSemaphoreA
CreateSemaphoreW
ReleaseSemaphore
CreateThread
GetCurrentThread
GetLastError
Sleep
ResumeThread
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
GetModuleHandleA
DebugBreak
lstrcmpA
lstrlenA
IsValidLocale
VirtualAlloc
GetModuleFileNameW
FindNextFileW
CompareStringW
GetFileSizeEx
FindFirstFileW
ReadFile
CreateDirectoryW
FreeLibrary
GetProcAddress
GlobalFree
GetCurrentDirectoryW
LoadLibraryA

user32

AllowSetForegroundWindow
LoadImageW
EnumWindows
DestroyIcon
GetSystemMetrics
SendMessageW
IsWindowVisible
GetWindowThreadProcessId
MessageBoxA
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageExtraInfo
PostMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
IsIconic
GetKeyState
GetAsyncKeyState
SetTimer
KillTimer
GetMenu
GetUpdateRect
InvalidateRect
ValidateRect
GetPropW
GetClientRect
GetParent
GetWindowRect
SystemParametersInfoW
DrawTextW
SetFocus
GetDlgItem
EndDialog
DialogBoxIndirectParamW
PostThreadMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
CreateWindowExA
RegisterClassExA
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
AdjustWindowRectEx
SetCursor
GetCursorPos
GetClipCursor
ClientToScreen
ScreenToClient
WindowFromPoint
ClipCursor
IsRectEmpty
GetWindowLongW
CallNextHookEx
LoadIconW
GetRawInputData
RegisterWindowMessageA
GetDoubleClickTime
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetDesktopWindow
RegisterRawInputDevices
CreateIconIndirect
LoadCursorW
SetCursorPos
SetWindowRgn
CreateIconFromResource
GetKeyboardLayout
GetKeyboardState
ToUnicode
MapVirtualKeyW
UnhookWindowsHookEx
SetWindowsHookExW
SystemParametersInfoA
SetWindowLongW
PtInRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
GetFocus
SetWindowPos
FlashWindowEx
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
TrackMouseEvent
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ReleaseDC
GetDC

gdi32

GetTextExtentPoint32A
CreateFontIndirectW
BitBlt
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateRectRgn
CombineRgn
SetDeviceGammaRamp
GetDeviceGammaRamp
GetDIBits
GetDeviceCaps
CreateDCW
CreateCompatibleBitmap
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetTextMetricsW

advapi32

CryptAcquireContextW
CryptGetHashParam
CryptGenRandom
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash

shell32

ShellExecuteW
DragAcceptFiles
DragFinish
SHGetFolderPathW
DragQueryFileW
ExtractIconExW
CommandLineToArgvW

ole32

PropVariantClear
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

ws2_32

connect
getpeername
bind
getsockname
getsockopt
htons
closesocket
recv
send
WSAGetLastError
ntohs
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt

crypt32

CertOpenStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetNameStringW
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptQueryObject
CertCloseStore

imm32

ImmGetIMEFileNameA
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmGetContext

winmm

waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
timeGetTime
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetErrorTextW
waveOutGetDevCapsW
waveOutGetNumDevs
timeEndPeriod
timeBeginPeriod
waveInGetNumDevs

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0636fba589960b706a9df19d2f4ac59d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

crypt32

imm32

winmm

setupapi

version

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 21KB - Virtual size: 35KB

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 21KB - Virtual size: 35KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 648KB - Virtual size: 652KB