2024-07-03_97adee81062fbc0acc17d335e243a309_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_97adee81062fbc0acc17d335e243a309_avoslocker_revil
Size

2.7MB
MD5

97adee81062fbc0acc17d335e243a309
SHA1

5698438ffd44efe8318bfc833374eaf9178bd73c
SHA256

a9ac453603d8a8cdc4fd4675cbcfc9d95f3a26eca802d56740c338e8a93cfac0
SHA512

2c252a959788d4ef80e5d37b30e526d705abf3053f65a59ae25b58fd85f5d2689eaea48032f73fc832a143ed0e43b21a7513c5ef58ceb211624250962030985b
SSDEEP

49152:9Kv+G3kppGOag5PY8OU74SVVoT4dVKdPDa8LqttMYCCEW1:9Kv+6kpEOaOHz74SVRnKxaCA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_97adee81062fbc0acc17d335e243a309_avoslocker_revil

Files

2024-07-03_97adee81062fbc0acc17d335e243a309_avoslocker_revil
.exe windows:5 windows x86 arch:x86

9fa36117aea68f312c9691a49e06c65b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\temp\mq41z1l9\updater\avupdate.pdb

Imports

scew

scew_element_by_name
scew_strcmp
scew_element_attributes
scew_element_children
XML_Parse
scew_list_next
scew_list_data
scew_element_attribute_by_name
scew_parser_ignore_whitespaces
scew_parser_free
scew_parser_create
scew_tree_set_root
scew_tree_create
scew_attribute_value
scew_attribute_name
scew_element_add_attribute_pair
scew_element_add_element
scew_element_add
scew_element_count
scew_element_set_contents
scew_element_free
scew_element_create
scew_tree_root
scew_element_contents
scew_element_name
scew_tree_free

ws2_32

inet_addr
WSASend
WSARecv
WSAGetOverlappedResult
sendto
recvfrom
getservbyname
ntohl
htonl
getnameinfo
shutdown
gethostbyname
gethostname
ioctlsocket
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
WSAStartup
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup

mswsock

TransmitFile

rpcrt4

UuidCreate

shell32

CommandLineToArgvW
SHGetFolderPathW

mpr

WNetAddConnection2W
WNetCancelConnection2W

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptExportKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
SetThreadToken
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
LogonUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
GetSecurityInfo
GetNamedSecurityInfoW
GetNamedSecurityInfoA
GetEffectiveRightsFromAclW
FreeSid
AllocateAndInitializeSid
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
GetUserNameW
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegCreateKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

CreateSemaphoreA
ReleaseSemaphore
ReleaseMutex
SetEvent
TryEnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WaitForMultipleObjects
GetHandleInformation
SetEndOfFile
SetEnvironmentVariableW
SetFileTime
SetFileAttributesW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
CreateEventA
PeekNamedPipe
CreateMutexA
CancelIo
DeviceIoControl
SetFilePointer
GetFileInformationByHandle
DeleteFileW
SetStdHandle
LoadLibraryExW
SetErrorMode
RemoveDirectoryW
CreateDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
GetDriveTypeW
CreateFileA
GetVersionExA
GetModuleFileNameA
LockFile
LockFileEx
UnlockFile
DuplicateHandle
CreatePipe
CreateNamedPipeA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
CreateThread
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
GetConsoleCP
WriteConsoleW
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
HeapReAlloc
DecodePointer
IsValidCodePage
GetCPInfo
GetDriveTypeA
GetCurrentDirectoryW
SetCurrentDirectoryW
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
SwitchToThread
UnlockFileEx
GetCurrentThread
FindFirstFileExW
GetStringTypeW
GetProcessHeap
ReadConsoleInputW
FlushFileBuffers
TerminateProcess
GetLastError
GetLocaleInfoW
MoveFileExW
LocalFree
FormatMessageW
CreateFileW
ReadFile
CloseHandle
SetHandleInformation
CreateNamedPipeW
GetOverlappedResult
ResetEvent
WaitForSingleObject
CreateEventW
HeapSize
GetExitCodeProcess
CreateProcessW
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalFree
GetCurrentProcessId
OpenProcess
GlobalAlloc
GetComputerNameW
GetVersionExW
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcess
GetSystemDirectoryW
GetWindowsDirectoryW
IsWow64Process
LoadLibraryA
MultiByteToWideChar
SetLastError
FormatMessageA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
SleepEx
GetTickCount
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
GetTimeZoneInformation
CreateHardLinkW
WideCharToMultiByte
GetACP
GetOEMCP
GetStdHandle
GetConsoleScreenBufferInfo
GetLocalTime
GetDateFormatW
GetTimeFormatW
OutputDebugStringW
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetFileType
WriteFile
QueryPerformanceCounter

Exports

Exports

_cJSON_AddArrayToObject@8
_cJSON_AddBoolToObject@12
_cJSON_AddFalseToObject@8
_cJSON_AddItemReferenceToArray@8
_cJSON_AddItemReferenceToObject@12
_cJSON_AddItemToArray@8
_cJSON_AddItemToObject@12
_cJSON_AddItemToObjectCS@12
_cJSON_AddNullToObject@8
_cJSON_AddNumberToObject@16
_cJSON_AddObjectToObject@8
_cJSON_AddRawToObject@12
_cJSON_AddStringToObject@12
_cJSON_AddTrueToObject@8
_cJSON_Compare@12
_cJSON_CreateArray@0
_cJSON_CreateArrayReference@4
_cJSON_CreateBool@4
_cJSON_CreateDoubleArray@8
_cJSON_CreateFalse@0
_cJSON_CreateFloatArray@8
_cJSON_CreateIntArray@8
_cJSON_CreateNull@0
_cJSON_CreateNumber@8
_cJSON_CreateObject@0
_cJSON_CreateObjectReference@4
_cJSON_CreateRaw@4
_cJSON_CreateString@4
_cJSON_CreateStringArray@8
_cJSON_CreateStringReference@4
_cJSON_CreateTrue@0
_cJSON_Delete@4
_cJSON_DeleteItemFromArray@8
_cJSON_DeleteItemFromObject@8
_cJSON_DeleteItemFromObjectCaseSensitive@8
_cJSON_DetachItemFromArray@8
_cJSON_DetachItemFromObject@8
_cJSON_DetachItemFromObjectCaseSensitive@8
_cJSON_DetachItemViaPointer@8
_cJSON_Duplicate@8
_cJSON_GetArrayItem@8
_cJSON_GetArraySize@4
_cJSON_GetErrorPtr@0
_cJSON_GetObjectItem@8
_cJSON_GetObjectItemCaseSensitive@8
_cJSON_GetStringValue@4
_cJSON_HasObjectItem@8
_cJSON_InitHooks@4
_cJSON_InsertItemInArray@12
_cJSON_IsArray@4
_cJSON_IsBool@4
_cJSON_IsFalse@4
_cJSON_IsInvalid@4
_cJSON_IsNull@4
_cJSON_IsNumber@4
_cJSON_IsObject@4
_cJSON_IsRaw@4
_cJSON_IsString@4
_cJSON_IsTrue@4
_cJSON_Minify@4
_cJSON_Parse@4
_cJSON_ParseWithOpts@12
_cJSON_Print@4
_cJSON_PrintBuffered@12
_cJSON_PrintPreallocated@16
_cJSON_PrintUnformatted@4
_cJSON_ReplaceItemInArray@12
_cJSON_ReplaceItemInObject@12
_cJSON_ReplaceItemInObjectCaseSensitive@12
_cJSON_ReplaceItemViaPointer@12
_cJSON_SetNumberHelper@12
_cJSON_Version@0
_cJSON_free@4
_cJSON_malloc@4

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fa36117aea68f312c9691a49e06c65b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

scew

ws2_32

mswsock

rpcrt4

shell32

mpr

user32

advapi32

version

iphlpapi

crypt32

kernel32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 485KB - Virtual size: 485KB

.data Size: 42KB - Virtual size: 56KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 77KB - Virtual size: 77KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 485KB - Virtual size: 485KB

.data
Size: 42KB - Virtual size: 56KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 77KB - Virtual size: 77KB

.zero
Size: 4KB - Virtual size: 3KB