2024-07-08_12c384e4e524e97753fc1be84f80eb66_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-08_12c384e4e524e97753fc1be84f80eb66_avoslocker
Size

2.8MB
MD5

12c384e4e524e97753fc1be84f80eb66
SHA1

7e928c4dc38bfd4272f70613eb3b70d757fe5812
SHA256

7b852f5c4ae894fc926e8d0b8e2ab8cf0c566cd2801d292c490cc092164959e3
SHA512

cfa68e39947059b5bf16ffbe8c01772a59e67e50801939edca94f52aee51f6843ac336fa812198f29a7bf1ad7b60670b7cdda89038e7a27b8519c0040165397d
SSDEEP

49152:tw5JwBR979E/PkwZP5Gzu0pMq71g1lFtLzTGzqUMAoBIFXF:tw5Jm9p0cbpMA16L6f

Score

1^/10

Malware Config

Signatures

Files

2024-07-08_12c384e4e524e97753fc1be84f80eb66_avoslocker
.exe windows:6 windows x86 arch:x86

084e2f80f6850b3a62d48ceefaeff9d5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/04/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:e7:04:f4:51:81:e7:3b:a3:8f:82:28:31:98:a6:c6:fa:f7:e1:c5:be:88:af:40:a1:17:e2:b0:7f:9e:1b:8c
Signer

Actual PE Digest

43:e7:04:f4:51:81:e7:3b:a3:8f:82:28:31:98:a6:c6:fa:f7:e1:c5:be:88:af:40:a1:17:e2:b0:7f:9e:1b:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\ccd-component-utils\main\native\win32\build\msvs_win32_x86\Release\x86\sym\LBS\LBS\CreativeCloudSet-Up.pdb

Imports

comctl32

ord17

gdi32

GetDeviceCaps

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty

kernel32

FindResourceW
GetProcAddress
FreeLibrary
SetDllDirectoryW
SetLastError
GetProcessId
CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrcmpiW
GetExitCodeProcess
GetModuleHandleW
FindFirstFileW
FindNextFileW
TerminateProcess
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
SetFileAttributesW
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
Process32NextW
DeleteFileW
Process32FirstW
CreateProcessW
CopyFileW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ResumeThread
SetEvent
TerminateThread
CreateThread
IsDebuggerPresent
GetLocaleInfoA
EnumSystemLocalesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetACP
IsDBCSLeadByteEx
FormatMessageW
LocalFree
HeapFree
LocalAlloc
CreateEventW
GetCurrentThread
GlobalFree
HeapAlloc
GetProcessHeap
ReadFile
DeviceIoControl
GetFileAttributesW
MoveFileExW
GetFileSize
lstrcmpW
FlushFileBuffers
CreateNamedPipeW
ConnectNamedPipe
SetFilePointer
GetCurrentThreadId
GetPhysicallyInstalledSystemMemory
HeapSize
ProcessIdToSessionId
HeapReAlloc
ResetEvent
GetFileInformationByHandle
GetFileSizeEx
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreW
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateFileW
GetTimeZoneInformation
WaitForMultipleObjects
SetEndOfFile
SetFilePointerEx
GetSystemTimeAsFileTime
SetThreadPriority
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
LoadResource
GetLocaleInfoEx
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
LCMapStringEx
QueryPerformanceCounter
LockResource
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CompareStringEx
GetCPInfo
OutputDebugStringW
RaiseException
GetUserDefaultLocaleName
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpool
GetStringTypeExA
LCMapStringA
LoadLibraryA
LoadLibraryExA
VirtualQuery
VirtualProtect
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FreeLibraryAndExitThread
ExitThread
WriteFile
GetStdHandle
SizeofResource
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
OpenProcess
GetCurrentProcess
GetSystemTime
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
GetSystemInfo
GetLastError
GetVersionExW
InitializeCriticalSectionEx
GetVersion
IsWow64Process
GetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesExW
GetFileTime
GetWindowsDirectoryW
CreateDirectoryExW
AreFileApisANSI
lstrlenW
VirtualFree
VirtualAlloc
LoadLibraryW
GetStringTypeW
FreeConsole
GetModuleHandleExW
ExitProcess
GetFileType
SetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetStartupInfoW
InitializeSListHead
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceFrequency
GetSystemDirectoryW
OpenMutexW

user32

LoadStringA
GetSystemMetrics
GetClassNameW
ReleaseDC
EnumWindows
SetWindowPos
DestroyWindow
GetWindowTextLengthW
GetSystemMenu
GetDC
MessageBoxW
SendMessageW
EndDialog
SetWindowTextW
ShowWindow
GetDlgItemTextW
SendDlgItemMessageW
BringWindowToTop
ChangeWindowMessageFilterEx
GetDlgItem
EnableMenuItem
DialogBoxParamW
SetForegroundWindow
LoadImageW
EnableWindow
GetWindowThreadProcessId
CreateDialogParamW
AllowSetForegroundWindow
PostMessageW
GetWindow

advapi32

CreateWellKnownSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RevertToSelf
ConvertStringSidToSidW
RegGetValueW
ImpersonateLoggedOnUser
GetUserNameW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
OpenProcessToken
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor
LookupAccountSidW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

ole32

OleRun
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoInitializeEx
CoSetProxyBlanket
StringFromGUID2
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize

shell32

ShellExecuteExW
SHGetPathFromIDListW
ord680
SHGetFolderLocation
SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW
SHGetDiskFreeSpaceExW
SHGetKnownFolderPath
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

GetErrorInfo
VariantCopy
VariantInit
VariantClear
VariantChangeType
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathIsFileSpecW
PathAddExtensionW
PathRenameExtensionW
PathIsRootW
PathRemoveExtensionW
PathIsSystemFolderW
PathAppendW
PathFindFileNameW
PathIsNetworkPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW

crypt32

CertGetIssuerCertificateFromStore
CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

iphlpapi

GetAdaptersInfo

urlmon

ObtainUserAgentString

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

084e2f80f6850b3a62d48ceefaeff9d5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

43:e7:04:f4:51:81:e7:3b:a3:8f:82:28:31:98:a6:c6:fa:f7:e1:c5:be:88:af:40:a1:17:e2:b0:7f:9e:1b:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdi32

bcrypt

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

crypt32

wintrust

iphlpapi

urlmon

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 428KB - Virtual size: 427KB

.data Size: 38KB - Virtual size: 48KB

.didat Size: 512B - Virtual size: 104B

.rsrc Size: 600KB - Virtual size: 600KB

.reloc Size: 92KB - Virtual size: 91KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

43:e7:04:f4:51:81:e7:3b:a3:8f:82:28:31:98:a6:c6:fa:f7:e1:c5:be:88:af:40:a1:17:e2:b0:7f:9e:1b:8c
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 428KB - Virtual size: 427KB

.data
Size: 38KB - Virtual size: 48KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 600KB - Virtual size: 600KB

.reloc
Size: 92KB - Virtual size: 91KB