2024-08-10_a3e11d96114ee88657ccddbf5ac40e2f_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-10_a3e11d96114ee88657ccddbf5ac40e2f_avoslocker_revil
Size

29.2MB
MD5

a3e11d96114ee88657ccddbf5ac40e2f
SHA1

48fc955878fbdd75ea0152144db03d0f6dcd9b9e
SHA256

344a89884443058cb609f17927316783f0bd3183ef5183c66ced02e7e0895838
SHA512

5c2488d6bb46d4e073f14703969beeb15b94aa115cc168edef7e3b447582ff75e2d77b98b4fd847c4fb8be85686d41cf475ca8c6368eac2b101e9c8697af3f97
SSDEEP

786432:l8Yr68QhQlxWijRsr9l0UCuIT8YGt/mAAL+2:GYTtAmRq2tT8F18

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-10_a3e11d96114ee88657ccddbf5ac40e2f_avoslocker_revil

Files

2024-08-10_a3e11d96114ee88657ccddbf5ac40e2f_avoslocker_revil
.exe windows:5 windows x86 arch:x86

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\2024\Release\Main.pdb

Imports

kernel32

GetProcessHeap
MultiByteToWideChar
HeapSize
GetCurrentProcessId
GetLogicalDriveStringsA
HeapAlloc
OpenProcess
GetVolumeNameForVolumeMountPointA
FindClose
FindNextFileA
GetDriveTypeA
GetCurrentProcess
HeapFree
FindFirstFileA
WideCharToMultiByte
GlobalMemoryStatusEx
InterlockedDecrement
DeleteFileA
WaitForSingleObject
CreatePipe
WriteFile
SetHandleInformation
ReadFile
CreateProcessA
CloseHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
GetFileAttributesExW
SetEndOfFile
SetStdHandle
HeapReAlloc
SetFilePointerEx
ReadConsoleW
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetLastError
Sleep
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
CreateFileW
ExitThread

advapi32

DuplicateToken
StartServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetFileSecurityA
AccessCheck
LookupAccountSidA
OpenProcessToken
SetServiceStatus
MapGenericMask
GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
ChangeServiceConfig2A

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantClear
SysFreeString
VariantInit

ws2_32

WSACleanup
WSAStartup
inet_ntoa
inet_addr
ioctlsocket
sendto
htons
htonl
closesocket
ntohl
select
socket
connect

wininet

InternetQueryOptionA
HttpOpenRequestA
InternetSetOptionA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA

iphlpapi

GetIpNetTable
GetAdaptersInfo

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ok3.pyc

Sharing

General

Malware Config

Signatures

Files

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

wininet

iphlpapi

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB