2024-08-28_c8c223fc6b3d33aaa41fd77887578d5d_avoslocker_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-28_c8c223fc6b3d33aaa41fd77887578d5d_avoslocker_magniber
Size

1.2MB
MD5

c8c223fc6b3d33aaa41fd77887578d5d
SHA1

32986d65cb94e2c043e96f4c9e569a7859a5e54e
SHA256

b9368f42c788d06a7c9b1f4ef6dfd684a0ee9b8eb116397bace503405dc01095
SHA512

0f6c0238681cda37ee81114943175de56224a93099b3bb756d78912d700ff5d45065520f537a4cf6771a6f10e568970d31dea6b3805eef267be2a499447cf928
SSDEEP

24576:8B0G/Ldx9bQm2mt2jTh9U2JdJhW5Vc0zW+RVvh4jJOwfB6Bn:yx/pxZ6Th9ZJda5V9z3fh4jX565

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-28_c8c223fc6b3d33aaa41fd77887578d5d_avoslocker_magniber

Files

2024-08-28_c8c223fc6b3d33aaa41fd77887578d5d_avoslocker_magniber
.exe windows:5 windows x86 arch:x86

72ae2ef51c6a541f168ad13f6d5d2488

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\CI\CCHyperdrive\build\x64\main\ccd-hyperdrive\build\msvs_win32\Release\x86\sym\Setup\Setup\Setup.pdb

Imports

kernel32

SetDllDirectoryW
GetConsoleWindow
DeleteCriticalSection
DecodePointer
FreeConsole
RaiseException
AttachConsole
GetLastError
InitializeCriticalSectionEx
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
QueryPerformanceFrequency
GetStdHandle
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetCommandLineW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
WriteFile
SetFilePointer
GetTempPathW
CreateFileW
GetCurrentThreadId
DeleteFileW
CloseHandle
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReadFile
GetFullPathNameW
GetModuleFileNameW
FindClose
GetFileAttributesW
SetFileAttributesW
LocalFree
MoveFileExW
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
Sleep
CreateThread
LoadLibraryW
GetProcAddress
FreeLibrary
GetUserDefaultLangID
GetUserDefaultUILanguage
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetCurrentProcess
GetVersionExW
CreateEventW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
SetEvent
ResetEvent
GetUserDefaultLCID
LCMapStringW
HeapFree
SetLastError
TerminateProcess
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
InitializeSListHead
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
GetLocaleInfoW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
SetStdHandle
GetFileType
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetCommandLineA
OutputDebugStringW

user32

SendMessageW
wsprintfW

ole32

CLSIDFromProgID
OleRun
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize

crclient

?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z
?SetCRDisplayName@@YA_NPBD@Z

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathRenameExtensionW
PathIsFileSpecW
PathAddExtensionW
PathIsDirectoryW
PathRemoveExtensionW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetFolderPathW
SHGetFolderLocation
SHGetSpecialFolderPathW
SHCreateDirectoryExW

oleaut32

GetErrorInfo
VariantCopy
VariantInit
SysFreeString
SysAllocString
SysStringLen
VariantClear

Sections

.text
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72ae2ef51c6a541f168ad13f6d5d2488

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

crclient

version

shlwapi

advapi32

shell32

oleaut32

Sections

.text Size: 417KB - Virtual size: 417KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 9KB - Virtual size: 15KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 417KB - Virtual size: 417KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 592KB - Virtual size: 596KB