2024-07-10_6e37288fa26471d55f13b4d847f0dc2d_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-10_6e37288fa26471d55f13b4d847f0dc2d_avoslocker
Size

1.7MB
MD5

6e37288fa26471d55f13b4d847f0dc2d
SHA1

055cd19acf672d97280eb874147c48e9c6439b1c
SHA256

0b22915fffd0e1bd73e4771c5520a1a62157637575cc94c1be292ea5a832c0dd
SHA512

22c140645bf900e20e8f7db88431dd7df1be3ac45b38e183c866249e66b9ade655bab434cd93b26a33ee770c10485c9af7067bd35a04faccf835dce56459be32
SSDEEP

24576:8LFrKxtf4eyT+R+0a2xTYEKsZsqjnhMgeiCl7G0nehbGZpbD:dxh4XT+MUxTYEKIDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-10_6e37288fa26471d55f13b4d847f0dc2d_avoslocker

Files

2024-07-10_6e37288fa26471d55f13b4d847f0dc2d_avoslocker
.exe windows:5 windows x86 arch:x86

36e496b3a026479e6db88ef5da0fe6c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HDHelper.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

LocalFree
MoveFileExW
lstrcpyW
lstrcmpiW
lstrcmpW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentProcess
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetExitCodeProcess
GetVersionExW
Sleep
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
FlushFileBuffers
FreeLibrary
TerminateProcess
OpenProcess
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
SetEvent
Process32FirstW
HeapReAlloc
ResetEvent
GetCurrentProcessId
GetUserDefaultLCID
LCMapStringW
SetFilePointer
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetUserDefaultLangID
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetUserDefaultUILanguage
TlsAlloc
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetStdHandle
GetTimeZoneInformation
DeleteFileW
GetLastError
FormatMessageW
SetFileAttributesW
GetFileAttributesW
CreateFileW
LocalAlloc
FindClose
GetTempPathW
GetModuleFileNameW
TlsGetValue
FindNextFileW
SetLastError
FindFirstFileW
ReadFile
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetConsoleCP
SetEndOfFile
WriteConsoleW
SwitchToThread
InitializeCriticalSectionAndSpinCount
HeapSize
GetFileType
LoadLibraryExW
RtlUnwind
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetStringTypeW

user32

AllowSetForegroundWindow

advapi32

RegSetKeySecurity
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSidToSidW
CreateProcessAsUserW
ConvertSidToStringSidW
GetUserNameW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetEntriesInAclW
OpenProcessToken
GetTokenInformation
CreateWellKnownSid

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CLSIDFromProgID
OleRun
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantCopy
VariantInit
GetErrorInfo
VariantClear

shlwapi

PathRemoveExtensionW
PathIsDirectoryW
PathIsFileSpecW
PathAppendW
PathFindFileNameW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
PathAddExtensionW
PathFileExistsW

Sections

.text
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36e496b3a026479e6db88ef5da0fe6c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 319KB - Virtual size: 319KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 319KB - Virtual size: 319KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB