2024-06-28_8a7e3b9d3990710d3adb30882d6b56e9_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_8a7e3b9d3990710d3adb30882d6b56e9_avoslocker_revil
Size

10.3MB
MD5

8a7e3b9d3990710d3adb30882d6b56e9
SHA1

2ae5b77a7c3ced4f8cae56aedc215f84318d97aa
SHA256

4a4348b546b5477c0fe41bfb4321a8848d9c9e9234af096358ca5ae564125637
SHA512

2a14cf22bf970cc0571b435bb7a0539a7c2271d6450a9849c4f937f1d6e3943b4bbcc71f5ea21c61f79c019a379200bf22b2e75cd4310769aa760bdbc8c22dcc
SSDEEP

196608:XYfSyvVMz1xX5V91O55/frYOVBNMWbwVENwAccHJ6YKkWOMyQVjXH:XYfSyvVMz1ld1O5trYeb7wzcHkaTM1jX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_8a7e3b9d3990710d3adb30882d6b56e9_avoslocker_revil

Files

2024-06-28_8a7e3b9d3990710d3adb30882d6b56e9_avoslocker_revil
.exe windows:6 windows x86 arch:x86

598c82ca9d58f1262b16a57dd1ec4233

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore

kernel32

TlsSetValue
SetLastError
EnterCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
FormatMessageW
SetEvent
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
TlsGetValue
TlsFree
FormatMessageA
IsDebuggerPresent
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
VerSetConditionMask
SleepEx
VerifyVersionInfoW
CreateIoCompletionPort
GetCurrentProcess
VirtualAlloc
VirtualAllocEx
CreateProcessW
CopyFileW
AllocConsole
SetWaitableTimer
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetStdHandle
GetFileType
GetModuleHandleW
GetProcAddress
VirtualFree
GetEnvironmentVariableW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetWindowsDirectoryA
GetVolumeInformationA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentDirectoryW
CloseHandle
GetLastError
CreateFileW
FindClose
GetTempPathW
GetModuleFileNameW
WriteFile
FindNextFileW
GetFileSizeEx
FindFirstFileW
ReadFile
CreateDirectoryW
GetCurrentThreadId
GetCommandLineW
GetCommandLineA
FindFirstFileExW
GetTimeZoneInformation
GetFullPathNameW
IsWow64Process
SetEndOfFile
GetOEMCP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
HeapAlloc
HeapFree
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
CompareStringEx
GetLocaleInfoEx
GetStringTypeW
InitializeCriticalSectionEx
RaiseException
QueryPerformanceFrequency
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
CharUpperBuffW

advapi32

CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyW
RegOpenKeyExA
RegSetValueExA
RegSetValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathW

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW

ws2_32

select
shutdown
socket
send
recv
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
gethostbyname
ntohs
__WSAFDIsSet
accept
bind
WSAIoctl
WSAGetLastError
listen
WSASetLastError
WSASocketW
getaddrinfo
getsockname
connect
WSARecv
getsockopt
htonl
freeaddrinfo
WSACleanup
closesocket
WSASend
WSAStartup
ioctlsocket
setsockopt

ntdll

NtClose
NtSetContextThread
NtWriteVirtualMemory
NtReadVirtualMemory
NtTerminateProcess
NtResumeThread
NtGetContextThread
NtUnmapViewOfSection

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 570KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1Y3
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.2{P
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8B)
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

598c82ca9d58f1262b16a57dd1ec4233

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

ntdll

bcrypt

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 570KB - Virtual size: 570KB

.data Size: 26KB - Virtual size: 36KB

.1Y3 Size: 4.6MB - Virtual size: 4.6MB

.2{P Size: 2KB - Virtual size: 1KB

.8B) Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 105KB - Virtual size: 104KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 570KB - Virtual size: 570KB

.data
Size: 26KB - Virtual size: 36KB

.1Y3
Size: 4.6MB - Virtual size: 4.6MB

.2{P
Size: 2KB - Virtual size: 1KB

.8B)
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 105KB - Virtual size: 104KB

.rsrc
Size: 512B - Virtual size: 480B