2024-06-24_eb3a9514cc1b72f7be2cbc1adce197be_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-24_eb3a9514cc1b72f7be2cbc1adce197be_avoslocker
Size

8.0MB
MD5

eb3a9514cc1b72f7be2cbc1adce197be
SHA1

fa3319a1644830155196779805a31bfd6a759050
SHA256

fab94da8f365f0e798b1a9bb2ed7be9a7a2f76950e66df3237060f50e30703ca
SHA512

ddcd674e0ed15f39ea8aeb6cd590e58af4d448b73ec2035b1674c22c816241cd3b7901dd3b13abf112840ae355621623a306f2d623614fdb7b41ee3b2f1c9447
SSDEEP

196608:WSl2FxISXRIhuVsRgBn0FEmaFwVNnl+HMovi/+3Imwke:WSl2FxISXIuVs+h0NMwHovWTm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-24_eb3a9514cc1b72f7be2cbc1adce197be_avoslocker

Files

2024-06-24_eb3a9514cc1b72f7be2cbc1adce197be_avoslocker
.exe windows:6 windows x86 arch:x86

b6f601d3e6cc72eac7458227a386e363

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymInitialize
SymFromAddr
SymGetLineFromAddr64

shell32

ShellExecuteA
CommandLineToArgvW

ws2_32

gethostname
connect
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
__WSAFDIsSet
accept
ntohs
send
recv
WSASetLastError
select
WSARecvFrom
htonl
closesocket
WSARecv
WSAIoctl
socket
shutdown
listen
getsockname
getpeername
ioctlsocket
bind
WSASocketW
htons
WSAGetLastError
setsockopt
getsockopt
gethostbyname

advapi32

RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyW
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
SystemFunction036
RegQueryValueExW

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
PFXImportCertStore
PFXIsPFXBlob
CertOpenStore
CertFindCertificateInStore
CryptStringToBinaryA
CertCloseStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx

kernel32

IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SetThreadAffinityMask
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
SetUnhandledExceptionFilter
QueryDepthSList
RtlUnwind
ExitProcess
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ExitThread
GetCommandLineA
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
HeapReAlloc
GetProcessHeap
HeapSize
InterlockedFlushSList
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleExW
RaiseException
LoadLibraryExW
GetStdHandle
GetFileSizeEx
GetFileType
ReadFile
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
FlushConsoleInputBuffer
SetErrorMode
GetConsoleScreenBufferInfo
Sleep
SetStdHandle
CreateFileW
GetFileAttributesW
GetFileSize
SetFileAttributesW
CloseHandle
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
LocalFree
FormatMessageA
MoveFileExW
GetOEMCP
GetCPInfoExW
IsDBCSLeadByteEx
GetVersionExW
GetProcessAffinityMask
CreatePipe
IsWow64Process
GetFileAttributesExW
LockFileEx
UnlockFileEx
GetFileTime
SetFileTime
FormatMessageW
GetVolumeInformationA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCommandLineW
GetFullPathNameW
ExpandEnvironmentStringsW
CompareFileTime
DeleteFileW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetShortPathNameW
RemoveDirectoryW
SetLastError
DeviceIoControl
GetModuleHandleW
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
GetHandleInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
TerminateProcess
GetExitCodeProcess
CreateThread
ResumeThread
CreateProcessW
OpenProcess
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
RtlCaptureStackBackTrace
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
FreeLibrary
LoadLibraryW
lstrcmpiW
SetConsoleTextAttribute
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
SetEndOfFile
SetFilePointer
LoadLibraryA
GetTempPathW
FindNextFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
GetOverlappedResult
CancelIo
ResetEvent
CreateEventW
VirtualAlloc
VirtualFree
IsValidCodePage
CreateFileA
GetFileAttributesA
PeekNamedPipe
SearchPathA
SetHandleInformation
CreateProcessA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FlushFileBuffers
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CancelIoEx
CancelSynchronousIo
DeleteCriticalSection
CreateEventA
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
GetNamedPipeHandleStateA
RegisterWaitForSingleObject
UnregisterWait
GetFinalPathNameByHandleW
SetFilePointerEx
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
SetEvent
GetNumberOfConsoleInputEvents
ReadConsoleInputW
SetConsoleCursorPosition
WriteConsoleInputW
GetEnvironmentVariableW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
SetProcessAffinityMask
LCMapStringW
DebugBreak
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreA
GetLongPathNameW
ReadDirectoryChangesW
VerSetConditionMask
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
VerifyVersionInfoA
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleHandleA
GetStartupInfoW
SleepEx
GetTickCount
MoveFileExA
GetEnvironmentVariableA
EncodePointer
GetCPInfo
GetStringTypeW
GetLocaleInfoW
CompareStringW
WaitForSingleObjectEx
DecodePointer
GetCurrentThreadId

user32

GetMessageA
WaitForInputIdle
CharPrevExA
TranslateMessage
DispatchMessageA
MapVirtualKeyW
GetSystemMetrics

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize
CreateBindCtx
GetRunningObjectTable

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayDestroy

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1016KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6f601d3e6cc72eac7458227a386e363

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

shell32

ws2_32

advapi32

crypt32

kernel32

user32

ole32

oleaut32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 1016KB - Virtual size: 1016KB

.data Size: 79KB - Virtual size: 2.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 259KB - Virtual size: 258KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 1016KB - Virtual size: 1016KB

.data
Size: 79KB - Virtual size: 2.6MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 259KB - Virtual size: 258KB