2024-07-28_8f355039fd3d9395f974e0982c13a458_avoslocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-28_8f355039fd3d9395f974e0982c13a458_avoslocker
Size

2.1MB
MD5

8f355039fd3d9395f974e0982c13a458
SHA1

725df56eba3b235f996132057e3ef94d4cc39843
SHA256

ba4e57be7998467a7fb5471ea6e6d5ee9d6233de96bf2699efe9e8c45b21b039
SHA512

7d6d3b445b7d39d054a37f0c33845fdb0f936e48252e46bfe405ab4d2bbb00554dcaea24283f56ce4c5b7b64a7daef0929994405b0706b7937b3b42f6b24dfe8
SSDEEP

24576:p22vSU1RUol7JFZUEHAlPPT7CP02yVYk8YzlRGaDEW4/oUxvCUD61CCQbKxvDUQa:bJUol1Fy+SPTey6IGqH4x5DeEKtUw9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-28_8f355039fd3d9395f974e0982c13a458_avoslocker

Files

2024-07-28_8f355039fd3d9395f974e0982c13a458_avoslocker
.exe windows:6 windows x86 arch:x86

d5a34c6f22036b9db086e3aa1c389105

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bamboo\xml-data\build-dir\CRED-CSV2279-JOB1\bin\WinNtR\LSARecoveryDecrypt.pdb

Imports

shell32

SHCreateDirectoryExA
SHCreateDirectoryExW
SHGetKnownFolderPath
SHGetFolderPathAndSubDirW
CommandLineToArgvW
SHFileOperationW
SHGetFolderPathW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create

user32

LoadStringW
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
SendMessageW
PostMessageW
PostQuitMessage
DestroyWindow
ShowWindow
SetWindowPos
CreateDialogParamW
GetDlgItem
SetDlgItemTextA
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
SetFocus
EnableWindow
GetDC
CharNextW
InvalidateRect
GetWindowRect
MessageBoxW
ScreenToClient
GetWindowLongW
SetWindowLongW
wsprintfA
GetSystemMetrics
IsDialogMessageW
LoadIconW
SetClassLongW

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject
SelectObject

advapi32

ImpersonateLoggedOnUser
DuplicateToken
SetEntriesInAclW
SetFileSecurityW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
CryptEncrypt
CryptDestroyKey
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RevertToSelf
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW
OpenProcessToken
OpenThreadToken
AccessCheck
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
GetLengthSid

ole32

CoTaskMemFree

crypt32

CryptImportPublicKeyInfo
CryptDecodeObject
CryptProtectMemory
CryptUnprotectData

winhttp

WinHttpOpen
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpConnect
WinHttpQueryOption
WinHttpSetStatusCallback

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces

ws2_32

getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup

kernel32

GetConsoleOutputCP
EnumSystemLocalesW
WaitForMultipleObjects
DuplicateHandle
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStdHandle
GetModuleHandleExW
ExitProcess
GetFileType
SetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
SetThreadPriority
TerminateThread
TlsGetValue
TlsAlloc
RtlUnwind
GetEnvironmentVariableW
Sleep
GetTickCount
CreateDirectoryW
CreateFileW
GetFileAttributesW
WriteFile
CloseHandle
GetLastError
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateThread
GetSystemTime
MoveFileW
MoveFileExW
GetCommandLineW
GetCurrentProcess
GetCurrentThread
CreateProcessW
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
MulDiv
FormatMessageW
SystemTimeToFileTime
CreateMutexA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetTempPathW
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
GetFileSize
SetEndOfFile
SetFilePointer
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
VirtualAlloc
VirtualFree
FlushFileBuffers
SetLastError
GetFinalPathNameByHandleW
RemoveDirectoryW
OutputDebugStringA
DeviceIoControl
SetEvent
CreateEventA
GetCurrentThreadId
GetSystemInfo
GetLocalTime
GetTickCount64
MapViewOfFile
CreateFileMappingA
GetDateFormatW
GetTimeFormatW
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrlenW
GetSystemDirectoryW
GetComputerNameExW
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetTempFileNameW
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
GetVolumeInformationW
GetLogicalDrives
FindFirstVolumeW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetLogicalDriveStringsW
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
DecodePointer
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
OpenProcess
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindNextFileW
GetFileSizeEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
GetCPInfo
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
ReadFile
LoadLibraryExA
DeleteCriticalSection
GetCurrentDirectoryW

bcrypt

BCryptVerifySignature
BCryptSignHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptGetProperty
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDecrypt
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptDeriveKeyPBKDF2
BCryptGenerateKeyPair
BCryptExportKey
BCryptImportKeyPair
BCryptFinalizeKeyPair

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

Exports

Exports

GetProxyServer

Sections

.text
Size: 704KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5a34c6f22036b9db086e3aa1c389105

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

comctl32

user32

gdi32

advapi32

ole32

crypt32

winhttp

setupapi

ws2_32

kernel32

bcrypt

rpcrt4

Exports

Exports

Sections

.text Size: 704KB - Virtual size: 708KB

.rdata Size: 194KB - Virtual size: 196KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 704KB - Virtual size: 708KB

.rdata
Size: 194KB - Virtual size: 196KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB