2024-07-10_050800b6ea5fc6fbae759cd2be4920d8_avoslocker_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-10_050800b6ea5fc6fbae759cd2be4920d8_avoslocker_magniber
Size

1.2MB
MD5

050800b6ea5fc6fbae759cd2be4920d8
SHA1

e4fa7b3d9d8d00ed8d917ea7edbffba53a6fb052
SHA256

7b4af38cf2858b00d7ea4a0a7ae1b7e5101d899d102db0e3be91cf11d446ad81
SHA512

627ec4671f2cc071190ff0e19c7b675040e9e8043b2762898be108ca4ec266357923feb6ba730198bd93aa8c9ee859ded83cda46b2414a83feacfe7e79124966
SSDEEP

24576:CWME4SzlUzfk+TBqIBSUUIsqjnhMgeiCl7G0nehbGZpbD:qXSzlULVTBqqU0Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-10_050800b6ea5fc6fbae759cd2be4920d8_avoslocker_magniber

Files

2024-07-10_050800b6ea5fc6fbae759cd2be4920d8_avoslocker_magniber
.exe windows:5 windows x86 arch:x86

65948ed66a51719a2c9e182f348d2460

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Setup.pdb

Imports

crclient

?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z
?SetCRDisplayName@@YA_NPBD@Z

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetFullPathNameW
FindNextFileW
WriteFile
GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
lstrcmpW
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
WaitForSingleObject
Sleep
CreateThread
LoadLibraryW
GetProcAddress
FreeLibrary
GetUserDefaultLCID
LCMapStringW
CreateEventW
SetEvent
ResetEvent
GetCurrentProcess
GetVersionExW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
HeapFree
SetLastError
TerminateProcess
HeapSize
FindFirstFileW
HeapReAlloc
HeapAlloc
GetProcessHeap
QueryPerformanceFrequency
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetUserDefaultUILanguage
GetUserDefaultLangID
OutputDebugStringW
SetDllDirectoryW
GetConsoleWindow
DeleteCriticalSection
DecodePointer
FreeConsole
RaiseException
AttachConsole
GetLastError
InitializeCriticalSectionEx
GetStdHandle
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetTimeZoneInformation
GetFileType
SetStdHandle
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetStringTypeW
ReadFile

user32

wsprintfW
SendMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
OleRun
CLSIDFromString
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
GetErrorInfo
VariantClear

shlwapi

PathRenameExtensionW
PathIsFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65948ed66a51719a2c9e182f348d2460

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crclient

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 408KB - Virtual size: 407KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 9KB - Virtual size: 15KB

.rsrc Size: 88KB - Virtual size: 88KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 88KB - Virtual size: 88KB

.reloc
Size: 592KB - Virtual size: 596KB