2024-07-03_40b8260e025c8453be28ee09997cf11b_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-03_40b8260e025c8453be28ee09997cf11b_avoslocker
Size

1.1MB
MD5

40b8260e025c8453be28ee09997cf11b
SHA1

ebf786eb7a01ae67428f5dc61e36c100f0acfe2a
SHA256

438781447f10edd40e43186a3cfc736deb60221688b7d73539ff049ed3b23675
SHA512

b9cd58291821c4bc3d0416c47f113d36ac851c17df51399f63b4ccaf7ab6566a16c23e2ebd2fa9cd1fb9dd1bdfd247518f456298fee9c896958bc38848381779
SSDEEP

24576:9rJssaNT1+u+dM5ELn7XS6bW9eKKce1THOhqt2IoeVMP/P+QQ4y:9rJsFNQuB5EL7XSeROqt2IP8/PpQ4y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_40b8260e025c8453be28ee09997cf11b_avoslocker

Files

2024-07-03_40b8260e025c8453be28ee09997cf11b_avoslocker
.exe windows:5 windows x86 arch:x86

2157780a8f0ae11fe3cdbf455db7e287

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bamboo-build\WAVUI-WINAV-BARW\AV\BuildOutput\Bin\Release\amsagent.exe.pdb

Imports

kernel32

OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryW
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
CompareFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
UpdateProcThreadAttribute
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
GetCPInfo
TryEnterCriticalSection
CompareStringW
LCMapStringW
SetEvent
ResetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
OutputDebugStringW
WriteConsoleW
SetEndOfFile
HeapSize
CreateProcessW
GetCurrentThread
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
GetProcessHeap
HeapAlloc
CloseHandle
QueryDosDeviceW
CreateFileW
FormatMessageW
LocalFree
MultiByteToWideChar
GetModuleFileNameW
DecodePointer
GetTickCount64
Sleep
GetLocalTime
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
SetLastError
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
ReadConsoleW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
RtlUnwind
GetDriveTypeW
GetFullPathNameW
ExitThread
ResumeThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
HeapFree
GetFileType
HeapReAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetCurrentDirectoryW
GetCurrentDirectoryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
RtlCaptureStackBackTrace

user32

UnregisterClassW

advapi32

ChangeServiceConfigW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
TraceMessage

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitializeSecurity

shell32

ShellExecuteExW

oleaut32

VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen

Sections

.text
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2157780a8f0ae11fe3cdbf455db7e287

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

Sections

.text Size: 906KB - Virtual size: 906KB

.rdata Size: 173KB - Virtual size: 173KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 42KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 906KB - Virtual size: 906KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 42KB

.zero
Size: 4KB - Virtual size: 3KB