2024-06-25_5dc732e315041d463eec5d6d628aef8c_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-25_5dc732e315041d463eec5d6d628aef8c_avoslocker_revil
Size

12.5MB
MD5

5dc732e315041d463eec5d6d628aef8c
SHA1

926e2eca461ab4a89406ae55964bc1bbab806822
SHA256

e4f22d0a9e493ac675238ba87a47ef6b2883007cf9bb972c31b57b4afaf7c771
SHA512

fe7837d25d87a09e802140050439ac295d3f6bee4470aaf81e699c3a8935c676e94f971575ed59c12440138d2f2cbf7c207e073480b6a6e3471069da2378554e
SSDEEP

196608:YNclfN9VR+tNhckxHZWJsv6tWKFdu9CMn:YOfnVqckxHsJsv6tWKFdu9CC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_5dc732e315041d463eec5d6d628aef8c_avoslocker_revil

Files

2024-06-25_5dc732e315041d463eec5d6d628aef8c_avoslocker_revil
.exe windows:5 windows x86 arch:x86

0dd0989aea2b46c9eaab628e995ef1f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

wldap32

ord301
ord142
ord167
ord127
ord27
ord26
ord147
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord118
ord79
ord133

gdi32

BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
CreateCompatibleDC
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CombineRgn
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
DescribePixelFormat
CreateRectRgn
GetDIBits
GdiFlush
CreateBitmap

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
CoCreateInstance
DoDragDrop
CoCreateGuid
CoInitialize
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
OleIsCurrentClipboard
CoTaskMemFree
StringFromGUID2

imm32

ImmGetDefaultIMEWnd
ImmAssociateContext
ImmReleaseContext
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetContext
ImmGetCompositionStringW

winmm

PlaySoundW

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime
SysAllocString

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFileInfoW

ws2_32

getaddrinfo
WSAGetLastError
socket
getsockname
connect
freeaddrinfo
__WSAFDIsSet
select
getnameinfo
gethostname
ioctlsocket
sendto
WSASetLastError
shutdown
WSAAsyncSelect
recv
send
bind
getpeername
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
accept
listen
closesocket
recvfrom

advapi32

CryptSignHashW
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptEnumProvidersW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CopySid
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
GetLengthSid

user32

CreateCursor
LoadCursorW
GetCursor
SetCursorPos
GetClipboardFormatNameW
RegisterClassW
NotifyWinEvent
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
SetParent
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
CreateIconIndirect
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
IsChild
PostMessageW
MessageBeep
GetCaretBlinkTime
GetDoubleClickTime
SetWindowRgn
SystemParametersInfoW
GetSysColor
DestroyIcon
GetWindowThreadProcessId
GetSystemMetrics
DestroyWindow
CreateWindowExW
DefWindowProcW
SendMessageW
RegisterWindowMessageW
EnableMenuItem
GetSystemMenu
ReleaseDC
GetDC
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetIconInfo
GetCursorInfo
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW
SetCursor
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
DestroyCursor

kernel32

FindFirstFileW
CreateFiber
FormatMessageW
GetSystemTimeAsFileTime
ConvertFiberToThread
DeleteFiber
SwitchToFiber
WriteFile
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
SetLastError
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
FindNextFileW
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
ConvertThreadToFiber
GetCPInfo
UnhandledExceptionFilter
WaitForMultipleObjects
ExpandEnvironmentStringsA
QueryPerformanceCounter
GetTickCount
VerifyVersionInfoW
QueryPerformanceFrequency
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
VerSetConditionMask
SleepEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateEventA
SetEvent
GetLastError
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetCommandLineA
SetFileAttributesW
SetStdHandle
GetConsoleCP
HeapReAlloc
EnumSystemLocalesW
LoadLibraryA
GetStringTypeW
GetFileSizeEx
HeapSize
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
GetSystemDirectoryW
CreateProcessW
CloseHandle
WaitForSingleObject
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
WriteConsoleW
FindClose
CreateSemaphoreW
ReleaseSemaphore
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetExitCodeProcess
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
MoveFileExW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
DeviceIoControl
GetTempPathW
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
OpenFileMappingW
VirtualQuery
GetFileAttributesExW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
LCMapStringW
WaitForSingleObjectEx
OpenProcess
OutputDebugStringW
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
CreateEventW
DuplicateHandle
GetLocalTime
GetStartupInfoW
GetCommandLineW
GetUserDefaultLCID
CompareStringW
ExitProcess
GetModuleHandleA
GetConsoleWindow
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalSize
GetLocaleInfoW
GlobalLock
GlobalUnlock
CheckRemoteDebuggerPresent
GetUserDefaultLangID
ExpandEnvironmentStringsW
SetErrorMode
IsValidLocale
IsValidLanguageGroup
LocalFree
GetDriveTypeW
GetVolumeInformationW
GetLongPathNameW
lstrcmpW
SystemTimeToFileTime
GetModuleFileNameW
Sleep
GlobalAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTime

opengl32

glCopyTexImage2D
glIsEnabled
glIsTexture
glLineWidth
glPixelStorei
glPolygonOffset
glReadPixels
glScissor
glStencilFunc
glStencilMask
glStencilOp
glColorMask
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage2D
glViewport
glCopyTexSubImage2D
glCullFace
glDeleteTextures
glDepthFunc
glDepthMask
glDepthRange
glDisable
glDrawArrays
glDrawElements
glClearStencil
glClearDepth
glClearColor
glClear
glBlendFunc
glBindTexture
glHint
glTexImage2D
glEnable
glFinish
glFlush
glFrontFace
glGenTextures
glGetBooleanv
glGetError
glGetFloatv
glGetIntegerv
glGetString
glGetTexParameterfv
glGetTexParameteriv

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dd0989aea2b46c9eaab628e995ef1f4

Headers

DLL Characteristics

File Characteristics

Imports

version

crypt32

wldap32

gdi32

ole32

imm32

winmm

oleaut32

shell32

ws2_32

advapi32

user32

kernel32

opengl32

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 133KB - Virtual size: 186KB

.qtmetad Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 2KB - Virtual size: 1KB

_RDATA Size: 1024B - Virtual size: 560B

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 286KB - Virtual size: 285KB

.text
Size: 8.5MB - Virtual size: 8.5MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 133KB - Virtual size: 186KB

.qtmetad
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 2KB - Virtual size: 1KB

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 286KB - Virtual size: 285KB