2024-07-26_85319a0da6e430a4e46bcfc06a1eadff_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-26_85319a0da6e430a4e46bcfc06a1eadff_avoslocker_revil
Size

4.5MB
MD5

85319a0da6e430a4e46bcfc06a1eadff
SHA1

3de55cba48958592f121de01728fc2753ad2f9fe
SHA256

d64322472f35934c15e762bcf0b88c5d6237fd749d3a1c70873ba16a350be782
SHA512

feca0761f4238bbce07815cb723ce6ebb58be4e23b0e945fe0cf7f341c2439e863a363e099090acd080ee025897df934ebceb6f8f06a75eaaade7ec226242be8
SSDEEP

49152:zlXbIBqcIcqsI3LjBXigdBN7j0Vm/8EtU4n4SKN4OnYhp9YNUt/+sV66TZmlFAZ4:q4FsuLNXNdBN0+n4SKNxnMp9efv0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-26_85319a0da6e430a4e46bcfc06a1eadff_avoslocker_revil

Files

2024-07-26_85319a0da6e430a4e46bcfc06a1eadff_avoslocker_revil
.exe windows:5 windows x86 arch:x86

84c1db4524fac0db79c332333c52c204

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gocart-client-build\win-intel\build\gocartclient\public\gcinvokerutility\binaries\windows\release\AGCInvokerUtility.pdb

Imports

iphlpapi

GetAdaptersAddresses

psapi

GetProcessImageFileNameW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetFolderPathW
SHGetFolderLocation

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathStripPathW
PathAppendW
PathIsFileSpecW
PathAddExtensionW
PathRemoveBackslashW
PathIsDirectoryW
PathRenameExtensionW
PathFindExtensionW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

inet_ntoa

rpcrt4

RpcStringFreeA
UuidToStringA
UuidToStringW
UuidCreate
RpcStringFreeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

NetApiBufferFree
NetWkstaGetInfo

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winhttp

WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpConnect
WinHttpReadData

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW

kernel32

GetTempPathW
GetModuleFileNameW
GetModuleHandleExW
GetEnvironmentVariableA
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetLogicalDriveStringsW
QueryDosDeviceW
RemoveDirectoryW
DecodePointer
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
ProcessIdToSessionId
GetSystemTime
GetComputerNameExW
GetVersionExW
SystemTimeToFileTime
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryW
TryEnterCriticalSection
GetFileSizeEx
GetLocalTime
GetTimeFormatW
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
CreateSemaphoreW
VerSetConditionMask
lstrlenW
VerifyVersionInfoW
ReleaseSemaphore
GetTickCount
MoveFileW
K32GetProcessImageFileNameW
lstrcmpA
lstrcmpW
SetHandleInformation
CreatePipe
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateDirectoryW
DuplicateHandle
SetEvent
CreateEventW
GetCurrentProcess
TerminateProcess
ResumeThread
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
SetFileAttributesW
FileTimeToSystemTime
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
GetTimeZoneInformation
WideCharToMultiByte
CreateThread
GetCurrentThread
WaitForMultipleObjects
GlobalFree
GetModuleHandleW
GetACP
GetStdHandle
GetFileType
GetModuleHandleA
ResetEvent
GlobalMemoryStatus
FlushConsoleInputBuffer
OutputDebugStringA
TerminateThread
GetFileTime
DosDateTimeToFileTime
lstrcatW
LocalFileTimeToFileTime
WriteConsoleW
FreeEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetProcessTimes
CompareFileTime
GetCommandLineW
LocalFree
LocalAlloc
Sleep
CreateNamedPipeW
PeekNamedPipe
ConnectNamedPipe
GetLastError
CloseHandle
WriteFile
ReadFile
CreateFileW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleInputW
SetConsoleMode
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
MoveFileExW
SetFileTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
SwitchToThread

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW

advapi32

CryptGenRandom
AllocateAndInitializeSid
CryptReleaseContext
CryptAcquireContextW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenThreadToken
GetNamedSecurityInfoW
CopySid
CreateWellKnownSid
SetNamedSecurityInfoW
ConvertSidToStringSidA
DeleteService
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
CreateProcessAsUserW
EnumDependentServicesW
ControlService
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
QueryServiceStatusEx

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject

wintrust

WinVerifyTrust

Exports

Exports

AGDServiceAllKeysInSubDomain
AGDServiceConvertAGDStatusTypeEnumToString
AGDServiceCountKeysInSubDomain
AGDServiceRemoveAllKeysInSubDomain
AGDServiceRemoveKeyInSubDomain
AGDServiceSetMultipleValueForKeyInSubDomain
AGDServiceSetValueForKeyInSubDomain
AGDServiceValueForKeyInSubDomain
AGDTruncateAdobeGenuineDataTable
Adobe_GC_GetLatestGCApplication
Adobe_GC_InvokeApplication
Adobe_GC_InvokeApplication_NGL
Adobe_GC_ReleaseRef
Adobe_GC_SetDownloadPath
Adobe_GC_SetInstallPath
CCDGetNGLAppID
CCDServiceSetAllRecords
CCDTruncateCCDataTable
IAL_CloseSession
IAL_CreateSession
IAL_DownloadAdobeGCClientFromPath
IAL_FetchRulesForLEIDs
IAL_GetAdobeGCClientAppDownloadPath
IAL_GetClientConfiguration
IAL_GetServerURLFromDispatch
IAL_GetVersion
IAL_PostRulesForLEIDs
IAL_SendCheckPatch
IAL_SendEventToETSHostfileMod
IAL_SendInAppEvents
IAL_SendMachineEvents
IAL_SendNotifAuditEvents
IAL_SendPHEvents
IAL_SendPatchAudit
IAL_SendUninstallationStatus
IAL_SetLoggingMethod
IAL_SetProxyDetails
RSDConvertPCDStatusTypeEnumToString
RSDServiceGetAllRecords
RSDServiceRecordStatus
RSDTruncateGCDataTable

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 812KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84c1db4524fac0db79c332333c52c204

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

psapi

shell32

shlwapi

version

ws2_32

rpcrt4

userenv

netapi32

wtsapi32

winhttp

setupapi

kernel32

user32

advapi32

ole32

oleaut32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 597KB - Virtual size: 597KB

.data Size: 278KB - Virtual size: 298KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 812KB - Virtual size: 816KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 597KB - Virtual size: 597KB

.data
Size: 278KB - Virtual size: 298KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 812KB - Virtual size: 816KB