2024-08-14_d09ff7774cab6d8c6e3b5ba0f90b061b_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-14_d09ff7774cab6d8c6e3b5ba0f90b061b_avoslocker_revil
Size

29.2MB
MD5

d09ff7774cab6d8c6e3b5ba0f90b061b
SHA1

32428e81fa8ac7a3418225d0c52164cfb820b545
SHA256

73c8d70956287ae6179cd80b9214ae10dfcaba1522d0b9b0eaa6befd8279f1c2
SHA512

8e548a46f9dbe45eb15578293d4f85cb873ece21021bb90146604d174ad6bcaf39a413dffa0179d4bea49754219482300684e59baa1df322a78a644e134a6831
SSDEEP

786432:l8Yr68QhQlxWijRsr9l0UCuIT8YGt/mAAL+v:GYTtAmRq2tT8F1R

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-14_d09ff7774cab6d8c6e3b5ba0f90b061b_avoslocker_revil

Files

2024-08-14_d09ff7774cab6d8c6e3b5ba0f90b061b_avoslocker_revil
.exe windows:5 windows x86 arch:x86

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\2024\Release\Main.pdb

Imports

kernel32

GetProcessHeap
MultiByteToWideChar
HeapSize
GetCurrentProcessId
GetLogicalDriveStringsA
HeapAlloc
OpenProcess
GetVolumeNameForVolumeMountPointA
FindClose
FindNextFileA
GetDriveTypeA
GetCurrentProcess
HeapFree
FindFirstFileA
WideCharToMultiByte
GlobalMemoryStatusEx
InterlockedDecrement
DeleteFileA
WaitForSingleObject
CreatePipe
WriteFile
SetHandleInformation
ReadFile
CreateProcessA
CloseHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
GetFileAttributesExW
SetEndOfFile
SetStdHandle
HeapReAlloc
SetFilePointerEx
ReadConsoleW
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetLastError
Sleep
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
CreateFileW
ExitThread

advapi32

DuplicateToken
StartServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetFileSecurityA
AccessCheck
LookupAccountSidA
OpenProcessToken
SetServiceStatus
MapGenericMask
GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
ChangeServiceConfig2A

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantClear
SysFreeString
VariantInit

ws2_32

WSACleanup
WSAStartup
inet_ntoa
inet_addr
ioctlsocket
sendto
htons
htonl
closesocket
ntohl
select
socket
connect

wininet

InternetQueryOptionA
HttpOpenRequestA
InternetSetOptionA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA

iphlpapi

GetIpNetTable
GetAdaptersInfo

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ok3.pyc

Sharing

General

Malware Config

Signatures

Files

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

wininet

iphlpapi

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB