F:\360Work\ssr\src\Release\ssr.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-07-24_df9231a8a0b79ebcb8e3511213f118e9_avoslocker.exe
Resource
win7-20240705-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-07-24_df9231a8a0b79ebcb8e3511213f118e9_avoslocker.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2024-07-24_df9231a8a0b79ebcb8e3511213f118e9_avoslocker
-
Size
1.4MB
-
MD5
df9231a8a0b79ebcb8e3511213f118e9
-
SHA1
5567afbfadcf8a76a0cc20774d32cdee8e63a180
-
SHA256
2601bb10f125377adee53de364b16b9d4fd82354552549c8cc4a977c559e342a
-
SHA512
07dca2c9b0c58af2a7e42dcf38f8f50814f4000eb09f9cbecef4d488b888844aa85aaa92ee486378b9b01c95cf7a64482d119c5e48b8eda7babb6be6a17f9200
-
SSDEEP
24576:KvMLyOlbytSMiBwxGPlmf5c4xxP3fss5caBGqg+DuIvt8HRS:KUZUXCwxoyS4xt0s1QnquMtuR
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-07-24_df9231a8a0b79ebcb8e3511213f118e9_avoslocker
Files
-
2024-07-24_df9231a8a0b79ebcb8e3511213f118e9_avoslocker.exe windows:6 windows x86 arch:x86
80e2dfdbbeda737d30e3b1a01d4e47ff
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
libprivoxy
privoxy_shutdown
privoxy_main_entry
kernel32
GetSystemTimeAsFileTime
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FormatMessageA
GetModuleFileNameA
GetLastError
GetVersion
CreateEventA
DebugBreak
CreateThread
CloseHandle
SetEvent
CreateFileA
DecodePointer
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetProcessHeap
GetTimeZoneInformation
HeapReAlloc
SetEndOfFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
SetFileAttributesW
WaitForSingleObject
lstrlenA
WriteFile
CreateNamedPipeA
GetFileAttributesExW
FreeLibraryAndExitThread
ExitThread
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
PostQueuedCompletionStatus
Sleep
SetErrorMode
GetQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleMode
GetFileType
CancelIo
SetHandleInformation
RegisterWaitForSingleObject
UnregisterWait
SwitchToThread
SetFileCompletionNotificationModes
LocalFree
Process32First
VerifyVersionInfoA
SetLastError
SetPriorityClass
GetModuleFileNameW
SetEnvironmentVariableW
GetConsoleTitleW
GetEnvironmentVariableW
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
OpenProcess
CreateToolhelp32Snapshot
FileTimeToSystemTime
QueryPerformanceFrequency
Process32Next
GetProcessIoCounters
GetSystemInfo
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPriorityClass
VerSetConditionMask
GlobalMemoryStatusEx
GetEnvironmentStringsW
SetConsoleTitleW
GetProcessTimes
SleepConditionVariableCS
TryEnterCriticalSection
TlsSetValue
ReleaseSemaphore
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
ResumeThread
TlsAlloc
GetNativeSystemInfo
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
CreateSemaphoreA
ReadFile
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
CreateFileW
DuplicateHandle
QueueUserWorkItem
CancelSynchronousIo
GetNamedPipeHandleStateA
GetCurrentThread
CancelIoEx
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
CreateDirectoryW
GetFileInformationByHandleEx
FindFirstFileW
GetFileSizeEx
GetFullPathNameW
FindNextFileW
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
FindClose
GetFileAttributesW
UnmapViewOfFile
GetFileInformationByHandle
FlushViewOfFile
SetFilePointerEx
CreateFileMappingA
MoveFileExW
CopyFileW
CreateSymbolicLinkW
MapViewOfFile
SetConsoleMode
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
ResetEvent
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
RtlUnwind
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
HeapSize
GetCommandLineA
GetCommandLineW
GetConsoleCP
user32
MapVirtualKeyW
DispatchMessageA
wsprintfW
GetSystemMetrics
GetMessageA
TranslateMessage
advapi32
RegOpenKeyExW
SetEntriesInAclA
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityInfo
CryptReleaseContext
RegQueryValueExW
GetUserNameW
RegGetValueW
CryptGenRandom
OpenProcessToken
SystemFunction036
RegCloseKey
CryptAcquireContextA
FreeSid
wininet
InternetSetOptionW
shlwapi
wnsprintfA
ws2_32
bind
closesocket
getaddrinfo
ntohl
inet_addr
socket
connect
getsockopt
htonl
WSADuplicateSocketW
WSASend
WSAIoctl
WSARecvFrom
freeaddrinfo
getsockname
ntohs
WSASendTo
gethostname
htons
select
WSASetLastError
WSAStartup
shutdown
listen
GetAddrInfoW
FreeAddrInfoW
WSAGetLastError
setsockopt
ioctlsocket
WSAGetOverlappedResult
WSARecv
getpeername
WSASocketW
libsodium
sodium_memzero
randombytes_buf
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_xor_ic
crypto_stream_salsa20_xor_ic
sodium_init
iphlpapi
ConvertInterfaceIndexToLuid
GetAdaptersAddresses
ConvertInterfaceLuidToNameW
psapi
GetProcessMemoryInfo
userenv
GetUserProfileDirectoryW
Exports
Exports
json_c_object_sizeof
json_c_set_serialization_double_format
json_c_shallow_copy_default
json_object_array_add
json_object_array_bsearch
json_object_array_del_idx
json_object_array_get_idx
json_object_array_length
json_object_array_put_idx
json_object_array_shrink
json_object_array_sort
json_object_deep_copy
json_object_double_to_json_string
json_object_equal
json_object_free_userdata
json_object_from_fd
json_object_from_fd_ex
json_object_from_file
json_object_get
json_object_get_array
json_object_get_boolean
json_object_get_double
json_object_get_int
json_object_get_int64
json_object_get_object
json_object_get_string
json_object_get_string_len
json_object_get_type
json_object_get_uint64
json_object_get_userdata
json_object_int_inc
json_object_is_type
json_object_new_array
json_object_new_array_ext
json_object_new_boolean
json_object_new_double
json_object_new_double_s
json_object_new_int
json_object_new_int64
json_object_new_null
json_object_new_object
json_object_new_string
json_object_new_string_len
json_object_new_uint64
json_object_object_add
json_object_object_add_ex
json_object_object_del
json_object_object_get
json_object_object_get_ex
json_object_object_length
json_object_put
json_object_set_boolean
json_object_set_double
json_object_set_int
json_object_set_int64
json_object_set_serializer
json_object_set_string
json_object_set_string_len
json_object_set_uint64
json_object_set_userdata
json_object_to_fd
json_object_to_file
json_object_to_file_ext
json_object_to_json_string
json_object_to_json_string_ext
json_object_to_json_string_length
json_object_userdata_to_json_string
json_parse_double
json_parse_int64
json_parse_uint64
json_tokener_error_desc
json_tokener_free
json_tokener_get_error
json_tokener_get_parse_end
json_tokener_new
json_tokener_new_ex
json_tokener_parse
json_tokener_parse_ex
json_tokener_parse_verbose
json_tokener_reset
json_tokener_set_flags
json_type_to_name
json_util_get_last_err
mbedtls_snprintf
mbedtls_test_ca_crt
mbedtls_test_ca_crt_ec
mbedtls_test_ca_crt_ec_der
mbedtls_test_ca_crt_ec_der_len
mbedtls_test_ca_crt_ec_len
mbedtls_test_ca_crt_ec_pem
mbedtls_test_ca_crt_ec_pem_len
mbedtls_test_ca_crt_len
mbedtls_test_ca_crt_rsa
mbedtls_test_ca_crt_rsa_len
mbedtls_test_ca_crt_rsa_sha1
mbedtls_test_ca_crt_rsa_sha1_der
mbedtls_test_ca_crt_rsa_sha1_der_len
mbedtls_test_ca_crt_rsa_sha1_len
mbedtls_test_ca_crt_rsa_sha1_pem
mbedtls_test_ca_crt_rsa_sha1_pem_len
mbedtls_test_ca_crt_rsa_sha256
mbedtls_test_ca_crt_rsa_sha256_der
mbedtls_test_ca_crt_rsa_sha256_der_len
mbedtls_test_ca_crt_rsa_sha256_len
mbedtls_test_ca_crt_rsa_sha256_pem
mbedtls_test_ca_crt_rsa_sha256_pem_len
mbedtls_test_ca_key
mbedtls_test_ca_key_ec
mbedtls_test_ca_key_ec_der
mbedtls_test_ca_key_ec_der_len
mbedtls_test_ca_key_ec_len
mbedtls_test_ca_key_ec_pem
mbedtls_test_ca_key_ec_pem_len
mbedtls_test_ca_key_len
mbedtls_test_ca_key_rsa
mbedtls_test_ca_key_rsa_der
mbedtls_test_ca_key_rsa_der_len
mbedtls_test_ca_key_rsa_len
mbedtls_test_ca_key_rsa_pem
mbedtls_test_ca_key_rsa_pem_len
mbedtls_test_ca_pwd
mbedtls_test_ca_pwd_ec
mbedtls_test_ca_pwd_ec_der_len
mbedtls_test_ca_pwd_ec_len
mbedtls_test_ca_pwd_ec_pem
mbedtls_test_ca_pwd_ec_pem_len
mbedtls_test_ca_pwd_len
mbedtls_test_ca_pwd_rsa
mbedtls_test_ca_pwd_rsa_der_len
mbedtls_test_ca_pwd_rsa_len
mbedtls_test_ca_pwd_rsa_pem
mbedtls_test_ca_pwd_rsa_pem_len
mbedtls_test_cas
mbedtls_test_cas_der
mbedtls_test_cas_der_len
mbedtls_test_cas_len
mbedtls_test_cas_pem
mbedtls_test_cas_pem_len
mbedtls_test_cli_crt
mbedtls_test_cli_crt_ec
mbedtls_test_cli_crt_ec_der
mbedtls_test_cli_crt_ec_der_len
mbedtls_test_cli_crt_ec_len
mbedtls_test_cli_crt_ec_pem
mbedtls_test_cli_crt_ec_pem_len
mbedtls_test_cli_crt_len
mbedtls_test_cli_crt_rsa
mbedtls_test_cli_crt_rsa_der
mbedtls_test_cli_crt_rsa_der_len
mbedtls_test_cli_crt_rsa_len
mbedtls_test_cli_crt_rsa_pem
mbedtls_test_cli_crt_rsa_pem_len
mbedtls_test_cli_key
mbedtls_test_cli_key_ec
mbedtls_test_cli_key_ec_der
mbedtls_test_cli_key_ec_der_len
mbedtls_test_cli_key_ec_len
mbedtls_test_cli_key_ec_pem
mbedtls_test_cli_key_ec_pem_len
mbedtls_test_cli_key_len
mbedtls_test_cli_key_rsa
mbedtls_test_cli_key_rsa_der
mbedtls_test_cli_key_rsa_der_len
mbedtls_test_cli_key_rsa_len
mbedtls_test_cli_key_rsa_pem
mbedtls_test_cli_key_rsa_pem_len
mbedtls_test_cli_pwd
mbedtls_test_cli_pwd_ec
mbedtls_test_cli_pwd_ec_len
mbedtls_test_cli_pwd_ec_pem
mbedtls_test_cli_pwd_ec_pem_len
mbedtls_test_cli_pwd_len
mbedtls_test_cli_pwd_rsa
mbedtls_test_cli_pwd_rsa_len
mbedtls_test_cli_pwd_rsa_pem
mbedtls_test_cli_pwd_rsa_pem_len
mbedtls_test_srv_crt
mbedtls_test_srv_crt_ec
mbedtls_test_srv_crt_ec_der
mbedtls_test_srv_crt_ec_der_len
mbedtls_test_srv_crt_ec_len
mbedtls_test_srv_crt_ec_pem
mbedtls_test_srv_crt_ec_pem_len
mbedtls_test_srv_crt_len
mbedtls_test_srv_crt_rsa
mbedtls_test_srv_crt_rsa_len
mbedtls_test_srv_crt_rsa_sha1
mbedtls_test_srv_crt_rsa_sha1_der
mbedtls_test_srv_crt_rsa_sha1_der_len
mbedtls_test_srv_crt_rsa_sha1_len
mbedtls_test_srv_crt_rsa_sha1_pem
mbedtls_test_srv_crt_rsa_sha1_pem_len
mbedtls_test_srv_crt_rsa_sha256
mbedtls_test_srv_crt_rsa_sha256_der
mbedtls_test_srv_crt_rsa_sha256_der_len
mbedtls_test_srv_crt_rsa_sha256_len
mbedtls_test_srv_crt_rsa_sha256_pem
mbedtls_test_srv_crt_rsa_sha256_pem_len
mbedtls_test_srv_key
mbedtls_test_srv_key_ec
mbedtls_test_srv_key_ec_der
mbedtls_test_srv_key_ec_der_len
mbedtls_test_srv_key_ec_len
mbedtls_test_srv_key_ec_pem
mbedtls_test_srv_key_ec_pem_len
mbedtls_test_srv_key_len
mbedtls_test_srv_key_rsa
mbedtls_test_srv_key_rsa_der
mbedtls_test_srv_key_rsa_der_len
mbedtls_test_srv_key_rsa_len
mbedtls_test_srv_key_rsa_pem
mbedtls_test_srv_key_rsa_pem_len
mbedtls_test_srv_pwd
mbedtls_test_srv_pwd_ec
mbedtls_test_srv_pwd_ec_der_len
mbedtls_test_srv_pwd_ec_len
mbedtls_test_srv_pwd_ec_pem
mbedtls_test_srv_pwd_ec_pem_len
mbedtls_test_srv_pwd_len
mbedtls_test_srv_pwd_rsa
mbedtls_test_srv_pwd_rsa_der_len
mbedtls_test_srv_pwd_rsa_len
mbedtls_test_srv_pwd_rsa_pem
mbedtls_test_srv_pwd_rsa_pem_len
mbedtls_x509_crt_profile_default
mbedtls_x509_crt_profile_next
mbedtls_x509_crt_profile_suiteb
mc_debug
mc_error
mc_get_debug
mc_info
mc_set_debug
mc_set_syslog
printbuf_free
printbuf_memappend
printbuf_memset
printbuf_new
printbuf_reset
sprintbuf
uv_accept
uv_async_init
uv_async_send
uv_backend_fd
uv_backend_timeout
uv_barrier_destroy
uv_barrier_init
uv_barrier_wait
uv_buf_init
uv_cancel
uv_chdir
uv_check_init
uv_check_start
uv_check_stop
uv_close
uv_cond_broadcast
uv_cond_destroy
uv_cond_init
uv_cond_signal
uv_cond_timedwait
uv_cond_wait
uv_cpu_info
uv_cwd
uv_default_loop
uv_disable_stdio_inheritance
uv_err_name
uv_err_name_r
uv_exepath
uv_fileno
uv_free_cpu_info
uv_free_interface_addresses
uv_freeaddrinfo
uv_fs_access
uv_fs_chmod
uv_fs_chown
uv_fs_close
uv_fs_closedir
uv_fs_copyfile
uv_fs_event_getpath
uv_fs_event_init
uv_fs_event_start
uv_fs_event_stop
uv_fs_fchmod
uv_fs_fchown
uv_fs_fdatasync
uv_fs_fstat
uv_fs_fsync
uv_fs_ftruncate
uv_fs_futime
uv_fs_get_system_error
uv_fs_lchown
uv_fs_link
uv_fs_lstat
uv_fs_lutime
uv_fs_mkdir
uv_fs_mkdtemp
uv_fs_mkstemp
uv_fs_open
uv_fs_opendir
uv_fs_poll_getpath
uv_fs_poll_init
uv_fs_poll_start
uv_fs_poll_stop
uv_fs_read
uv_fs_readdir
uv_fs_readlink
uv_fs_realpath
uv_fs_rename
uv_fs_req_cleanup
uv_fs_rmdir
uv_fs_scandir
uv_fs_scandir_next
uv_fs_sendfile
uv_fs_stat
uv_fs_statfs
uv_fs_symlink
uv_fs_unlink
uv_fs_utime
uv_fs_write
uv_get_constrained_memory
uv_get_free_memory
uv_get_osfhandle
uv_get_process_title
uv_get_total_memory
uv_getaddrinfo
uv_getrusage
uv_gettimeofday
uv_guess_handle
uv_handle_size
uv_has_ref
uv_hrtime
uv_idle_init
uv_idle_start
uv_idle_stop
uv_if_indextoiid
uv_if_indextoname
uv_inet_ntop
uv_inet_pton
uv_interface_addresses
uv_ip4_addr
uv_ip4_name
uv_ip6_addr
uv_ip6_name
uv_is_active
uv_is_closing
uv_is_readable
uv_is_writable
uv_key_create
uv_key_delete
uv_key_get
uv_key_set
uv_kill
uv_library_shutdown
uv_listen
uv_loadavg
uv_loop_alive
uv_loop_close
uv_loop_configure
uv_loop_delete
uv_loop_fork
uv_loop_init
uv_loop_new
uv_loop_size
uv_metrics_idle_time
uv_mutex_destroy
uv_mutex_init
uv_mutex_init_recursive
uv_mutex_lock
uv_mutex_trylock
uv_mutex_unlock
uv_now
uv_once
uv_open_osfhandle
uv_os_environ
uv_os_free_environ
uv_os_free_passwd
uv_os_get_passwd
uv_os_getenv
uv_os_gethostname
uv_os_getpid
uv_os_getppid
uv_os_getpriority
uv_os_homedir
uv_os_setenv
uv_os_setpriority
uv_os_tmpdir
uv_os_uname
uv_os_unsetenv
uv_pipe
uv_pipe_bind
uv_pipe_chmod
uv_pipe_connect
uv_pipe_getpeername
uv_pipe_getsockname
uv_pipe_init
uv_pipe_open
uv_pipe_pending_count
uv_pipe_pending_instances
uv_pipe_pending_type
uv_poll_init
uv_poll_init_socket
uv_poll_start
uv_poll_stop
uv_prepare_init
uv_prepare_start
uv_prepare_stop
uv_print_active_handles
uv_print_all_handles
uv_process_kill
uv_queue_work
uv_read_start
uv_read_stop
uv_recv_buffer_size
uv_ref
uv_replace_allocator
uv_req_size
uv_resident_set_memory
uv_run
uv_rwlock_destroy
uv_rwlock_init
uv_rwlock_rdlock
uv_rwlock_rdunlock
uv_rwlock_tryrdlock
uv_rwlock_trywrlock
uv_rwlock_wrlock
uv_rwlock_wrunlock
uv_sem_destroy
uv_sem_init
uv_sem_post
uv_sem_trywait
uv_sem_wait
uv_send_buffer_size
uv_set_process_title
uv_setup_args
uv_shutdown
uv_signal_init
uv_signal_start
uv_signal_start_oneshot
uv_signal_stop
uv_sleep
uv_socketpair
uv_spawn
uv_stop
uv_stream_set_blocking
uv_strerror
uv_strerror_r
uv_tcp_bind
uv_tcp_close_reset
uv_tcp_connect
uv_tcp_getpeername
uv_tcp_getsockname
uv_tcp_init
uv_tcp_init_ex
uv_tcp_keepalive
uv_tcp_nodelay
uv_tcp_open
uv_tcp_simultaneous_accepts
uv_thread_create
uv_thread_create_ex
uv_thread_equal
uv_thread_join
uv_thread_self
uv_timer_again
uv_timer_get_due_in
uv_timer_get_repeat
uv_timer_init
uv_timer_set_repeat
uv_timer_start
uv_timer_stop
uv_translate_sys_error
uv_try_write
uv_tty_get_vterm_state
uv_tty_get_winsize
uv_tty_init
uv_tty_reset_mode
uv_tty_set_mode
uv_tty_set_vterm_state
uv_udp_bind
uv_udp_connect
uv_udp_getpeername
uv_udp_getsockname
uv_udp_init
uv_udp_init_ex
uv_udp_open
uv_udp_recv_start
uv_udp_recv_stop
uv_udp_send
uv_udp_set_broadcast
uv_udp_set_membership
uv_udp_set_multicast_interface
uv_udp_set_multicast_loop
uv_udp_set_multicast_ttl
uv_udp_set_source_membership
uv_udp_set_ttl
uv_udp_try_send
uv_udp_using_recvmmsg
uv_unref
uv_update_time
uv_uptime
uv_walk
uv_write
Sections
.text Size: 639KB - Virtual size: 638KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 188KB - Virtual size: 188KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 592KB - Virtual size: 596KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE