2024-08-16_8011acea0e5030f608593fb802e517db_avoslocker_hijackloader_rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-16_8011acea0e5030f608593fb802e517db_avoslocker_hijackloader_rhadamanthys
Size

3.2MB
MD5

8011acea0e5030f608593fb802e517db
SHA1

8c1c5aa5194d74f8cc1424a25512f45ee8404725
SHA256

0a2ed20b002c7738de9b99d5c47d51d473109f0b83a404675559acd9a74f2d0b
SHA512

dae41758d3329adbcf3ef9788dd84c2bba1b6535da99933f21c9fcf68cad276f0481466f87810614c3b9493b4007a52a748fc2382e1e8629f79bcd4b75c490f7
SSDEEP

49152:kXeNOuzHeGGUCwhkfofCfokLi/sazR0BSCpmoLBin9VO3Q59HU1f:kXtwhkfo6gkLixR0BSChiO3wlof

Score

1^/10

Malware Config

Signatures

Files

2024-08-16_8011acea0e5030f608593fb802e517db_avoslocker_hijackloader_rhadamanthys
.exe windows:6 windows x86 arch:x86

eed5fea19ab27ef30995cc681c0f1313

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:ec:53:47:21:d6:0c:85:f9:e5:5f:2b:f7:1e:ed:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2021, 00:00

Not After

21/03/2024, 23:59

Subject

CN=Cisco Systems\, Inc.,O=Cisco Systems\, Inc.,L=Boxborough,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:ec:53:47:21:d6:0c:85:f9:e5:5f:2b:f7:1e:ed:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2021, 00:00

Not After

21/03/2024, 23:59

Subject

CN=Cisco Systems\, Inc.,O=Cisco Systems\, Inc.,L=Boxborough,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:64:99:9c:62:38:a1:ea:48:d5:32:69:23:d3:91:aa:69:10:b6:93:6a:9e:ed:c5:23:92:2a:16:d7:74:b4:33
Signer

Actual PE Digest

a5:64:99:9c:62:38:a1:ea:48:d5:32:69:23:d3:91:aa:69:10:b6:93:6a:9e:ed:c5:23:92:2a:16:d7:74:b4:33

Digest Algorithm

sha256

PE Digest Matches

false

f2:02:ea:c1:11:b8:50:44:7f:ed:74:65:94:d0:f8:a1:c9:7a:ea:4d
Signer

Actual PE Digest

f2:02:ea:c1:11:b8:50:44:7f:ed:74:65:94:d0:f8:a1:c9:7a:ea:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\drone\src\build_output\Win32\Release\csc_ui.pdb

Imports

crypt32

CryptProtectData
CertGetNameStringW
CryptUnprotectData

winmm

PlaySoundW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsExW
WTSFreeMemoryExW
WTSFreeMemory

ole32

StringFromGUID2
OleUninitialize
CoGetClassObject
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
OleInitialize
CoTaskMemRealloc
CLSIDFromString
OleLockRunning
CoInitializeEx
CoTaskMemAlloc
CoUninitialize
CreateStreamOnHGlobal

kernel32

GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
AreFileApisANSI
DeviceIoControl
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
SetStdHandle
GetCurrentDirectoryW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
WriteFile
GetStdHandle
ExitProcess
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
GetLocaleInfoEx
OutputDebugStringW
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetCPInfo
CompareStringEx
LCMapStringEx
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FormatMessageA
GetExitCodeThread
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
FileTimeToLocalFileTime
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
ReadFile
GetSystemDirectoryW
TlsFree
TlsGetValue
TlsAlloc
LocalAlloc
TlsSetValue
GetLocaleInfoW
GetTickCount
Sleep
WaitForMultipleObjects
SetUnhandledExceptionFilter
GetLocalTime
DeleteFileW
SetErrorMode
GetFullPathNameW
FindFirstFileW
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileExW
CreateDirectoryW
ReadDirectoryChangesW
CancelIo
GetTempPathW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
OutputDebugStringA
CreateFileW
GetFileAttributesW
lstrcpyW
CreateProcessW
ProcessIdToSessionId
LoadLibraryExW
lstrcmpW
SetDllDirectoryW
FreeLibrary
FindResourceW
LoadResource
LoadLibraryW
GetModuleFileNameW
SizeofResource
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExW
LocalFree
GetCommandLineW
lstrcmpiW
CompareStringW
IsDebuggerPresent
FormatMessageW
MultiByteToWideChar
ReleaseMutex
lstrlenA
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
VerifyVersionInfoW
VerSetConditionMask
OpenMutexW
WideCharToMultiByte
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
CreateMutexW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
MulDiv
GetModuleHandleW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
lstrlenW
TerminateProcess
GetCurrentProcess
DebugBreak

user32

EnableMenuItem
GetDesktopWindow
KillTimer
SetRect
DrawTextW
GetDlgItem
GetClientRect
SetWindowLongW
FlashWindow
MoveWindow
GetSysColor
FrameRect
DrawStateW
MapWindowPoints
GetDlgCtrlID
GetMonitorInfoW
DestroyIcon
IsDialogMessageW
SetTimer
OffsetRect
IsWindow
ShowWindow
LoadStringW
SetWindowTextW
UnregisterClassW
SendMessageW
ScreenToClient
CreateWindowExW
UpdateWindow
SetActiveWindow
MonitorFromWindow
SetWindowPos
GetDC
InflateRect
DestroyWindow
GetWindowRect
GetWindow
PostMessageW
CallWindowProcW
GetSystemMenu
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
SetFocus
MessageBoxW
EnumWindows
CopyRect
GetSystemMetrics
GetWindowThreadProcessId
GetKeyState
SystemParametersInfoW
SetParent
GetClassNameW
LoadCursorW
CharNextW
EndDialog
GetActiveWindow
AnimateWindow
GetParent
LoadImageW
SetForegroundWindow
MsgWaitForMultipleObjects
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
EnableWindow
GetWindowTextW
FillRect
IsWindowVisible
GetDlgItemInt
SetDlgItemInt
GetMenuItemID
DeleteMenu
DrawMenuBar
InsertMenuW
DrawIconEx
CopyImage
GetWindowPlacement
SetWindowPlacement
IsIconic
DestroyCursor
LoadIconW
CreateDialogParamW
GetMenuItemInfoW
MapVirtualKeyW
CheckMenuRadioItem
GetMenuItemCount
LoadStringA
MessageBeep
CreatePopupMenu
GetKeyboardState
SetMenuItemInfoW
SetMenuDefaultItem
GetForegroundWindow
SetMenu
ToUnicode
TrackPopupMenuEx
PostQuitMessage
DialogBoxParamW
AppendMenuW
CheckMenuItem
GetCapture
DrawFocusRect
IsWindowEnabled
SetCursor
SetRectEmpty
PtInRect
EnumDisplaySettingsW
GetMessageW
LoadAcceleratorsW
InvalidateRgn
DispatchMessageW
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
PeekMessageW
IsChild
CreateAcceleratorTableW
TranslateMessage
FindWindowW
SetCapture
RegisterWindowMessageW
ReleaseCapture
SetClipboardData
GetCursorPos
ModifyMenuW
LoadMenuW
MonitorFromPoint
TrackPopupMenu
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
DestroyMenu
RemoveMenu
DrawIcon
AdjustWindowRectEx
GetMenu
RegisterClassExW
GetClassInfoExW
GetFocus
ShowScrollBar
EnableScrollBar
SetScrollRange
SetScrollPos
ScrollWindow

gdi32

ExcludeClipRect
GetTextMetricsW
TextOutW
GetCurrentObject
GetBkColor
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
SetViewportOrgEx
GetObjectW
GetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
CreateFontIndirectW
ExtTextOutW
DPtoLP

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

GetTokenInformation
RegisterEventSourceA
DeregisterEventSource
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetSidSubAuthority
OpenProcessToken
FreeSid
SetThreadToken
DuplicateTokenEx
LookupAccountSidW
GetSidIdentifierAuthority
ReportEventA
RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
EventRegister
EventSetInformation
RegGetValueW
EventUnregister
EventWriteTransfer

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHAppBarMessage
ShellExecuteExW
Shell_NotifyIconW
SHBrowseForFolderW

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
LoadTypeLi
VarUI4FromStr
SysFreeString
VariantInit
OleCreateFontIndirect
LoadRegTypeLi
VariantClear
OleLoadPicturePath

shlwapi

GetMenuPosFromID
PathFindFileNameW

comctl32

ord17
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_GetImageCount
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_GetIcon
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Draw

gdiplus

GdipDeleteGraphics
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageI
GdipImageRotateFlip
GdipCreateHICONFromBitmap
GdipGetImageHeight
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipAlloc
GdipDrawImageRectI
GdipDeletePath
GdipSetSmoothingMode
GdipCreatePath
GdipSetInterpolationMode
GdipCreateSolidFill
GdipFillPath
GdipAddPathStringI
GdipFree
GdipDrawPath
GdipDeleteStringFormat
GdipDeletePen
GdipCreatePen1
GdipSetPenLineJoin
GdipCreateStringFormat
GdipCreateFromHDC

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetProfileType
GetUserProfileDirectoryW
LoadUserProfileW
UnloadUserProfile

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 724KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eed5fea19ab27ef30995cc681c0f1313

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:ec:53:47:21:d6:0c:85:f9:e5:5f:2b:f7:1e:ed:05Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:ec:53:47:21:d6:0c:85:f9:e5:5f:2b:f7:1e:ed:05Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a5:64:99:9c:62:38:a1:ea:48:d5:32:69:23:d3:91:aa:69:10:b6:93:6a:9e:ed:c5:23:92:2a:16:d7:74:b4:33Signer

f2:02:ea:c1:11:b8:50:44:7f:ed:74:65:94:d0:f8:a1:c9:7a:ea:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

winmm

wtsapi32

ole32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

shlwapi

comctl32

gdiplus

userenv

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 451KB - Virtual size: 452KB

.data Size: 300KB - Virtual size: 312KB

.rsrc Size: 724KB - Virtual size: 724KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:ec:53:47:21:d6:0c:85:f9:e5:5f:2b:f7:1e:ed:05
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:ec:53:47:21:d6:0c:85:f9:e5:5f:2b:f7:1e:ed:05
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a5:64:99:9c:62:38:a1:ea:48:d5:32:69:23:d3:91:aa:69:10:b6:93:6a:9e:ed:c5:23:92:2a:16:d7:74:b4:33
Signer

f2:02:ea:c1:11:b8:50:44:7f:ed:74:65:94:d0:f8:a1:c9:7a:ea:4d
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 451KB - Virtual size: 452KB

.data
Size: 300KB - Virtual size: 312KB

.rsrc
Size: 724KB - Virtual size: 724KB