2024-07-24_930675a9e6daed845df42a4642a0e49f_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-24_930675a9e6daed845df42a4642a0e49f_avoslocker
Size

2.7MB
MD5

930675a9e6daed845df42a4642a0e49f
SHA1

fd57727b551ea46482511525f60c827d7053be1e
SHA256

03cf0dc6ae03257e47288162f2b80d938f5b5dc463d6f080e381f61edeb6448f
SHA512

5118b4e33976f384f2b176e759a1b7359bcdfc36b9efb7b1ed00240348dd642ab48c9d539dec8edbbc3351d19e9d1c995cf6d2669bcdb8b5dd4287cf37e997df
SSDEEP

49152:RLo2q/XQV7D9ro7t1T9qRZhf+16Sah5G25WRnFT8wU+GmFQzH2QnquMtuR:RtN7D9ro7t1T9qRZhf+16Jh5G25WRnZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-24_930675a9e6daed845df42a4642a0e49f_avoslocker

Files

2024-07-24_930675a9e6daed845df42a4642a0e49f_avoslocker
.exe windows:6 windows x86 arch:x86

2e9b1fa3079dd447471be2ae7f8f5610

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\360Work\QihooNew\win_master\Release\Clientdl.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore

ws2_32

WSASetLastError
WSAIoctl
__WSAFDIsSet
select
accept
htonl
listen
ioctlsocket
ntohs
freeaddrinfo
socket
WSASocketW
inet_addr
recvfrom
htons
sendto
setsockopt
getsockopt
getsockname
getpeername
bind
WSAGetLastError
WSACleanup
WSAStartup
send
recv
closesocket
connect
getaddrinfo
gethostbyname

kernel32

LoadResource
FindResourceW
SystemTimeToFileTime
WaitForSingleObject
CreateEventW
SetEvent
CreateThread
ReadFile
CreatePipe
GetCurrentProcessId
CreateProcessW
Sleep
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
FormatMessageA
CreateFileA
GetFileSizeEx
CreateMutexW
ReleaseMutex
GetCurrentDirectoryW
ExitProcess
GetACP
GetFileSize
GetFileType
SetFilePointer
SetFileTime
WriteFile
DuplicateHandle
DosDateTimeToFileTime
GetFileAttributesExW
GetLongPathNameW
GetTempFileNameW
RemoveDirectoryW
CopyFileW
MoveFileW
ReplaceFileW
FileTimeToSystemTime
LocalFree
CreateIoCompletionPort
GetQueuedCompletionStatus
LockResource
IsDebuggerPresent
SetThreadPriority
SetUnhandledExceptionFilter
GetNativeSystemInfo
GetUserDefaultLangID
TryEnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
GetStdHandle
ExitThread
GlobalUnlock
GetModuleHandleExA
GetWindowsDirectoryW
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ResetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
FindResourceExW
SetFileAttributesW
LocalFileTimeToFileTime
GetTickCount
FreeLibrary
FreeResource
MoveFileExW
GlobalLock
LoadLibraryW
Process32FirstW
DeleteFileW
GlobalAlloc
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
SizeofResource
GetCurrentThreadId
OutputDebugStringA
PostQueuedCompletionStatus
MulDiv
GetSystemDirectoryW
FindClose
GetTempPathW
FormatMessageW
GetStringTypeW
EncodePointer
IsProcessorFeaturePresent
QueueUserWorkItem
SwitchToThread
GetCurrentThread
GetExitCodeThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
TerminateProcess
ExpandEnvironmentStringsW
GetCurrentProcess
FindNextFileW
GetCommandLineW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
SetLastError
CreateDirectoryW
CloseHandle
lstrcmpA
CreateFileW
InitializeCriticalSectionAndSpinCount
DeviceIoControl
WriteConsoleW
GetConsoleCP
GetConsoleMode
GetFullPathNameW
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
GetSystemDefaultLCID
WideCharToMultiByte
GetModuleHandleW
ReleaseSemaphore
GetProcAddress
GetLocalTime
MultiByteToWideChar
GetVersionExW
GetFileAttributesW
GetModuleFileNameW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
GetTimeZoneInformation
GetDriveTypeW
PeekNamedPipe

user32

MsgWaitForMultipleObjectsEx
GetQueueStatus
CallMsgFilterW
WaitMessage
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
SetRect
FillRect
DrawTextW
CharPrevW
LoadImageW
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
LoadCursorW
OffsetRect
SetCursor
wvsprintfW
SetWindowRgn
IsZoomed
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
UnionRect
IntersectRect
MapWindowPoints
ScreenToClient
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
IsIconic
IsWindowVisible
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
SetWindowPos
MessageBoxW
MonitorFromWindow
SetTimer
KillTimer
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
AttachThreadInput
GetForegroundWindow
SetForegroundWindow
MonitorFromPoint
GetDC
GetDesktopWindow
ReleaseDC
SendMessageW
FindWindowW
UnregisterClassW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetMonitorInfoW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
GetDeviceCaps
CreateRoundRectRgn
CombineRgn
Rectangle
CreateDCW
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetDIBits
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
RestoreDC
SetBkMode
SaveDC
SelectObject
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
GetObjectA
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
CreatePatternBrush
GetTextMetricsW
SetWindowOrgEx
GetObjectW

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
OpenServiceW
StartServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHFileOperationW
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

gdiplus

GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDrawRectangleI
GdipCreateLineBrushI
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipGetFamily
GdipCreateStringFormat
GdipDrawLineI
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipBitmapUnlockBits
GdipImageGetFrameDimensionsCount

shlwapi

PathFindFileNameW

netapi32

Netbios

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

comctl32

ord17
_TrackMouseEvent

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e9b1fa3079dd447471be2ae7f8f5610

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

crypt32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

netapi32

imm32

winmm

comctl32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 365KB - Virtual size: 364KB

.data Size: 31KB - Virtual size: 51KB

.rsrc Size: 229KB - Virtual size: 229KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 365KB - Virtual size: 364KB

.data
Size: 31KB - Virtual size: 51KB

.rsrc
Size: 229KB - Virtual size: 229KB

.reloc
Size: 648KB - Virtual size: 652KB