Static task
static1
Behavioral task
behavioral1
Sample
2024-06-28_c2233de0da3a4e45aca46336b056abcc_avaddon.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
2024-06-28_c2233de0da3a4e45aca46336b056abcc_avaddon.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Target
2024-06-28_c2233de0da3a4e45aca46336b056abcc_avaddon
Size
34.1MB
MD5
c2233de0da3a4e45aca46336b056abcc
SHA1
74573d016ab93bed62767fa813a714324d69313d
SHA256
880064307450638e8e945896ee9ead1738927e9e6b3573b0e9740f17d9d271dc
SHA512
14a27aa9bb19275dd6142e116facbb4022a78250e84f9240e8b3f67a6ab36ad2fc195a6487e5918ac2a6763a35e03461e4d4f23d345696133d88b24511bad2cd
SSDEEP
196608:/Apa60UGeWFH/hYkVbJgIf9hrrTH3wwK7JZ7YLquEDn7SS+qBjVoEGsRWaOpGpbg:/A0b6WFH/JJ3X0Z7ttD+PqBTGb0psK18
| resource | yara_rule |
|---|---|
| sample | INDICATOR_SUSPICIOUS_Binary_References_Browsers |
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\BuildAgent\work\.build\agent_x64\relwithdebinfo64\vmnetdrv64.pdb
GetLengthSid
OpenServiceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
AddAce
RegSetValueExW
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
RegCreateKeyExW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
OpenSCManagerW
CloseServiceHandle
GetAclInformation
RegCloseKey
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
CryptGenRandom
CryptAcquireContextW
GetTokenInformation
RegQueryValueExW
LookupAccountSidW
OpenThreadToken
GetSecurityDescriptorLength
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
ConvertStringSidToSidW
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAce
RegDeleteValueW
RegEnumKeyExW
DuplicateToken
SetThreadToken
ConvertSidToStringSidW
CreateWellKnownSid
RegGetValueW
RegLoadMUIStringW
RegNotifyChangeKeyValue
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
RegDisablePredefinedCache
MakeSelfRelativeSD
MakeAbsoluteSD
RegEnumValueW
ChangeServiceConfigW
QueryServiceConfigW
StartServiceW
EnumDependentServicesW
ControlService
DeleteService
ChangeServiceConfig2W
SetServiceStatus
QueryServiceStatus
CreateServiceW
RegisterServiceCtrlHandlerExW
RegDeleteKeyW
IsTextUnicode
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
SystemFunction036
RegOpenKeyW
RegEnumKeyW
CryptAcquireContextA
GetSidIdentifierAuthority
IsValidSecurityDescriptor
GetSidSubAuthorityCount
DeleteObject
GetObjectW
GetEnhMetaFileBits
DeleteEnhMetaFile
CopyEnhMetaFileW
SetStretchBltMode
GetDIBits
StretchBlt
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
CreateFontW
CreateSolidBrush
SetBkColor
SetTextColor
GetDeviceCaps
SetDIBColorTable
CreateDIBSection
DeleteDC
HeapSetInformation
ResetEvent
QueueUserAPC
GetLocalTime
SwitchToThread
GetThreadId
GetFileSize
GlobalMemoryStatusEx
FreeLibrary
CopyFileW
SleepEx
SystemTimeToTzSpecificLocalTime
CreateFileMappingW
CreateIoCompletionPort
MapViewOfFileEx
OpenThread
LoadLibraryExW
IsDebuggerPresent
ConnectNamedPipe
FlushFileBuffers
GetExitCodeProcess
FindFirstFileW
FindNextFileW
FindClose
QueryDosDeviceW
GetVolumeInformationW
GetLogicalDrives
FindFirstVolumeW
lstrlenW
DeviceIoControl
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
CreateDirectoryW
GetTempPathW
GetDiskFreeSpaceW
MoveFileExW
VerSetConditionMask
VerifyVersionInfoW
OpenProcess
WaitForMultipleObjectsEx
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
GetProcessTimes
GlobalSize
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetFileSizeEx
GetProcessId
Thread32Next
Thread32First
DuplicateHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemDirectoryW
GetComputerNameW
SystemTimeToFileTime
TlsAlloc
TlsFree
FormatMessageA
TlsSetValue
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
TlsGetValue
RegisterWaitForSingleObject
UnregisterWaitEx
GetFileAttributesExW
GetVolumePathNamesForVolumeNameW
GetFullPathNameW
GetLocaleInfoW
GetUserDefaultLCID
MulDiv
GetVersionExW
GetSystemTime
WaitNamedPipeW
ReplaceFileA
GetFileAttributesExA
MoveFileA
RtlUnwind
CompareStringA
GetCurrentThreadId
LocalAlloc
WaitForSingleObject
SetStdHandle
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetCommandLineA
SetConsoleCtrlHandler
ExitThread
RtlUnwindEx
QueryDepthSList
InterlockedFlushSList
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
QueueUserWorkItem
RtlPcToFileHeader
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
LoadLibraryExA
VirtualQuery
VirtualProtect
PeekNamedPipe
GetEnvironmentVariableA
TerminateProcess
MoveFileExA
GetSystemDirectoryA
GetTempFileNameA
lstrlenA
CreateDirectoryA
FindFirstFileExA
lstrcmpW
ReleaseSemaphore
SetThreadAffinityMask
IsProcessorFeaturePresent
VirtualAlloc
GetThreadPriority
K32GetProcessImageFileNameW
GetConsoleOutputCP
InitializeCriticalSection
GetTimeZoneInformationForYear
GetDriveTypeA
WriteConsoleW
CreateThread
ExitProcess
CopyFileExW
GetFinalPathNameByHandleW
GetFileInformationByHandleEx
CreateMutexA
AcquireSRWLockShared
QueryPerformanceFrequency
WakeConditionVariable
SleepConditionVariableSRW
GetOverlappedResult
SetHandleInformation
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
GetEnvironmentStringsW
RtlLookupFunctionEntry
RtlCaptureContext
SetThreadStackGuarantee
ReleaseSRWLockShared
FreeEnvironmentStringsW
AreFileApisANSI
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
FlushViewOfFile
CreateFileA
GetVersionExA
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
LoadLibraryW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetFileType
GetEnvironmentVariableW
GetStdHandle
RtlVirtualUnwind
CreateFiber
DeleteFiber
SwitchToFiber
GetComputerNameA
FindNextFileA
FindFirstFileA
GetCurrentDirectoryW
DeleteFileA
FindFirstFileExW
WTSGetActiveConsoleSessionId
GetComputerNameExW
GetTempFileNameW
GetFileAttributesW
GetFileInformationByHandle
MapViewOfFile
SetUnhandledExceptionFilter
QueryPerformanceCounter
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExA
RtlCaptureStackBackTrace
GetModuleHandleExW
GetACP
GetSystemDefaultLCID
GetOEMCP
GetDateFormatW
CreateSemaphoreW
GetTimeFormatW
FileTimeToLocalFileTime
OpenEventW
K32EnumProcesses
K32GetModuleFileNameExW
GetCurrentProcess
SetLastError
HeapCreate
TryEnterCriticalSection
ReadFile
GetTickCount
GetSystemTimeAsFileTime
WideCharToMultiByte
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
LocalFree
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
CloseHandle
HeapReAlloc
DeleteFileW
InitializeCriticalSectionEx
RemoveDirectoryA
SetFilePointer
SetErrorMode
LeaveCriticalSection
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WriteFile
EnterCriticalSection
HeapFree
SizeofResource
GetSystemInfo
WaitForSingleObjectEx
GetCurrentThread
FileTimeToSystemTime
SetEvent
GetTimeZoneInformation
CreateEventW
DisconnectNamedPipe
UnmapViewOfFile
ResumeThread
ReleaseMutex
CreateFileW
CreateMutexW
EnumResourceNamesW
SetEndOfFile
GetQueuedCompletionStatus
SetThreadPriority
WaitForMultipleObjects
CreateNamedPipeW
GetModuleFileNameW
VirtualFree
LockResource
RemoveDirectoryW
TerminateThread
GetLastError
FormatMessageW
Sleep
ProcessIdToSessionId
GetExitCodeThread
MultiByteToWideChar
PostQueuedCompletionStatus
CompareFileTime
HeapSize
WriteClassStg
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
StringFromGUID2
CoFreeUnusedLibraries
CreateBindCtx
PropVariantClear
CreatePointerMoniker
CoTaskMemAlloc
StgCreateDocfile
CLSIDFromString
CoUninitialize
CoInitialize
CoInitializeEx
VariantClear
SysFreeString
VariantChangeType
SysAllocString
VariantInit
SetWindowPos
MonitorFromWindow
SetWindowLongPtrW
GetDlgItem
CreateDialogParamW
ShowWindow
IsDialogMessageW
GetClassLongPtrW
EnumWindows
VkKeyScanExW
GetDesktopWindow
GetWindow
GetWindowTextW
MessageBoxW
SetCapture
GetProcessWindowStation
EnumChildWindows
GetMessageW
DefWindowProcW
PostMessageW
CreateWindowExW
CreatePopupMenu
GetWindowLongW
GetWindowLongPtrW
RegisterClassExW
TrackPopupMenu
SystemParametersInfoW
GetForegroundWindow
SetFocus
DestroyWindow
GetUserObjectInformationW
LoadStringW
DispatchMessageW
SetTimer
DestroyIcon
DestroyMenu
TranslateMessage
LoadIconW
AppendMenuW
UnregisterClassW
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetParent
PostQuitMessage
GetClientRect
MapWindowPoints
IsWindowVisible
GetWindowTextLengthW
SetWindowsHookExW
UnhookWindowsHookEx
PostThreadMessageA
CallNextHookEx
GetLastInputInfo
SetClipboardData
GetClipboardSequenceNumber
LoadCursorW
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetPriorityClipboardFormat
CopyImage
GetClipboardOwner
CallWindowProcW
GetWindowThreadProcessId
SetDlgItemTextW
UnhookWinEvent
FlashWindow
MessageBeep
ExitWindowsEx
InvalidateRect
KillTimer
GetClassInfoExW
SetForegroundWindow
GetCursorPos
GetWindowRect
SetWindowTextW
GetMonitorInfoW
SetWinEventHook
PostThreadMessageW
GetSystemMetrics
SetDlgItemInt
GetKeyNameTextW
MapVirtualKeyExW
GetKeyState
GetGUIThreadInfo
GetClassNameW
GetKeyboardLayout
PeekMessageW
IsWindow
WindowFromPoint
MsgWaitForMultipleObjects
GetFocus
ActivateKeyboardLayout
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayoutNameW
IsIconic
SendMessageW
FindWindowExW
CharLowerBuffW
ReleaseDC
DrawIconEx
GetCursorInfo
GetIconInfo
GetDC
SendInput
mouse_event
LoadKeyboardLayoutW
SetWindowLongW
GetSysColor
GetDlgCtrlID
RedrawWindow
DdeFreeStringHandle
DdeDisconnect
DdeFreeDataHandle
DdeClientTransaction
DdeUninitialize
keybd_event
DdeInitializeW
DdeGetLastError
DdeConnect
DdeCreateStringHandleW
RegisterClassW
SetThreadDesktop
CloseDesktop
OpenInputDesktop
DdeAccessData
DdeUnaccessData
MapVirtualKeyW
GetPrinterW
SetPrinterW
EnumPrintersW
FindFirstPrinterChangeNotification
OpenPrinterW
GetJobW
EnumPrintProcessorDatatypesW
FreePrinterNotifyInfo
SetJobW
FindClosePrinterChangeNotification
EnumJobsW
ClosePrinter
FindNextPrinterChangeNotification
ntohl
select
gethostbyname
WSASend
listen
WSAIoctl
accept
__WSAFDIsSet
gethostname
WSAWaitForMultipleEvents
WSASetLastError
WSAStringToAddressW
WSASocketW
getpeername
getsockname
ntohs
connect
WSAAddressToStringW
getservbyname
bind
WSARecv
getsockopt
htons
ioctlsocket
setsockopt
WSAGetLastError
htonl
WSACleanup
shutdown
WSAStartup
closesocket
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
inet_ntoa
send
recv
recvfrom
socket
inet_addr
getaddrinfo
freeaddrinfo
getnameinfo
sendto
UuidCreate
RpcStringFreeW
UuidToStringW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
MiniDumpWriteDump
ImageNtHeader
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord26
PR_Cleanup
PR_ErrorToString
PR_Init
PR_GetError
PORT_Free
CERT_ChangeCertTrust
NSS_Shutdown
NSS_Initialize
CERT_DestroyName
PK11_ImportCert
PORT_ZAlloc
NSS_NoDB_Init
PK11_FreeSlot
CERT_GetCommonName
CERT_AsciiToName
CERT_GetOrgName
CERT_DestroyCertificate
CERT_GetDefaultCertDB
PK11_FindCertFromDERCert
PK11_GetInternalKeySlot
CERT_DecodeTrustString
CERT_DecodeCertFromPackage
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathStripPathW
PathMatchSpecW
SHCreateStreamOnFileEx
ord219
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
SHDeleteKeyW
PathRemoveExtensionW
StrCmpIW
PathAddExtensionW
PathCanonicalizeW
StrToIntA
StrStrIW
PathCombineW
UrlEscapeA
StrToInt64ExA
PathStripPathA
DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
GdipGetImageHeight
GdipImageRotateFlip
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdiplusStartup
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipFree
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
PdhCloseQuery
PdhAddCounterW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhOpenQueryW
PdhCollectQueryData
PdhGetRawCounterValue
WTSLogoffSession
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
CM_Get_Parent
CM_Get_DevNode_Registry_Property_ExW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Get_Parent_Ex
CMP_WaitNoPendingInstallEvents
CM_Disable_DevNode
CM_Get_Child
CM_Get_Device_ID_Size_Ex
CM_Get_Sibling
CM_Get_Device_ID_ExW
CM_Enable_DevNode
CM_Get_DevNode_Status
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
FilterVolumeFindClose
FilterVolumeFindNext
FilterVolumeFindFirst
FilterGetDosName
FilterReplyMessage
FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort
FilterUnload
FilterLoad
ord9
AccessibleChildren
AccessibleObjectFromWindow
WinVerifyTrust
LsaGetLogonSessionData
LsaFreeReturnBuffer
NetWkstaGetInfo
DsGetDcNameW
NetApiBufferFree
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreA
CryptBinaryToStringA
CryptStringToBinaryA
PFXImportCertStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CryptDecodeObjectEx
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
AddInLog
GetMAPIModule
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ