2024-06-28_45550c3af58db926d1e7852ea6c9925a_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_45550c3af58db926d1e7852ea6c9925a_avoslocker
Size

5.0MB
MD5

45550c3af58db926d1e7852ea6c9925a
SHA1

83225cbca6ecc4c55c7ba4869a9b7dc8cb4a698d
SHA256

851b8ce3baee11518e9ea7735caae13986413ae462158c4bada897feb4ee71b2
SHA512

07266179136e6f59be8e11f86a912e0c18b4d1e43169b634ef00fe7233312937a53003bdfc8e1ff02d112c79e1f16cef567d775c11a5eda2c719638f97b8c72d
SSDEEP

49152:r7OrnnHqCZ4eCdLxCEP8sxcv7PCB8WeTTJYyUvKD2F5BlumJiI9LwiZ2jG93u+jU:rRbeCdKvLCB8WMJYyuj73ufT

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_45550c3af58db926d1e7852ea6c9925a_avoslocker

Files

2024-06-28_45550c3af58db926d1e7852ea6c9925a_avoslocker
.exe windows:6 windows x86 arch:x86

457e05c93299583170d20b984d597854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\RescueTime\desktop\build\windows\Release\RescueTime.pdb

Imports

webview2loader

CreateCoreWebView2EnvironmentWithOptions

ws2_32

WSAStartup
WSASocketW
ntohs
listen
shutdown
ntohl
WSASend
closesocket
bind
WSACleanup
getpeername
gethostname
WSAAddressToStringW
WSARecv
getsockopt
socket
getsockname
connect
send
recv
WSAIoctl
select
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
WSASetLastError
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
__WSAFDIsSet

advapi32

CryptGetHashParam
RegOpenKeyExA
RegQueryValueExA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetUserNameW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCloseKey

wldap32

ord27
ord41
ord33
ord35
ord79
ord22
ord60
ord211
ord50
ord46
ord32
ord26
ord30
ord200
ord301
ord143

normaliz

IdnToAscii

sentry

sentry_options_set_dsn
sentry_options_set_release
sentry_options_set_auto_session_tracking
sentry_options_set_handler_pathw
sentry_options_set_database_pathw
sentry_options_set_system_crash_reporter_enabled
sentry_options_new
sentry_init
sentry_start_session
sentry_end_session
sentry_close
sentry_options_set_debug

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleacc

GetStateTextW
AccessibleObjectFromWindow
GetRoleTextW
AccessibleChildren

winmm

PlaySoundW

wsock32

ord1142
ord1141

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

LCMapStringW
CompareStringW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetDateFormatW
FlushFileBuffers
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
HeapReAlloc
WriteFile
ExitProcess
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
WriteConsoleW
LoadLibraryExW
RtlUnwind
GetCPInfo
CompareStringEx
FindFirstFileExW
FindFirstFileW
SetEndOfFile
HeapSize
FindNextFileW
FindClose
LCMapStringEx
DecodePointer
EncodePointer
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
GetFileInformationByHandleEx
MoveFileExW
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
PostQueuedCompletionStatus
CreateEventW
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
CancelIoEx
QueueUserAPC
GetProcAddress
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
GetModuleHandleExW
GetCurrentThreadId
ReleaseMutex
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetFileAttributesExW
IsDebuggerPresent
GetModuleFileNameW
K32GetModuleFileNameExW
OpenProcess
K32GetModuleBaseNameW
WTSGetActiveConsoleSessionId
GetComputerNameW
K32EnumProcessModules
GetTempPathW
CreateMutexW
Sleep
CreateProcessW
GetTickCount
GlobalAlloc
GlobalFree
RaiseException
GlobalLock
GlobalUnlock
MulDiv
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
FreeLibrary
VerifyVersionInfoA
GetTickCount64
InitializeCriticalSectionEx
GetSystemDirectoryA
LoadLibraryA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
MultiByteToWideChar
GetExitCodeThread
QueryPerformanceFrequency
TryAcquireSRWLockExclusive
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
GetLocaleInfoW
EnterCriticalSection
DebugBreak
AreFileApisANSI

user32

EndDialog
SetActiveWindow
GetDpiForWindow
SetWindowPos
DestroyWindow
SetProcessDpiAwarenessContext
PostMessageW
GetKeyState
CreateDialogParamW
GetWindowLongW
MessageBoxW
GetSysColorBrush
RegisterWindowMessageW
LoadImageW
ShowWindow
OpenClipboard
DispatchMessageW
IsDialogMessageW
DestroyIcon
LoadIconW
VkKeyScanExW
GetLastInputInfo
keybd_event
GetKeyboardLayout
GetDlgCtrlID
CloseClipboard
EmptyClipboard
PeekMessageW
SetDlgItemTextW
SetForegroundWindow
SendInput
GetWindowThreadProcessId
EnumChildWindows
GetWindowTextW
SendMessageW
GetClassNameW
DdeCreateStringHandleW
DdeConnect
DdeInitializeW
DdeUninitialize
DdeClientTransaction
DdeDisconnect
DdeGetData
DdeFreeStringHandle
GetWindow
GetForegroundWindow
IsWindowEnabled
ChangeWindowMessageFilter
TranslateMessage
SetClipboardData
SetWindowLongW
SystemParametersInfoA
GetClientRect
GetDlgItem
KillTimer
SetTimer
PostQuitMessage

gdi32

CreateFontW
SetBkMode
SetTextColor

shell32

Shell_NotifyIconW
SHGetKnownFolderPath
ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoTaskMemFree

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

457e05c93299583170d20b984d597854

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

webview2loader

ws2_32

advapi32

wldap32

normaliz

sentry

version

oleacc

winmm

wsock32

wtsapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 351KB - Virtual size: 351KB

.data Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 66KB - Virtual size: 65KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 351KB - Virtual size: 351KB

.data
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 66KB - Virtual size: 65KB