2024-08-10_ec07d67e22f647594dea214cce250978_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-10_ec07d67e22f647594dea214cce250978_avoslocker_revil
Size

29.2MB
MD5

ec07d67e22f647594dea214cce250978
SHA1

3ce1855f64f44a678cc880b4cd0e9fa95dbaafac
SHA256

4a21679c8892b7d8ef013579932f13c51dfea79f9e169858f6b9ac8bff90ebbc
SHA512

cee923db6f9cc52ce71ea434d7334d3456bcbc37c256aab785e9ecbfab530754fba84cb7f301b7addf95b26029ee42ab76dc36682892db164eb19f98c2a06578
SSDEEP

786432:l8Yr68QhQlxWijRsr9l0UCuIT8YGt/mAAL+V:GYTtAmRq2tT8F1/

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-10_ec07d67e22f647594dea214cce250978_avoslocker_revil

Files

2024-08-10_ec07d67e22f647594dea214cce250978_avoslocker_revil
.exe windows:5 windows x86 arch:x86

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\2024\Release\Main.pdb

Imports

kernel32

GetProcessHeap
MultiByteToWideChar
HeapSize
GetCurrentProcessId
GetLogicalDriveStringsA
HeapAlloc
OpenProcess
GetVolumeNameForVolumeMountPointA
FindClose
FindNextFileA
GetDriveTypeA
GetCurrentProcess
HeapFree
FindFirstFileA
WideCharToMultiByte
GlobalMemoryStatusEx
InterlockedDecrement
DeleteFileA
WaitForSingleObject
CreatePipe
WriteFile
SetHandleInformation
ReadFile
CreateProcessA
CloseHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
GetFileAttributesExW
SetEndOfFile
SetStdHandle
HeapReAlloc
SetFilePointerEx
ReadConsoleW
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetLastError
Sleep
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
CreateFileW
ExitThread

advapi32

DuplicateToken
StartServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetFileSecurityA
AccessCheck
LookupAccountSidA
OpenProcessToken
SetServiceStatus
MapGenericMask
GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
ChangeServiceConfig2A

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantClear
SysFreeString
VariantInit

ws2_32

WSACleanup
WSAStartup
inet_ntoa
inet_addr
ioctlsocket
sendto
htons
htonl
closesocket
ntohl
select
socket
connect

wininet

InternetQueryOptionA
HttpOpenRequestA
InternetSetOptionA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA

iphlpapi

GetIpNetTable
GetAdaptersInfo

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ok3.pyc

Sharing

General

Malware Config

Signatures

Files

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

wininet

iphlpapi

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB