2024-08-25_18035de80c8c9ca739c47b2f69320a77_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-25_18035de80c8c9ca739c47b2f69320a77_avoslocker_revil
Size

29.2MB
MD5

18035de80c8c9ca739c47b2f69320a77
SHA1

183651ad0967027a3c49c545feaaa96c1380a834
SHA256

2e30713bc076bd479ec8f7fbd56be249a1e6993cb1ec1f17df7a665869b86a2a
SHA512

e5488f4e03aad126c63201e005ffb59c6da038369df743ddbf4d01c6d9654efd9e2480d64ae5566fe55afd928eab9488bd5ccbe03e389180048a44c406b83a42
SSDEEP

786432:K8Yr68QhQlxWijRsr9l0UCuIT8YGt/mAAL+w:bYTtAmRq2tT8F16

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-25_18035de80c8c9ca739c47b2f69320a77_avoslocker_revil

Files

2024-08-25_18035de80c8c9ca739c47b2f69320a77_avoslocker_revil
.exe windows:5 windows x86 arch:x86

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\2024\Release\Main.pdb

Imports

kernel32

GetProcessHeap
MultiByteToWideChar
HeapSize
GetCurrentProcessId
GetLogicalDriveStringsA
HeapAlloc
OpenProcess
GetVolumeNameForVolumeMountPointA
FindClose
FindNextFileA
GetDriveTypeA
GetCurrentProcess
HeapFree
FindFirstFileA
WideCharToMultiByte
GlobalMemoryStatusEx
InterlockedDecrement
DeleteFileA
WaitForSingleObject
CreatePipe
WriteFile
SetHandleInformation
ReadFile
CreateProcessA
CloseHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
GetFileAttributesExW
SetEndOfFile
SetStdHandle
HeapReAlloc
SetFilePointerEx
ReadConsoleW
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetLastError
Sleep
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
CreateFileW
ExitThread

advapi32

DuplicateToken
StartServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetFileSecurityA
AccessCheck
LookupAccountSidA
OpenProcessToken
SetServiceStatus
MapGenericMask
GetTokenInformation
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
ChangeServiceConfig2A

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantClear
SysFreeString
VariantInit

ws2_32

WSACleanup
WSAStartup
inet_ntoa
inet_addr
ioctlsocket
sendto
htons
htonl
closesocket
ntohl
select
socket
connect

wininet

InternetQueryOptionA
HttpOpenRequestA
InternetSetOptionA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA

iphlpapi

GetIpNetTable
GetAdaptersInfo

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ok3.pyc

Sharing

General

Malware Config

Signatures

Files

914abd938b6811960ade98165bf81361

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

wininet

iphlpapi

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB