2024-07-24_02749af82c0a74b0f83cffe2b68c06ca_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-24_02749af82c0a74b0f83cffe2b68c06ca_avoslocker
Size

1.4MB
MD5

02749af82c0a74b0f83cffe2b68c06ca
SHA1

c9318b742ee06c40e2a8f99bdc93a5254c64960b
SHA256

6c3b332add8a398c410f002e24c4b5b44f2ae7e6bcdb7f2f0be9bce192e9dfb2
SHA512

09400354ee21efbcc0e642c3afa02f9c1492b675fbb975eb550426945fcddf87a4acb4ece9ad034ce16d553bac44d415c275782618ed86658cb658b859db359d
SSDEEP

24576:TnLQr5y565qEENN6nMcB4C0Y6nZx+LUFEtbh/icaBGqg+DuIvt8HRS:TLQr5UEE73c0Ykr0hqQnquMtuR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-24_02749af82c0a74b0f83cffe2b68c06ca_avoslocker

Files

2024-07-24_02749af82c0a74b0f83cffe2b68c06ca_avoslocker
.exe windows:6 windows x86 arch:x86

07f8ab4a7d02ceb3a0b8444cc31468ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\project\vpnui\360_vpn_client_win\ov\openvpn-build\msvc\build.tmp\openvpn\Win32-Output\Release\openvpn.pdb

Imports

ncrypt

NCryptFreeObject
NCryptSignHash

libeay32

ord2572
ord269
ord258
ord784
ord227
ord257
ord316
ord256
ord961
ord2821
ord267
ord3857
ord3888
ord2485
ord2708
ord3816
ord809
ord3844
ord2784
ord965
ord3899
ord363
ord259
ord315
ord2628
ord2502
ord3782
ord3836
ord3841
ord252
ord641
ord1847
ord497
ord1846
ord129
ord956
ord754
ord484
ord486
ord247
ord128
ord648
ord578
ord1167
ord9
ord639
ord3837
ord3873
ord3783
ord3879
ord2630
ord3877
ord2504
ord2747
ord2516
ord580
ord2256
ord222
ord2490
ord2399
ord2400
ord268
ord2147
ord794
ord964
ord2493
ord464
ord223
ord2915
ord2949
ord2970
ord2442
ord656
ord281
ord95
ord89
ord78
ord567
ord815
ord151
ord206
ord365
ord3353
ord3447
ord1309
ord1654
ord549
ord3575
ord1882
ord395
ord1653
ord904
ord572
ord150
ord3695
ord555
ord3212
ord378
ord957
ord66
ord109
ord3866
ord2446
ord298
ord901
ord1308
ord3422
ord181
ord399
ord1060
ord364
ord579
ord649
ord11
ord3315
ord1180
ord1016
ord411
ord566
ord1870
ord1017
ord680
ord333
ord3165
ord2431
ord585
ord1958
ord2051
ord1015
ord1018
ord2080
ord366
ord1002
ord576
ord588
ord67
ord529
ord401
ord909
ord402
ord657
ord2492
ord2701
ord654
ord52
ord625
ord82
ord248
ord2596
ord87
ord57
ord2
ord1304
ord558
ord910
ord224
ord575
ord1291
ord907
ord202
ord624

ssleay32

ord6
ord25
ord28
ord22
ord121
ord98
ord17
ord38
ord48
ord180
ord110
ord61
ord75
ord8
ord71
ord183
ord74
ord111
ord353
ord158
ord169
ord12
ord16
ord83
ord21
ord286
ord55
ord112
ord40
ord129
ord15
ord82
ord130
ord5
ord127
ord390
ord3
ord86
ord151
ord175

lzo2

lzo1x_1_15_compress
lzo_version_string
__lzo_init_v2
lzo1x_decompress_safe

libpkcs11-helper-1

pkcs11h_openssl_session_getEVP
pkcs11h_openssl_getX509
pkcs11h_openssl_session_getX509
pkcs11h_openssl_createSession
pkcs11h_openssl_freeSession
pkcs11h_setLogHook
pkcs11h_certificate_freeCertificate
pkcs11h_addProvider
pkcs11h_setProtectedAuthentication
pkcs11h_setForkMode
pkcs11h_certificate_create
pkcs11h_setPINPromptHook
pkcs11h_setPINCachePeriod
pkcs11h_certificate_serializeCertificateId
pkcs11h_engine_setSystem
pkcs11h_certificate_deserializeCertificateId
pkcs11h_certificate_freeCertificateId
pkcs11h_getMessage
pkcs11h_terminate
pkcs11h_certificate_getCertificateBlob
pkcs11h_setTokenPromptHook
pkcs11h_setLogLevel
pkcs11h_initialize
pkcs11h_logout
pkcs11h_certificate_enumCertificateIds
pkcs11h_certificate_freeCertificateIdList

ws2_32

htons
ntohl
WSAWaitForMultipleEvents
ioctlsocket
WSAGetLastError
setsockopt
ntohs
WSASetLastError
htonl
freeaddrinfo
getsockname
WSACleanup
WSAStartup
recv
inet_ntoa
send
listen
closesocket
select
inet_pton
getnameinfo
WSAGetOverlappedResult
inet_ntop
WSARecvFrom
getsockopt
WSARecv
connect
socket
getaddrinfo
WSASendTo
WSASend
bind
accept
getservbyname
WSAEnumNetworkEvents
WSAEventSelect

crypt32

CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptAcquireCertificatePrivateKey
CertFreeCertificateContext

iphlpapi

GetIpInterfaceEntry
InitializeIpInterfaceEntry
ConvertInterfaceIndexToLuid
GetIpForwardTable
CreateIpForwardEntry
DeleteIpForwardEntry
GetBestInterfaceEx
GetBestRoute2
IpReleaseAddress
GetAdaptersInfo
AddIPAddress
FlushIpNetTable
GetAdapterIndex
GetPerAdapterInfo
IpRenewAddress
GetInterfaceInfo
DeleteIPAddress
SetIpInterfaceEntry

fwpuclnt

FwpmGetAppIdFromFileName0
FwpmSubLayerAdd0
FwpmSubLayerGetByKey0
FwpmEngineOpen0
FwpmFreeMemory0
FwpmFilterAdd0
FwpmEngineClose0

kernel32

RaiseException
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetTickCount
CompareStringW
LCMapStringW
FlushFileBuffers
GetFullPathNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetExitCodeProcess
SetUnhandledExceptionFilter
GetOEMCP
IsWow64Process
WriteConsoleInputA
CreateEventA
CreateSemaphoreA
CreateProcessA
VerifyVersionInfoW
GetModuleHandleExW
GetNumberOfConsoleInputEvents
VerSetConditionMask
GetStartupInfoA
GetConsoleTitleA
ReadConsoleInputA
MultiByteToWideChar
GetCurrentThreadId
GetEnvironmentVariableA
GetTempPathW
GetModuleFileNameW
ReleaseSemaphore
SetConsoleTitleA
SetConsoleCtrlHandler
GetModuleFileNameA
GetStartupInfoW
GetOverlappedResult
CloseHandle
CreateFileA
DeviceIoControl
CancelIo
ResetEvent
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
DeleteFileW
DuplicateHandle
GetCurrentProcess
SetConsoleOutputCP
GetCommandLineW
Sleep
WaitForSingleObject
CreateFileW
SetFilePointer
FormatMessageA
LocalFree
GetLastError
SetLastError
GetFileType
WideCharToMultiByte
ReadConsoleW
GetConsoleMode
SetConsoleMode
WriteFile
GetStdHandle
ReadFile
ExitProcess
SetStdHandle
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineA
GetConsoleCP
SetFilePointerEx
SetEndOfFile
HeapFree
HeapAlloc
CreateProcessW
GetCPInfo
HeapReAlloc
WriteConsoleW
LoadLibraryExW
DecodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetProcessHeap
GetFileSizeEx
GetTimeZoneInformation
HeapSize

advapi32

CryptSignHashA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptSetHashParam
CryptCreateHash
SetKernelObjectSecurity
RegEnumKeyExA
RegQueryValueExW
RegOpenKeyExA

Sections

.text
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

07f8ab4a7d02ceb3a0b8444cc31468ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ncrypt

libeay32

ssleay32

lzo2

libpkcs11-helper-1

ws2_32

crypt32

iphlpapi

fwpuclnt

kernel32

advapi32

Sections

.text Size: 575KB - Virtual size: 575KB

.rdata Size: 211KB - Virtual size: 211KB

.data Size: 3KB - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 575KB - Virtual size: 575KB

.rdata
Size: 211KB - Virtual size: 211KB

.data
Size: 3KB - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 592KB - Virtual size: 596KB