2024-08-17_a72f6977e46901e8cc1f9d87d51567cd_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-17_a72f6977e46901e8cc1f9d87d51567cd_avoslocker_revil
Size

4.9MB
MD5

a72f6977e46901e8cc1f9d87d51567cd
SHA1

c193281c52ea43f720655408a8ac80a7f223dd06
SHA256

f7b691c16561dea49e286adfcc5a5a48869f3da857ccdcf0d5187d0b9032b1e4
SHA512

e5fb32389cecb1bc12f6087ced262cda66a6c819c616e582b4c5f7c071a2df24c029a6b5a8f08987e45bd9b72802e9b493fc02f1b6523ea4a032df79e230fcaf
SSDEEP

49152:XagDqyVlAamNAAK0YRhIqxRa/Svlwj4m5qdNfoDbWW9BUx4n1TGzwIAVtlauiPVc:XagPAm7XIq2aAzbBHTcwIAV6RcCyVSK

Score

1^/10

Malware Config

Signatures

Files

2024-08-17_a72f6977e46901e8cc1f9d87d51567cd_avoslocker_revil
.exe windows:6 windows x86 arch:x86

4ce9a01670ab48b4ddc6c5a9df88b2af

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:ea:6c:fb:9b:4b:bc:71:60:c7:36:38:74:f6:c4:f4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/05/2022, 00:00

Not After

13/06/2024, 23:59

Subject

CN=Wangsu Science & Technology Co.\, Ltd.,O=Wangsu Science & Technology Co.\, Ltd.,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:0a:21:e8:42:a6:8b:60:ea:8a:f2:fa:c8:23:d0:ac:67:9d:b7:18:96:95:80:3b:2e:85:a1:3d:ab:5a:f8:a1
Signer

Actual PE Digest

a5:0a:21:e8:42:a6:8b:60:ea:8a:f2:fa:c8:23:d0:ac:67:9d:b7:18:96:95:80:3b:2e:85:a1:3d:ab:5a:f8:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dlp_1.7New\Securebox\Bin\Win32\SboxRelease\SboxSvc.pdb

Imports

shell32

SHChangeNotify

sboxdll32

_SboxDll_FormatMessage0@4
_SboxDll_GetLanguage@4
_SboxApi_OpenProcess@8
_SboxApi_ReloadConf@8
_SboxApi_SessionLeader@8
_SboxDll_GetSettingsForName_bool@16
_SboxApi_CheckInternetAccess@12
_SboxDll_QueuePutRpl@16
_SboxDll_QueueGetReq@24
_SboxDll_QueueCreate@8
_SboxDll_KillOne@4
_SboxApi_QueryPathList@16
_SboxApi_GetHomePath@16
_SboxApi_QueryProcessPath@28
_SboxDll_GetStringForStringList@20
_SboxDll_InjectLow@12
_SboxDll_InjectLow_InitSyscalls@4
_SboxDll_InjectLow_InitHelper@0
_SboxDll_PortName@0
_SboxDll_FormatMessage2@12
_SboxDll_RunStartExe@8
_SboxApi_GetUnmountHive@4
_SboxApi_SetUserName@8
_SboxDll_CheckStringInList@12
_SboxApi_QueryConf@20
_SboxApi_GetVersion@4
_SboxApi_EnumBoxesEx@12
_SboxApi_IsBoxEnabled@4
_SboxApi_QueryProcess@20
_SboxApi_QueryProcessInfo@8
_SboxApi_QueryConfBool@12
_SboxDll_CallServer@4
_SboxDll_FreeMem@4
SboxApi_Log
SboxApi_LogEx
_SboxDll_RunFromHome@16
_SboxDll_ComCreateStub@16
_SboxDll_IsOpenClsid@12
_SboxDll_RunSecuboxed@24
_SboxApi_Reload_NetFwRules@0
_SboxApi_EnumProcessEx@20
_SboxApi_QueryProcessEx2@28
_SboxApi_EnumBoxes@8
_SboxApi_GetMonitor@24
_SboxApi_GetMessage@24
SboxApi_Call

ntdll

NtRequestPort
NtCreatePort
NtUnloadKey
NtOpenKey
NtClose
RtlInitUnicodeString
RtlUnwind
VerSetConditionMask
NtLoadDriver
NtQueryInformationProcess
NtSetInformationToken
RtlSubAuthoritySid
RtlSetDaclSecurityDescriptor
NtConnectPort
NtRegisterThreadTerminatePort
NtRequestWaitReplyPort
NtSetInformationThread
NtOpenProcessToken
NtOpenThreadToken
NtQueryInformationToken
NtDuplicateToken
NtFilterToken
RtlNtStatusToDosError
NtAcceptConnectPort
NtCompleteConnectPort
NtImpersonateClientOfPort
NtOpenDirectoryObject
NtReplyWaitReceivePort
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtSetInformationFile
NtReadFile
NtWriteFile
NtQuerySystemInformation
NtLoadKey
RtlInitializeSid
RtlCreateSecurityDescriptor
NtSetInformationProcess
NtAdjustPrivilegesToken
NtOpenProcess
NtDuplicateObject

kernel32

FindNextFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
CreateThread
SetThreadPriority
SuspendThread
ResumeThread
FlushFileBuffers
GetFileSizeEx
GetPrivateProfileIntW
OutputDebugStringW
CreateProcessW
LoadLibraryA
lstrcmpiW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MoveFileW
GetVersionExW
GetModuleHandleA
WideCharToMultiByte
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
TryEnterCriticalSection
SetEvent
OpenMutexW
CreateEventW
OpenEventW
WaitForMultipleObjects
ExitProcess
TerminateProcess
GetCurrentThread
GetTickCount
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
GetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
GetLogicalDriveStringsW
DeviceIoControl
GetExitCodeThread
ProcessIdToSessionId
SetLastError
GetProcessTimes
TerminateThread
VirtualAlloc
VirtualFree
LocalAlloc
GetSystemWindowsDirectoryW
WritePrivateProfileStringW
GetTempPathW
SetErrorMode
GetSystemDirectoryW
GetNativeSystemInfo
GetPrivateProfileSectionNamesW
ReadFile
FileTimeToSystemTime
SystemTimeToFileTime
MultiByteToWideChar
DuplicateHandle
ResetEvent
QueueUserAPC
OpenThread
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
QueryInformationJobObject
GetModuleHandleW
GlobalSize
RegisterWaitForSingleObject
UnregisterWait
AllocConsole
GetConsoleWindow
GetConsoleProcessList
GetFileAttributesA
TlsGetValue
TlsSetValue
IsWow64Process
GetCommandLineW
GetSystemInfo
GetFileTime
SetFileTime
SystemTimeToTzSpecificLocalTime
CancelIo
DefineDosDeviceW
WriteProcessMemory
QueueUserWorkItem
GetExitCodeProcess
GetFileAttributesW
SetEndOfFile
SetFileAttributesW
GetWindowsDirectoryW
ReadProcessMemory
MulDiv
GetVolumeInformationW
CopyFileW
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
AreFileApisANSI
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTimeAsFileTime
FormatMessageW
GetModuleHandleExW
TlsFree
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
WaitForSingleObjectEx
QueryPerformanceCounter
FormatMessageA
VerifyVersionInfoA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
GetPrivateProfileStringW
GetModuleFileNameW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
WriteFile
SetFilePointer
GetFileSize
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetLastError
CloseHandle
GetFileAttributesExW
FlushViewOfFile
HeapSize
GetTempPathA
MoveFileExW
CreateFileA
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
EncodePointer
GetStringTypeW
GetCPInfo
VirtualQuery
LoadLibraryExW
WriteConsoleW
GetDriveTypeW
GetFileInformationByHandle
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
GetConsoleOutputCP
CompareStringW
LCMapStringW
GetTimeZoneInformation
GetCurrentDirectoryW
GetDiskFreeSpaceA
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
DeleteFileA
HeapReAlloc
HeapCompact
HeapDestroy
UnlockFile
TlsAlloc
LockFileEx
OpenProcess

user32

GetClassLongA
GetWindowLongW
GetWindowLongA
ClipCursor
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursorPos
GetWindowRect
GetClientRect
GetPropW
GetPropA
SetPropW
GetClassLongW
GetDesktopWindow
DispatchMessageW
GetMessageW
GetDC
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
GetParent
EnumChildWindows
FindWindowA
FindWindowW
FindWindowExA
FindWindowExW
GetShellWindow
EnumWindows
EnumThreadWindows
GetClassNameA
GetClassNameW
SetTimer
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CreateDesktopW
SetThreadDesktop
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
SendMessageA
SendMessageW
SendMessageTimeoutW
SendNotifyMessageA
GetWindowThreadProcessId
GetWindow
GetIconInfo
wsprintfW
MessageBoxW
GetUserObjectInformationW
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
MonitorFromWindow
GetWindowInfo
UserHandleGrantAccess
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
PackDDElParam
RegisterClassExW
ShowWindow
BeginPaint
EndPaint
GetMonitorInfoW
SendNotifyMessageW
PostMessageA
PostMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
GetClipboardSequenceNumber
GetClipboardData
ReleaseDC
GetSysColor

advapi32

ChangeServiceConfigW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
EnumServicesStatusExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetTokenInformation
QueryServiceStatusEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
LookupAccountSidW
SetServiceStatus
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
SystemFunction036
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenThreadToken
CreateProcessAsUserW
StartServiceW
OpenServiceW
OpenSCManagerW
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegOpenKeyExW
LookupAccountNameW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
SetSecurityInfo
SetThreadToken
AddAccessAllowedAce
DuplicateToken
GetLengthSid
ImpersonateLoggedOnUser
GetUserNameW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
AccessCheck
GetSecurityInfo
RevertToSelf

psapi

GetModuleBaseNameW
EnumProcessModules

ole32

CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoGetObject
CoTaskMemFree
StringFromGUID2
CoCopyProxy
CoSetProxyBlanket
CoQueryProxyBlanket
CoInitializeSecurity
CoUnmarshalInterface
CoMarshalInterface
CoGetClassObject
CoInitializeEx
CreateStreamOnHGlobal

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptProtectData
CryptUnprotectData
CertFreeCertificateContext

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdi32

ExtTextOutW
CreateCompatibleDC
DeleteDC
GetDIBits
GetMetaFileBitsEx
GetEnhMetaFileBits
CreateFontW
CreateSolidBrush
GetDeviceCaps
SelectObject
SetBkColor
SetTextColor
TextOutW
CreatePalette
SelectPalette
GetEnhMetaFilePaletteEntries
DeleteEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
PlayEnhMetaFile
RealizePalette
SetWinMetaFileBits
CreateCompatibleBitmap
DeleteObject

netapi32

NetUseAdd

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

rpcrt4

RpcStringFreeW
UuidFromStringW
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcBindingToStringBindingW

wssecboxcoredll32

ord38
ord29
ord50
ord53
ord32
ord33
ord40
ord2
ord4
ord55
ord37
ord12
ord46
ord27
ord34
ord17
ord1

ws2_32

getsockopt
getsockname
getpeername
connect
closesocket
bind
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
send
recv
htons
ntohs
WSACleanup
shutdown
getnameinfo
ntohl
htonl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
setsockopt
WSAStartup
getaddrinfo
WSAIoctl

wldap32

ord211
ord46
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217
ord143
ord60

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1011KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ce9a01670ab48b4ddc6c5a9df88b2af

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:ea:6c:fb:9b:4b:bc:71:60:c7:36:38:74:f6:c4:f4Certificate

Extended Key Usages

Key Usages

a5:0a:21:e8:42:a6:8b:60:ea:8a:f2:fa:c8:23:d0:ac:67:9d:b7:18:96:95:80:3b:2e:85:a1:3d:ab:5a:f8:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

sboxdll32

ntdll

kernel32

user32

advapi32

psapi

ole32

crypt32

userenv

gdi32

netapi32

wtsapi32

rpcrt4

wssecboxcoredll32

ws2_32

wldap32

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1011KB - Virtual size: 1011KB

.data Size: 70KB - Virtual size: 121KB

.rsrc Size: 124KB - Virtual size: 124KB

.reloc Size: 128KB - Virtual size: 127KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:ea:6c:fb:9b:4b:bc:71:60:c7:36:38:74:f6:c4:f4
Certificate

a5:0a:21:e8:42:a6:8b:60:ea:8a:f2:fa:c8:23:d0:ac:67:9d:b7:18:96:95:80:3b:2e:85:a1:3d:ab:5a:f8:a1
Signer

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1011KB - Virtual size: 1011KB

.data
Size: 70KB - Virtual size: 121KB

.rsrc
Size: 124KB - Virtual size: 124KB

.reloc
Size: 128KB - Virtual size: 127KB