2024-07-22_5998df6e64eae32ae0d2c09f72ac1827_avoslocker_floxif

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-22_5998df6e64eae32ae0d2c09f72ac1827_avoslocker_floxif
Size

4.9MB
MD5

5998df6e64eae32ae0d2c09f72ac1827
SHA1

968a78c3ab067e1095ad1cea44b0b4d6cb88ab7b
SHA256

cf724ec76a74cc18ee1a9176adc038dacadbc5689ed00cc1216a1c5be7c14f58
SHA512

c5db3a291cc4954dc6fb6e906418b33a196f959609451bc0c3ef575179ce7b2740d9b902b42625620a698299a9a64939954f73309d65acd9df3492c45051f8ad
SSDEEP

98304:E8yYgLpRp/0hHWsssuZKPyYTIRE321f6y30dNGKFLOAkGkzdnEVomFHKnPg:6oHPmn1f6y30d/FLOyomFHKnPg

Score

1^/10

Malware Config

Signatures

Files

2024-07-22_5998df6e64eae32ae0d2c09f72ac1827_avoslocker_floxif
.exe windows:6 windows x86 arch:x86

f181b04dbc99dbad93b045e6f763566b

Code Sign

0e:14:56:9f:2d:f3:61:a9:62:fb:03:55:93:65:9c:d2
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

13/12/2023, 13:52

Not After

12/12/2024, 13:52

Subject

CN=AuraSide\, Inc,O=AuraSide\, Inc,L=Newark,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:27:4a:f8:9a:88:51:be:eb:49:94:e9:b9:6e:36:e0:a0:ab:72:96:92:28:bd:63:b8:fe:16:ae:07:e4:53:45
Signer

Actual PE Digest

2c:27:4a:f8:9a:88:51:be:eb:49:94:e9:b9:6e:36:e0:a0:ab:72:96:92:28:bd:63:b8:fe:16:ae:07:e4:53:45

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Projects\C++ Developer - Full Time - Monthly Pay\source\ghast-app\Release-External\Loader.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

LCMapStringW
ReadConsoleW
GetConsoleMode
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
HeapQueryInformation
ExitThread
GetCommandLineW
GetCommandLineA
RtlUnwind
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
CreateThread
GetCPInfo
LCMapStringEx
EnumSystemLocalesW
QueryPerformanceFrequency
GetOEMCP
FormatMessageA
InitOnceBeginInitialize
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceComplete
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
OutputDebugStringW
GetDriveTypeW
GetConsoleOutputCP
SetFilePointerEx
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
IsValidLocale
GetTimeZoneInformation
IsValidCodePage
WriteConsoleW
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
MulDiv
GetModuleFileNameW
GetTempPathW
GetLongPathNameW
CreateDirectoryW
GetDiskFreeSpaceExW
SetLastError
GetLastError
CreateProcessW
CloseHandle
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetTickCount
CreateMutexW
ReleaseMutex
OpenProcess
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExW
Module32FirstW
Module32NextW
RemoveDirectoryW
DeleteFileW
MoveFileExW
WideCharToMultiByte
GetCurrentThreadId
WaitForSingleObject
Sleep
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetUserDefaultLCID
GetTempFileNameW
FindResourceExW
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
SetErrorMode
DeleteCriticalSection
GetProcessHeap
GetACP
GetFileTime
GetFileSizeEx
GetFileAttributesExW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
lstrcpyW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SuspendThread
SetThreadPriority
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
GetCurrentProcessId
CompareStringA
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetVersionExW
GetCurrentThread
OutputDebugStringA
LocalFree
GlobalSize
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
GetModuleHandleA
GetSystemTimeAsFileTime
ResetEvent
SetEvent
GlobalAlloc
ResumeThread
GlobalFree
GlobalUnlock
GlobalLock
CreateEventW
GetStringTypeW

user32

FrameRect
CopyIcon
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
ModifyMenuW
CharUpperBuffW
RegisterClipboardFormatW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadImageW
DestroyIcon
SetClassLongW
LockWindowUpdate
BringWindowToTop
SetParent
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
LoadAcceleratorsW
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
DrawFocusRect
DrawFrameControl
DrawEdge
WaitMessage
GetDC
ReleaseDC
GetWindowThreadProcessId
GetClassNameW
GetAncestor
MapDialogRect
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
WindowFromPoint
MessageBeep
SetWindowRgn
GetSystemMenu
GetAsyncKeyState
IsZoomed
TrackMouseEvent
RealChildWindowFromPoint
DeleteMenu
CopyImage
CharUpperW
OffsetRect
GetDoubleClickTime
GetIconInfo
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
GetNextDlgGroupItem
HideCaret
InvertRect
DestroyCursor
GetComboBoxInfo
GetWindowRgn
DrawIconEx
EnumWindows
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
SetForegroundWindow
IsIconic
ShowWindow
LoadCursorW
GetClientRect
EnableWindow
LoadIconW
SetTimer
KillTimer
LoadMenuW
GetSubMenu
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
GetMenuItemID
SendMessageW
GetForegroundWindow
AttachThreadInput
InvalidateRect
GetSysColor
IsRectEmpty
InflateRect
GetSystemMetrics
DrawIcon
GetWindowRect
SetCursor
UnregisterClassW
SetRect
FillRect
CopyRect
EqualRect
PtInRect
SetCapture
ReleaseCapture
GetCapture
GetMenuStringW
GetMenuState
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
PostQuitMessage
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetLastActivePopup
UnhookWindowsHookEx
DrawStateW
UpdateWindow
LoadBitmapW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
GetDesktopWindow
GetFocus
SetWindowsHookExW
CallNextHookEx
MoveWindow
SetWindowPos
CheckDlgButton
GetDlgCtrlID
SetFocus
SetWindowTextW
GetWindowTextW
SendDlgItemMessageA
ShowOwnedPopups
EnumDisplayMonitors
SetRectEmpty
GetSysColorBrush
SetLayeredWindowAttributes
IntersectRect
TranslateMessage
GetMessageW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
SetMenuItemInfoW
DeferWindowPos
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongW
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetMenu
GetMenu
GetKeyState
IsWindowVisible
GetMenuCheckMarkDimensions
GetWindowTextLengthW
SetWindowLongW
GetWindow
IsDialogMessageW
RegisterWindowMessageW
DispatchMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
EndDeferWindowPos

gdi32

SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
GetObjectW
GetStockObject
CreateDCW
CopyMetaFileW
SetPixel
StretchBlt
DeleteObject
SelectObject
DeleteDC
RemoveFontMemResourceEx
CreateFontIndirectW
AddFontMemResourceEx
Rectangle
CreatePen
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
SetTextColor
PatBlt
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CreateRoundRectRgn
CreateDIBSection
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
RealizePalette
SetDIBColorTable
GetRgnBox
OffsetRgn
EnumFontFamiliesExW
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
CombineRgn

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
OpenProcessToken
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ord165
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetFolderPathW

shlwapi

PathCompactPathW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
IsAppThemed
CloseThemeData
OpenThemeData
DrawThemeText
DrawThemeParentBackground

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CoDisconnectObject
CoInitialize
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicture
SysAllocStringLen
VariantChangeType
SysAllocStringByteLen
VariantCopy
VarBstrFromDate
LoadTypeLi
SysFreeString
VariantInit
VariantClear
SysAllocString

urlmon

URLDownloadToFileW

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDrawRectangleI
GdipDisposeImage
GdiplusStartup
GdipAlloc
GdipGetImageWidth
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipFree
GdipCloneImage
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageHeight
GdipGetImagePixelFormat

wininet

DeleteUrlCacheEntryW

dwmapi

DwmExtendFrameIntoClientArea

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

crypt32

CryptUnprotectMemory
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptCreateHash

winhttp

WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpGetDefaultProxyConfiguration
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSetStatusCallback

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f181b04dbc99dbad93b045e6f763566b

Code Sign

0e:14:56:9f:2d:f3:61:a9:62:fb:03:55:93:65:9c:d2Certificate

Extended Key Usages

Key Usages

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

2c:27:4a:f8:9a:88:51:be:eb:49:94:e9:b9:6e:36:e0:a0:ab:72:96:92:28:bd:63:b8:fe:16:ae:07:e4:53:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

urlmon

gdiplus

wininet

dwmapi

oleacc

imm32

winmm

crypt32

bcrypt

winhttp

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 432KB - Virtual size: 432KB

.data Size: 67KB - Virtual size: 86KB

.SHARED Size: 512B - Virtual size: 4B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 165KB - Virtual size: 165KB

0e:14:56:9f:2d:f3:61:a9:62:fb:03:55:93:65:9c:d2
Certificate

64:33:51:d3:c7:38:9f:08
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

2c:27:4a:f8:9a:88:51:be:eb:49:94:e9:b9:6e:36:e0:a0:ab:72:96:92:28:bd:63:b8:fe:16:ae:07:e4:53:45
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 432KB - Virtual size: 432KB

.data
Size: 67KB - Virtual size: 86KB

.SHARED
Size: 512B - Virtual size: 4B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 165KB - Virtual size: 165KB