2024-08-24_d8a9b2da14b54dfc715954f9bcab3d34_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-24_d8a9b2da14b54dfc715954f9bcab3d34_avoslocker_revil
Size

6.4MB
MD5

d8a9b2da14b54dfc715954f9bcab3d34
SHA1

1cb1563f8f792dd785e73b71c655958644bfe5ac
SHA256

44351c8d67807465309531761ce10dc0f5a3ba5598d6870b313e6fa9ab81fe3e
SHA512

d00083e900502009cf236216018a9495afed03c72fbeac46f9cebf262090c2d0a9a678ef4ac46a590e41fb411dd690479eca940c10103c8d7eb268548e334800
SSDEEP

196608:2/0e1toNHiPJipxQZVJrIrQrrrrrrrrHwrrrrrrrrrrrrGrrrrrVrrrrr3d+tOu:Y0WWiIQMO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-24_d8a9b2da14b54dfc715954f9bcab3d34_avoslocker_revil

Files

2024-08-24_d8a9b2da14b54dfc715954f9bcab3d34_avoslocker_revil
.exe windows:6 windows x86 arch:x86

64e918b26862b6d2b100287f0db736f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildslave\steam_rel_client_win32\build\src\webhelper\Release\steamwebhelper.pdb

Imports

kernel32

GlobalAlloc
GlobalUnlock
GlobalLock
LocalAlloc
LocalFree
lstrlenW
MoveFileExW
VerifyVersionInfoW
ProcessIdToSessionId
Sleep
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
WriteFile
RemoveDirectoryW
GetLongPathNameW
GetFullPathNameW
DeleteFileW
CreateFileA
CreateDirectoryW
VerSetConditionMask
SetPriorityClass
DeviceIoControl
FindFirstFileW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetStdHandle
SetStdHandle
LoadLibraryExA
GetModuleHandleExW
GetModuleFileNameW
GetFileAttributesW
GetCurrentDirectoryW
GetEnvironmentVariableA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
ReadProcessMemory
CreateEventA
ResetEvent
SetEvent
GetUserDefaultLangID
GetLocaleInfoA
GetTempPathA
SetEnvironmentVariableA
GetCommandLineW
WriteProcessMemory
VirtualAllocEx
VirtualQuery
VirtualProtect
GetSystemInfo
FlushInstructionCache
GetCurrentThreadId
GetCurrentThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
FreeLibrary
GetVersionExA
SetLastError
OutputDebugStringA
LoadLibraryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetLastError
DuplicateHandle
CloseHandle
LeaveCriticalSection
SetConsoleCtrlHandler
HeapValidate
HeapSize
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
PeekNamedPipe
RtlUnwind
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
GetStringTypeW
InitializeCriticalSectionEx
InitializeSRWLock
InitOnceComplete
InitOnceBeginInitialize
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ExitProcess
GetEnvironmentVariableW
SetFilePointerEx
SearchPathW
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
CreateMutexW
CreateJobObjectW
CreateRemoteThread
CreateNamedPipeW
FormatMessageA
GetLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ReleaseSRWLockExclusive
VirtualFreeEx
VirtualProtectEx
QueryDosDeviceW
SignalObjectAndWait
GetProcessHandleCount
GetCurrentProcessorNumber
CreateFileMappingW
AssignProcessToJobObject
UnregisterWaitEx
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
SetHandleInformation
GetFileType
GetThreadId
IsWow64Process
GetNativeSystemInfo
GetProductInfo
GetVersionExW
GetTickCount
HeapDestroy
EnumSystemLocalesEx
GetUserDefaultLocaleName
GetUserDefaultLCID
SetInformationJobObject
PostQueuedCompletionStatus
TerminateJobObject
RegisterWaitForSingleObject
UnregisterWait
GetQueuedCompletionStatus
CreateEventW
CreateIoCompletionPort
VirtualQueryEx
SetProcessDEPPolicy
SetProcessAffinityMask
GetProcessHeaps
DebugBreak
GetProcessAffinityMask
SetUnhandledExceptionFilter
EnterCriticalSection
GetProcAddress
FindNextFileW
GetModuleHandleW
CreateProcessW
CreateProcessA
GetSystemDirectoryW
lstrcmpW
ExpandEnvironmentStringsW
lstrcmpA
OutputDebugStringW
FindFirstFileExW
FlushFileBuffers
GetDiskFreeSpaceA
GetDriveTypeW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
SleepEx
GetSystemTimeAsFileTime
CopyFileW
GetDateFormatW
GetTimeFormatW
LoadLibraryW
FileTimeToSystemTime
TerminateProcess
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
GetModuleFileNameA
RtlCaptureStackBackTrace
RaiseException
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SwitchToThread
CreateThread
OpenThread
SetThreadPriority
TerminateThread
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetThreadAffinityMask
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
SetEnvironmentVariableW
SetCurrentDirectoryW

user32

CallWindowProcA
SetWindowPos
GetDC
CallWindowProcW
IsWindow
GetWindowPlacement
GetIconInfo
DestroyIcon
GetWindowThreadProcessId
EnumWindows
GetClassLongA
GetDoubleClickTime
SendMessageTimeoutA
GetAncestor
GetMonitorInfoW
MonitorFromWindow
wsprintfA
DialogBoxParamA
EndDialog
GetDlgItem
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetWindowTextLengthA
MessageBoxA
CloseDesktop
CloseWindowStation
AllowSetForegroundWindow
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
CreateWindowStationW
SetProcessWindowStation
MessageBoxW
MonitorFromRect
LoadImageA
GetWindow
EnumChildWindows
SetParent
GetParent
GetDesktopWindow
SetWindowLongW
SetWindowLongA
GetWindowLongA
PtInRect
ScreenToClient
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ReleaseDC
GetForegroundWindow
GetSystemMetrics
EnableWindow
SendInput
SetFocus
IsZoomed
IsIconic
IsWindowVisible
SendMessageA
ShowWindow
UpdateLayeredWindow
FlashWindow
FlashWindowEx
CreateDesktopW

gdi32

CombineRgn
CreateBitmap
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
PtInRegion
SelectObject
SetRectRgn
GetBitmapBits
CreateDIBSection
GetObjectA
BitBlt

advapi32

ReportEventW
AccessCheck
EqualSid
ConvertStringSidToSidW
SetEntriesInAclW
RegOpenKeyExA
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyA
RegCloseKey
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
CreateWellKnownSid
CopySid
AddAccessAllowedAce
OpenProcessToken
RegisterEventSourceW
DeregisterEventSource
GetNamedSecurityInfoW
GetSecurityInfo
GetSidSubAuthority
InitializeSid
LookupPrivilegeValueW
DuplicateToken
CreateRestrictedToken
RegCreateKeyExW
RevertToSelf
RegDisablePredefinedCache
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
ConvertSidToStringSidW
SystemFunction036
FreeSid
ImpersonateLoggedOnUser
MapGenericMask
SetThreadToken

shell32

Shell_NotifyIconA
CommandLineToArgvW
ExtractIconExA
SHAppBarMessage
SHGetKnownFolderPath

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
PropVariantClear

oleaut32

VariantClear

winmm

timeGetTime

psapi

GetModuleFileNameExA
GetProcessMemoryInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sdl3

SDL_MaximizeWindow
SDL_RaiseWindow
SDL_ShowWindow
SDL_GetWindowMaximumSize
SDL_SetWindowMaximumSize
SDL_GetWindowMinimumSize
SDL_SetWindowMinimumSize
SDL_SetWindowIcon
SDL_SetWindowTitle
SDL_GetWindowFlags
SDL_GetWindowID
SDL_GetDisplayForWindow
SDL_GetDisplayUsableBounds
SDL_GetDisplayBounds
SDL_GetDisplayName
SDL_GetPrimaryDisplay
SDL_RenderTexture
SDL_CreateTextureFromSurface
SDL_CreateRenderer
SDL_Init
SDL_SetHint
SDL_PollEvent
SDL_HideWindow
SDL_SetWindowSize
SDL_SetWindowPosition
SDL_CreateWindow
SDL_DestroyRenderer
SDL_RenderPresent
SDL_RestoreWindow
SDL_SetRenderDrawColor
SDL_CreateSoftwareRenderer
SDL_GetWindowSurface
SDL_GetWindowParent
SDL_DestroySurface
SDL_CreateSurfaceFrom
SDL_GL_DeleteContext
SDL_GL_SwapWindow
SDL_GL_MakeCurrent
SDL_GL_CreateContext
SDL_DestroyWindow
SDL_GetWindowSize
SDL_GetWindowPosition
SDL_GetWindowFromID
SDL_CreatePopupWindow
SDL_CreateWindowWithPosition
SDL_GetError
SDL_GetModState
SDL_GetDisplayForPoint
SDL_GetDisplayContentScale
SDL_AddEventWatch
SDL_PeepEvents
SDL_PumpEvents
SDL_SetWindowFullscreen
SDL_SetWindowHitTest
SDL_MinimizeWindow
SDL_StopTextInput
SDL_GetGlobalMouseState
SDL_GetTicksNS
SDL_PushEvent
SDL_GetWindowWMInfo
SDL_RenderClear
SDL_roundf

libcef

cef_v8value_create_int
cef_v8value_create_uint
cef_v8value_create_double
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_array
cef_v8value_create_array_buffer
cef_v8value_create_function
cef_string_list_alloc
cef_string_list_free
cef_dictionary_value_create
cef_stream_reader_create_for_file
cef_stream_reader_create_for_data
cef_request_create
cef_string_multimap_alloc
cef_string_multimap_free
cef_api_hash
cef_execute_process
cef_initialize
cef_shutdown
cef_do_message_loop_work
cef_run_message_loop
cef_quit_message_loop
cef_enable_highdpi_support
cef_set_force_device_scale_factor
cef_get_device_scale_factor_for_screen_rect
cef_is_hardware_acceleration_enabled
cef_is_gpu_compositing_disabled
cef_crash_reporting_enabled
cef_set_crash_key_value
cef_parse_url
cef_v8value_create_bool
cef_currently_on
cef_post_task
cef_post_delayed_task
cef_register_widevine_cdm
cef_urlrequest_create
cef_command_line_create
cef_command_line_get_global
cef_string_map_alloc
cef_string_map_free
cef_post_data_create
cef_post_data_element_create
cef_cookie_manager_get_global_manager
cef_browser_host_create_browser
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_v8value_create_null
cef_v8context_get_current_context
cef_process_message_create
cef_string_userfree_utf8_free
cef_list_value_create
cef_binary_value_create
cef_log
cef_string_utf8_to_utf16
cef_string_utf16_clear
cef_time_to_timet
cef_string_wide_to_utf8
cef_string_utf8_cmp
cef_string_utf8_clear
cef_string_utf8_set

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
closesocket

dbghelp

SymCleanup
SymSetOptions
SymInitialize
SymGetLineFromAddr64
SymSetSearchPathW
SymFromAddr
SymGetSearchPathW

bcrypt

BCryptGenRandom

Exports

Exports

CreateInterface
GetHandleVerifier
IsSandboxedProcess
g_dwDllEntryThreadId

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 959KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 764KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64e918b26862b6d2b100287f0db736f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

psapi

version

sdl3

libcef

ws2_32

dbghelp

bcrypt

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 959KB - Virtual size: 959KB

.data Size: 69KB - Virtual size: 634KB

.rsrc Size: 826KB - Virtual size: 826KB

.reloc Size: 764KB - Virtual size: 768KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 959KB - Virtual size: 959KB

.data
Size: 69KB - Virtual size: 634KB

.rsrc
Size: 826KB - Virtual size: 826KB

.reloc
Size: 764KB - Virtual size: 768KB