2024-08-22_831a2c152849eb8863aab96f475cca83_avoslocker_floxif_hijackloader_poet-rat

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-22_831a2c152849eb8863aab96f475cca83_avoslocker_floxif_hijackloader_poet-rat
Size

4.8MB
MD5

831a2c152849eb8863aab96f475cca83
SHA1

ee05e59d2ce17d0d2de93a25623a20944fe75a44
SHA256

7c3b4e87ab2c5e9b1ec95be255849a3524dd4d8cf81ff8e6d54840ba6e1de215
SHA512

4fd96325fd7d2116e066037b806e8bbfe5ae7ba1af37ebe7e96de04117fc025d80491d6cdf5561f280933c051fdfe37f304b13bccf30aa02bf1cdfc7e8b559cb
SSDEEP

98304:aIkxAntWpoNijaEuiFBWNlNBKXBx2Dqt1BxsuHpeQFLOAkGkzdnEVomFHKnPcEM:aIkxAntWeNijaENICbxsuHprFLOyomFB

Score

1^/10

Malware Config

Signatures

Files

2024-08-22_831a2c152849eb8863aab96f475cca83_avoslocker_floxif_hijackloader_poet-rat
.exe windows:6 windows x86 arch:x86

a2552da25945c0b1bf8963b78acd0646

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:66:6c:a0:dd:43:f1:a7:28:c9:be:2d:12:3c:f8:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/07/2022, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Acro Software Inc,O=Acro Software Inc,L=HAYMARKET,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:04:6d:9f:27:9f:33:91:30:57:57:c8:ef:72:ed:d0:81:4d:13:70
Signer

Actual PE Digest

30:04:6d:9f:27:9f:33:91:30:57:57:c8:ef:72:ed:d0:81:4d:13:70

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CutePDFWriter4\Release\CutePDFWriter4.pdb

Imports

crypt32

CertEnumCertificatesInStore
PFXVerifyPassword
PFXIsPFXBlob
PFXImportCertStore
CertOpenSystemStoreA
CertGetNameStringA
CryptAcquireCertificatePrivateKey
CertFreeCertificateContext
CertCloseStore

kernel32

GetCurrentDirectoryW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
GetDriveTypeW
WriteConsoleW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetFullPathNameW
GetCommandLineW
GetCommandLineA
RtlUnwind
OutputDebugStringW
CreateFileW
TerminateProcess
SetUnhandledExceptionFilter
GetStringTypeW
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetProfileIntA
GetTickCount
Sleep
FindResourceExW
GetWindowsDirectoryA
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetACP
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
SystemTimeToTzSpecificLocalTime
LocalAlloc
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
GetTempPathA
CreateDirectoryA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
lstrlenA
CopyFileA
GetLastError
FormatMessageA
LocalFree
GetShortPathNameA
MultiByteToWideChar
SearchPathA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
ResumeThread
SetThreadPriority
FileTimeToSystemTime
DeleteCriticalSection
GetProcessHeap
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
SetFileAttributesA
FindResourceA
GetLocalTime
GetTimeZoneInformation
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcatA
CreateFileA
FileTimeToLocalFileTime
GetFileSize
CloseHandle
GetVersionExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetDateFormatA
GetUserDefaultLCID
LocalHandle
GlobalMemoryStatus
lstrcpyA
lstrcpynA
OutputDebugStringA
SetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryW
GlobalSize
MulDiv
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
FlushFileBuffers
GetFullPathNameA
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
GetVolumeInformationA
DuplicateHandle
GetCurrentProcess
lstrcmpiA
GetCurrentProcessId
GetCurrentThread
lstrcmpA
VerSetConditionMask
VerifyVersionInfoA
SetEvent
WaitForSingleObject
UnhandledExceptionFilter

user32

DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
IsClipboardFormatAvailable
CharUpperBuffA
RegisterClipboardFormatA
SubtractRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
FrameRect
GetKeyNameTextA
InvertRect
HideCaret
GetNextDlgGroupItem
UpdateLayeredWindow
CopyAcceleratorTableA
CreateAcceleratorTableA
LoadAcceleratorsW
MapVirtualKeyA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
GetUpdateRect
SetClassLongA
DestroyAcceleratorTable
ModifyMenuA
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetRect
SetCursorPos
NotifyWinEvent
MessageBeep
LoadMenuW
IsZoomed
MonitorFromPoint
SetParent
LoadImageA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IntersectRect
KillTimer
SetTimer
DeleteMenu
WindowFromPoint
TranslateMDISysAccel
SetCapture
WaitMessage
LoadImageW
DestroyIcon
TrackMouseEvent
MapDialogRect
GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
GetMenuItemInfoA
DestroyMenu
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
InvalidateRect
SetCursor
ShowOwnedPopups
GetCursorPos
TranslateMessage
GetMessageA
EnumDisplayMonitors
SystemParametersInfoA
IsWindowEnabled
GetParent
RegisterWindowMessageA
DestroyWindow
CreateDialogIndirectParamA
LoadCursorW
LoadCursorA
SetLayeredWindowAttributes
DrawIconEx
IsRectEmpty
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateA
DrawFrameControl
DrawEdge
PostQuitMessage
GetWindowThreadProcessId
CharUpperA
OffsetRect
SetRectEmpty
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
GetComboBoxInfo
CreateMenu
DestroyCursor
GetWindowRgn
GetFocus
IsWindow
MoveWindow
ShowWindow
UnregisterClassA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuA
GetSystemMenu
LoadIconW
MessageBoxA
SendMessageA
ReleaseCapture
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
GetWindowLongA
GetDesktopWindow
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
RemoveMenu
DispatchMessageA
PeekMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsMenu
IsChild
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgCtrlID
GetKeyState
GetCapture
GetMenu
SetFocus
SetMenu
TrackPopupMenu
UpdateWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
EnableWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
CopyRect
EqualRect
PtInRect
SetWindowLongA
GetClassLongA
GetClassNameA
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadIconA
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW

gdi32

GetTextFaceA
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExA
GetPaletteEntries
CreatePalette
RoundRect
OffsetRgn
GetRgnBox
Rectangle
CreateRoundRectRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
RealizePalette
DPtoLP
SetRectRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
TextOutA
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
GetTextCharsetInfo
GetStockObject
EnumFontFamiliesA
DeleteObject
CreatePatternBrush
CreatePen
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextMetricsA
Polyline
Polygon
CreatePolygonRgn
ExtTextOutA
PatBlt
GetTextExtentPoint32A
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
CreateBitmap
GetObjectA
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
CopyMetaFileA
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA
RegQueryInfoKeyA
RegEnumValueA
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegOpenKeyA
RegCreateKeyExA
CryptDuplicateHash
CryptGetHashParam
CryptAcquireContextA
CryptSignHashA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHAppBarMessage
DragQueryFileA
DragFinish
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathFileExistsA
PathIsUNCA
PathStripToRootA
UrlUnescapeA
StrFormatKBSizeA
PathRemoveFileSpecW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
IsAppThemed
DrawThemeText
GetWindowTheme
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
RevokeDragDrop
CoDisconnectObject
CoCreateGuid
CoInitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
OleRun
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning

oleaut32

VariantCopy
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantInit
VarBstrFromDate
SysAllocString
SysFreeString
SysAllocStringLen
GetErrorInfo

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipGetImageHeight

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetWriteFile
InternetQueryDataAvailable
InternetSetFilePointer
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
InternetCrackUrlA

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2552da25945c0b1bf8963b78acd0646

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

02:66:6c:a0:dd:43:f1:a7:28:c9:be:2d:12:3c:f8:04Certificate

Extended Key Usages

Key Usages

30:04:6d:9f:27:9f:33:91:30:57:57:c8:ef:72:ed:d0:81:4d:13:70Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

wininet

imm32

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 451KB - Virtual size: 450KB

.data Size: 31KB - Virtual size: 50KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 182KB - Virtual size: 182KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

02:66:6c:a0:dd:43:f1:a7:28:c9:be:2d:12:3c:f8:04
Certificate

30:04:6d:9f:27:9f:33:91:30:57:57:c8:ef:72:ed:d0:81:4d:13:70
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 451KB - Virtual size: 450KB

.data
Size: 31KB - Virtual size: 50KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 182KB - Virtual size: 182KB