2024-08-20_b27e6d8c97ca7eafee0bf5c2b48fdeaa_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-20_b27e6d8c97ca7eafee0bf5c2b48fdeaa_avoslocker
Size

1.4MB
MD5

b27e6d8c97ca7eafee0bf5c2b48fdeaa
SHA1

07b5bd633102ec0302c42721fced80e6c929b4ba
SHA256

ccda8c6e833c124684ef56bd7bc098402d53949a598532a73ffa9dc9030ad1dc
SHA512

47cb8a90526b69c3909c103d65ac7a8b5e38de5fe7d7acb1d0ebd5c72aa59c9b325642c2e9b83a952aef7c2638e573e678cc6942885a0947ac9e0b1c456d40fe
SSDEEP

24576:Z4P1/rMskIg5MD0KEfGHBC2U1QxgNEOBgaf:2P1DMskrmfEf6JU1QxwZd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-20_b27e6d8c97ca7eafee0bf5c2b48fdeaa_avoslocker

Files

2024-08-20_b27e6d8c97ca7eafee0bf5c2b48fdeaa_avoslocker
.exe windows:6 windows x86 arch:x86

5cba1e09bd336270ce80274dfaecadee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\Client\Client\Windows\release\bin\Release\CptService.pdb

Imports

kernel32

DeleteFileW
GetFullPathNameW
SetLastError
CopyFileW
MoveFileW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetFileSize
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
TerminateThread
ResumeThread
SetEndOfFile
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FreeLibrary
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
GetModuleHandleExW
GetModuleFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleA
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetExitCodeThread
GetVersionExW
GetSystemInfo
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
MultiByteToWideChar
FileTimeToSystemTime
lstrcpyW
lstrcmpA
LocalFree
LocalAlloc
GetLocalTime
GetFileAttributesW
FileTimeToLocalFileTime
WideCharToMultiByte
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
RaiseException
CloseHandle
SetEvent
GetLastError
ProcessIdToSessionId
CreateEventW
OpenProcess
LCMapStringW
GetFileType
WriteFile
GetStdHandle
ExitProcess
ReadFile
GetFileAttributesExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCommandLineW
EnterCriticalSection
GetCPInfo
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
OutputDebugStringW
IsDebuggerPresent
WriteConsoleW

user32

GetSystemMetrics

advapi32

SetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerExW
OpenProcessToken
AllocateAndInitializeSid
FreeSid
GetTokenInformation
InitializeSecurityDescriptor
ConvertStringSidToSidW
QueryServiceStatusEx
QueryServiceConfigW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
CreateProcessAsUserW
SetEntriesInAclW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceCtrlDispatcherW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetKnownFolderPath

ole32

CoTaskMemFree

shlwapi

PathRemoveFileSpecW
PathAppendW
PathIsRelativeW
PathFindFileNameW
PathFileExistsW

crypt32

CryptMsgGetParam
CertCloseStore
CryptDecodeObject
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CryptMsgClose

wintrust

WinVerifyTrust

rpcrt4

I_RpcBindingInqLocalClientPID
NdrServerCall2
RpcBindingFree
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcServerRegisterIf2

psapi

GetProcessImageFileNameA
GetProcessImageFileNameW
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5cba1e09bd336270ce80274dfaecadee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

crypt32

wintrust

rpcrt4

psapi

version

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB