2024-06-27_23e9a89a3ae2a7428dd56354a85b6543_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_23e9a89a3ae2a7428dd56354a85b6543_avoslocker_revil
Size

16.3MB
MD5

23e9a89a3ae2a7428dd56354a85b6543
SHA1

762c44c73474a2b4e4065a4cbd1c5d4a5377475d
SHA256

ba3ea390cbfb205d932a96c583e553b91db36a5f926aa648e3134feac8d32236
SHA512

90419b49780a4f65ac95b77847410b184bd7cb52a9998cff7e39d110e8fc1cd616eed8853bc9531b8eb9a65e0b171f6d21b0050a10848d319c78f514da23a5bd
SSDEEP

393216:/ackkLGDHgsUI7clyHcR1jPAHrffQyjRyBN:ScD+CRiLnxjR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_23e9a89a3ae2a7428dd56354a85b6543_avoslocker_revil

Files

2024-06-27_23e9a89a3ae2a7428dd56354a85b6543_avoslocker_revil
.exe windows:6 windows x86 arch:x86

302f3a66edbc5b6a124648d8352ca2ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\33b2b67282fffa05\tmdiag\tmdiag_out\ReleaseMT\tmdiag.pdb

Imports

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
VariantClear
VariantChangeType
CreateErrorInfo
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
GetErrorInfo
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
SetErrorInfo

ws2_32

sendto
gethostname
gethostbyname
inet_addr
getservbyname
recvfrom
recv
WSAStartup
WSAEnumNetworkEvents
select
listen
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
socket
htons
WSAEventSelect
WSAResetEvent
WSASetEvent
WSACleanup
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASocketW
getaddrinfo
freeaddrinfo
ntohl
ntohs
getpeername
WSAAddressToStringW
shutdown
WSASendTo
inet_ntoa
gethostbyaddr
getservbyport
WSAWaitForMultipleEvents
WSACloseEvent
WSACreateEvent
setsockopt
send
__WSAFDIsSet

kernel32

WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CreateWaitableTimerA
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceA
ProcessIdToSessionId
InitializeCriticalSectionEx
HeapAlloc
HeapFree
GetProcessHeap
GetStdHandle
WriteFile
SetHandleInformation
CreatePipe
CreateProcessA
TerminateProcess
OpenProcess
QueryFullProcessImageNameA
K32EnumProcesses
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
lstrcmpA
DecodePointer
RaiseException
CreateEventA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleFileNameW
VerSetConditionMask
VerifyVersionInfoA
VerifyVersionInfoW
GetSystemInfo
GetComputerNameExW
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore
WaitForSingleObjectEx
DuplicateHandle
GetModuleHandleA
FreeLibrary
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
CreateFileW
OutputDebugStringA
OutputDebugStringW
DeviceIoControl
CreateMutexW
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MultiByteToWideChar
GetStringTypeW
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetFileInformationByHandleEx
CreateSymbolicLinkW
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesW
SetEvent
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
CreateDirectoryExW
CopyFileExW
MoveFileExW
AreFileApisANSI
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
ResumeThread
GetLogicalProcessorInformation
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
K32EnumProcessModules
GetSystemTime
FindFirstFileW
ConvertThreadToFiberEx
ConvertFiberToThread
CreateFiberEx
LeaveCriticalSection
EnterCriticalSection
CancelIoEx
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
Sleep
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
LocalAlloc
GetWindowsDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
GetLastError
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
CloseHandle
CreateFileA
DeleteFiber
SwitchToFiber
VirtualLock
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryA
ReadConsoleA
InitializeCriticalSection
GetEnvironmentVariableA
CompareFileTime
LoadLibraryW
GetSystemDirectoryW
GetTickCount
WriteConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
FindClose
HeapQueryInformation
HeapSize
HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
SetStdHandle
GetConsoleCP
GetCommandLineW
GetCommandLineA
ExitProcess
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetTempPathW
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
DeleteCriticalSection
CreateThread
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
SetFilePointer
ReadFile
GetStringTypeExW
IsDBCSLeadByteEx
GetCurrencyFormatW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
FoldStringW
EnumSystemLocalesA
IsValidCodePage
GetLocaleInfoA
GetProcessTimes
K32GetModuleInformation

shell32

SHGetKnownFolderPath

shlwapi

UrlEscapeA
PathRemoveFileSpecW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ReportEventA
RegisterEventSourceA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
RegGetValueW
OpenProcessToken
DuplicateToken
GetTokenInformation
ImpersonateLoggedOnUser
IsValidSid
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetNamedSecurityInfoW
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegCreateKeyExW
LookupPrivilegeValueW
LookupAccountSidW
InitializeAcl
GetSecurityDescriptorDacl
GetLengthSid
CreateWellKnownSid
CopySid
AdjustTokenPrivileges
LookupAccountNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertSidToStringSidA
RegSetValueExW
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExW

wldap32

ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord145
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord26

user32

EnumDisplaySettingsA
MessageBoxW
EnumDisplayDevicesA
EnumDisplayMonitors
UnregisterClassA
LoadStringA
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
GetSystemMetrics

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertOpenStore
CertDuplicateCertificateContext
CryptQueryObject
CertGetCertificateContextProperty

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptCloseAlgorithmProvider

netapi32

NetUserEnum

dxgi

CreateDXGIFactory1

iphlpapi

GetAdaptersInfo

secur32

GetUserNameExW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationA
WTSQuerySessionInformationW

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

302f3a66edbc5b6a124648d8352ca2ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

oleaut32

ws2_32

kernel32

shell32

shlwapi

advapi32

wldap32

user32

crypt32

bcrypt

netapi32

dxgi

iphlpapi

secur32

wtsapi32

Sections

.text Size: 7.8MB - Virtual size: 7.8MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 154KB - Virtual size: 192KB

.rsrc Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 394KB - Virtual size: 394KB

.text
Size: 7.8MB - Virtual size: 7.8MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 154KB - Virtual size: 192KB

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 394KB - Virtual size: 394KB