2024-06-29_57dbb799999826521da513c2bbbfc938_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_57dbb799999826521da513c2bbbfc938_avoslocker
Size

1.3MB
MD5

57dbb799999826521da513c2bbbfc938
SHA1

5fb58b253c1717a76799949fb023c7879d11857c
SHA256

2e701ca9be75f92f36a9db7293d2bd83e4e049826b83c9be8ea7bb3bc25f1ff2
SHA512

e4f04386045e6dbae11c1aef072de4c4496248a5480e28535e8a5cc61d2ef1812733d277c70b7c5cf73caa6f375455f6f50a1e2fa3ad37c12ba95021dcfb8b58
SSDEEP

24576:830tNL5hIj6RDbJ/YgWj5TXAwZg0NlBF7tG3kT6rUPopzFv73OZNzjhQ:83qLs8DEXr20NlnA0T6rUPUhvUjhQ

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_57dbb799999826521da513c2bbbfc938_avoslocker
.exe windows:6 windows x86 arch:x86

d2e10aea05fc096698206b2cab1d2275

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:b0:23:ba:e5:fc:7e:5d:5d:84:c8:3f:64:8d:fc:17
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/07/2022, 00:00

Not After

23/07/2025, 23:59

Subject

CN=New H3C Technologies Co.\, Ltd.,O=New H3C Technologies Co.\, Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:b0:23:ba:e5:fc:7e:5d:5d:84:c8:3f:64:8d:fc:17
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/07/2022, 00:00

Not After

23/07/2025, 23:59

Subject

CN=New H3C Technologies Co.\, Ltd.,O=New H3C Technologies Co.\, Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:77:54:be:e3:82:37:0f:c0:0f:c6:9b:df:48:71:29:8f:d5:d2:c7:6a:2b:05:07:ce:89:92:f6:dd:d9:ae:b1
Signer

Actual PE Digest

07:77:54:be:e3:82:37:0f:c0:0f:c6:9b:df:48:71:29:8f:d5:d2:c7:6a:2b:05:07:ce:89:92:f6:dd:d9:ae:b1

Digest Algorithm

sha256

PE Digest Matches

true

31:71:04:93:04:a0:71:6e:24:56:ff:09:7c:8e:dd:76:e1:9c:84:31
Signer

Actual PE Digest

31:71:04:93:04:a0:71:6e:24:56:ff:09:7c:8e:dd:76:e1:9c:84:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\code\feature\tightvnc\tightvnc-2.8.23\Release\tvnserver.pdb

Imports

winmm

timeEndPeriod
timeBeginPeriod

psapi

GetModuleFileNameExW

kernel32

SetHandleInformation
CreateMutexW
ReleaseMutex
ResumeThread
CreateThread
SwitchToThread
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
WriteConsoleW
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
WriteFile
ReadFile
LocalAlloc
DisconnectNamedPipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
DuplicateHandle
LoadLibraryW
GetProcAddress
FreeLibrary
OpenProcess
OpenThread
SetNamedPipeHandleState
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
WaitForSingleObject
GetComputerNameW
GetModuleFileNameW
GetVersionExW
CreateProcessW
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
FormatMessageW
GetLastError
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetProcessTimes
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
FindResourceW
LockResource
LoadResource
FreeResource
ProcessIdToSessionId
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
CompareStringW
GetFileType
HeapAlloc
HeapFree
GetStdHandle
GetModuleHandleExW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
ExitProcess
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreatePipe

user32

GetKeyboardLayout
ToUnicodeEx
VkKeyScanExW
MapVirtualKeyW
EnumDisplayMonitors
GetUserObjectInformationW
GetThreadDesktop
OpenInputDesktop
OpenDesktopW
UnregisterClassW
EnumChildWindows
GetClientRect
GetKeyState
SetThreadDesktop
SendMessageW
MapWindowPoints
MoveWindow
FindWindowW
LockWorkStation
ExitWindowsEx
SetProcessWindowStation
CloseWindowStation
OpenWindowStationW
IsDialogMessageW
DestroyWindow
CreateWindowExW
RegisterClassW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
LoadIconW
SetTimer
KillTimer
GetDlgItem
LoadMenuW
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
MessageBoxW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumWindows
IsWindowVisible
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
CloseDesktop

advapi32

DuplicateToken
RegisterEventSourceW
DeregisterEventSource
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
OpenProcessToken
OpenThreadToken
DuplicateTokenEx
RegCloseKey
RegCreateKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
ImpersonateNamedPipeClient
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSidToSidW
GetTokenInformation
CopySid
RevertToSelf
ImpersonateLoggedOnUser
ReportEventW
SetSecurityInfo
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
SetTokenInformation
CreateProcessAsUserW
RegSetValueExW

shell32

ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
ord680
Shell_NotifyIconW
CommandLineToArgvW

ws2_32

gethostbyname
ntohs
ntohl
htonl
socket
shutdown
setsockopt
send
select
recv
listen
getsockname
getpeername
connect
closesocket
bind
accept
__WSAFDIsSet
inet_addr
WSACleanup
WSAStartup
WSAGetLastError
gethostname
htons
inet_ntoa

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetObjectW

comctl32

InitCommonControlsEx

Sections

.text
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2e10aea05fc096698206b2cab1d2275

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:b0:23:ba:e5:fc:7e:5d:5d:84:c8:3f:64:8d:fc:17Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:b0:23:ba:e5:fc:7e:5d:5d:84:c8:3f:64:8d:fc:17Certificate

Extended Key Usages

Key Usages

07:77:54:be:e3:82:37:0f:c0:0f:c6:9b:df:48:71:29:8f:d5:d2:c7:6a:2b:05:07:ce:89:92:f6:dd:d9:ae:b1Signer

31:71:04:93:04:a0:71:6e:24:56:ff:09:7c:8e:dd:76:e1:9c:84:31Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

psapi

kernel32

user32

advapi32

shell32

ws2_32

version

gdi32

comctl32

Sections

.text Size: 712KB - Virtual size: 712KB

.rdata Size: 558KB - Virtual size: 557KB

.data Size: 18KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 40KB - Virtual size: 39KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:b0:23:ba:e5:fc:7e:5d:5d:84:c8:3f:64:8d:fc:17
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:b0:23:ba:e5:fc:7e:5d:5d:84:c8:3f:64:8d:fc:17
Certificate

07:77:54:be:e3:82:37:0f:c0:0f:c6:9b:df:48:71:29:8f:d5:d2:c7:6a:2b:05:07:ce:89:92:f6:dd:d9:ae:b1
Signer

31:71:04:93:04:a0:71:6e:24:56:ff:09:7c:8e:dd:76:e1:9c:84:31
Signer

.text
Size: 712KB - Virtual size: 712KB

.rdata
Size: 558KB - Virtual size: 557KB

.data
Size: 18KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 40KB - Virtual size: 39KB