2024-07-05_97f17271867701ef1f21a86761b59cdd_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-05_97f17271867701ef1f21a86761b59cdd_avoslocker_revil
Size

4.8MB
MD5

97f17271867701ef1f21a86761b59cdd
SHA1

8fc61cb461c90e37f9a1123710fe638dc97ff666
SHA256

9f37cf206ddc7ec8e2b2a96cc299b8926202bc99d05e10c03a1a4b850660041e
SHA512

2f653e7943bb0300cb4aedd47bbd68200f26ad0ee1561463f77b4dd77c33809ef909ace53cc0ebead23c4a455bc5d71a0bc0e9ac2c267b4161cfb49c61d0bffa
SSDEEP

98304:JOv5auE0T6s5YFbGpvsfg+BcUdQ0dGYEM4Obv2A+OIt:05auEu6RFbGxs1EM4y2ADI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-05_97f17271867701ef1f21a86761b59cdd_avoslocker_revil

Files

2024-07-05_97f17271867701ef1f21a86761b59cdd_avoslocker_revil
.exe windows:6 windows x86 arch:x86

c4a11d55ad1c9a1ca012ebc440069c5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\.build\remote_installer_x32\relwithdebinfo\InstallerUI-ru.pdb

Imports

wsock32

__WSAFDIsSet
closesocket
select
connect
htons
inet_ntoa
gethostname
WSAStartup
ntohl
ioctlsocket
htonl
WSAGetLastError
WSACleanup
send
recv
bind
getpeername
getsockname
getsockopt
ntohs
setsockopt
WSASetLastError
accept
listen
recvfrom
sendto
socket

ws2_32

GetNameInfoW
FreeAddrInfoW
GetAddrInfoW
WSAIoctl
WSACloseEvent
getaddrinfo
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
freeaddrinfo
WSAAddressToStringW
WSAStringToAddressW

mpr

WNetCancelConnection2W
WNetAddConnection2W

msi

ord232
ord141
ord8
ord72

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertEnumCertificatesInStore
CryptHashPublicKeyInfo
CertNameToStrW
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
PFXImportCertStore
CertOpenStore

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

MiniDumpWriteDump

wldap32

ord27
ord301
ord200
ord30
ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord79
ord22
ord26
ord41
ord32
ord33
ord35

kernel32

CreateFileW
Sleep
GetCurrentThread
DeleteFileW
GetFileSize
CreateDirectoryW
CopyFileExW
GetTickCount
FlushFileBuffers
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
CreateEventW
GetFileAttributesExW
SetEvent
FileTimeToSystemTime
FileTimeToLocalFileTime
SwitchToThread
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
GetModuleHandleExW
RtlCaptureStackBackTrace
ProcessIdToSessionId
K32GetModuleFileNameExA
K32GetModuleBaseNameW
K32GetModuleInformation
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnmapViewOfFile
GetFileInformationByHandle
GetLocalTime
SystemTimeToFileTime
FindFirstFileExW
GetCurrentDirectoryW
SetFileAttributesW
MoveFileExW
TerminateProcess
K32GetModuleFileNameExW
GetModuleHandleA
K32EnumProcesses
GetVersionExW
InitializeCriticalSection
LoadLibraryW
VerifyVersionInfoW
GetSystemDirectoryA
LoadLibraryA
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetSystemTime
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
WriteConsoleW
lstrcpyW
CopyFileW
VerSetConditionMask
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFullPathNameW
WritePrivateProfileStringW
LoadLibraryExW
lstrcmpiW
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
QueueUserWorkItem
TryEnterCriticalSection
DuplicateHandle
ReadFile
MulDiv
QueryPerformanceFrequency
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
LocalFree
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
CloseHandle
HeapReAlloc
LockResource
GetLastError
FormatMessageW
MultiByteToWideChar
HeapSize
GetCurrentThreadId
LocalAlloc
InitializeCriticalSectionEx
SetFilePointer
LeaveCriticalSection
GetModuleFileNameW
WriteFile
EnterCriticalSection
SetLastError
HeapFree
SizeofResource
ReleaseSemaphore
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
CreateTimerQueue
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
AreFileApisANSI
IsValidCodePage
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetConsoleOutputCP
SetFilePointerEx
RegisterWaitForSingleObject
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
ResetEvent
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
ExitProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitThread
SleepEx

user32

GetWindowLongW
EndDialog
KillTimer
SetTimer
PostMessageW
GetDesktopWindow
GetWindowTextLengthW
LoadMenuW
MonitorFromPoint
CheckMenuRadioItem
GetWindow
GetWindowRect
IsWindowVisible
SetWindowPos
MonitorFromWindow
CreateWindowExW
GetSystemMetrics
GetSubMenu
IsWindow
RedrawWindow
IsDialogMessageW
GetMonitorInfoW
SetDlgItemTextW
MapWindowPoints
RegisterHotKey
IsDlgButtonChecked
DestroyMenu
SetFocus
LoadIconW
LoadCursorW
SetCursor
wsprintfW
TrackPopupMenuEx
GetClientRect
GetDlgItem
CheckDlgButton
PostQuitMessage
EnableMenuItem
GetParent
LoadImageW
EnableWindow
GetWindowTextW
GetMessageW
CreateDialogParamW
DestroyWindow
MessageBoxW
UnregisterClassW
GetActiveWindow
ShowWindow
DispatchMessageW
PeekMessageW
CharNextW
TranslateMessage
SetWindowLongW
DialogBoxParamW
GetProcessWindowStation
GetUserObjectInformationW
SetWindowTextW
SendMessageW
InvalidateRect

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoInitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleRun
CoUninitialize
CoTaskMemAlloc

oleaut32

VariantClear
VariantChangeType
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
GetErrorInfo
VariantInit

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

CreateServiceW
ChangeServiceConfig2W
DeleteService
EnumDependentServicesW
StartServiceW
QueryServiceConfigW
SetThreadToken
QueryServiceStatus
CryptGenRandom
RevertToSelf
CloseServiceHandle
OpenSCManagerW
ControlService
ImpersonateLoggedOnUser
LogonUserW
OpenServiceW
OpenThreadToken
RegQueryValueExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegCloseKey
CryptAcquireContextW
CryptEnumProvidersW
GetAclInformation
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
RegQueryInfoKeyW
RegDeleteKeyW
GetSecurityDescriptorGroup
GetSidSubAuthority
GetSidLengthRequired
RegCreateKeyExW
GetSecurityDescriptorControl
CopySid
InitializeSid
GetSecurityDescriptorOwner
RegEnumKeyExW
IsValidSid
RegSetValueExW
AddAce
InitializeSecurityDescriptor
InitializeAcl
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
MakeAbsoluteSD
CryptSetHashParam
CryptDestroyKey
ReportEventW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathRemoveExtensionW
StrStrIW
PathFindExtensionW
PathAddExtensionW
PathAppendW
PathStripPathA
PathFileExistsW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17

userenv

UnloadUserProfile

activeds

ord9

netapi32

NetShareEnum
NetApiBufferFree
DsGetDcNameW

dnsapi

DnsFree
DnsQuery_W

pdh

PdhCloseQuery
PdhOpenQueryW

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4a11d55ad1c9a1ca012ebc440069c5c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

ws2_32

mpr

msi

wintrust

crypt32

version

dbghelp

wldap32

kernel32

user32

shell32

ole32

oleaut32

comdlg32

advapi32

shlwapi

comctl32

userenv

activeds

netapi32

dnsapi

pdh

bcrypt

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 731KB - Virtual size: 730KB

.data Size: 42KB - Virtual size: 71KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 179KB - Virtual size: 178KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 731KB - Virtual size: 730KB

.data
Size: 42KB - Virtual size: 71KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 179KB - Virtual size: 178KB