2024-08-29_417d3898e7bfce33892aced501c54631_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_417d3898e7bfce33892aced501c54631_avoslocker_revil
Size

15.3MB
MD5

417d3898e7bfce33892aced501c54631
SHA1

6ebc0a59f71ecb287b349ede9b690edd97f8f876
SHA256

2335b87c3963ecfe20db7e260c2388ca0c7e9c05b6276edcf7744e5728402850
SHA512

11511d40116564c57074c44497e405e49e4557f11f04dd6b770006d36425aeb828fe5c51b58df8c3668088aa2e7b8d987c8a9ce2c7ee9cd5fb0f8862d3d09935
SSDEEP

196608:ZazKSrTGKjx2D3YPBJvkb/W8NX4rSMhL6v0IJsv6tWKFdu9C74+Fdu:wnrTHQFbVNGSMd6v5Jsv6tWKFdu9Ckgu

Score

1^/10

Malware Config

Signatures

Files

2024-08-29_417d3898e7bfce33892aced501c54631_avoslocker_revil
.exe windows:6 windows x86 arch:x86

3dbb90f24014578642d8b1ce5e457f1f

Code Sign

49:86:b7:20:56:b9:60:a1:18:da:02:18:bd:48:ca:e0
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/01/2021, 00:00

Not After

15/01/2024, 23:59

Subject

CN=Bearware.DK v/Bjørn Damstedt Rasmussen,O=Bearware.DK v/Bjørn Damstedt Rasmussen,POSTALCODE=8260,STREET=Kirketoften 5,L=Viby J,ST=Midtjylland,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0e:8b:3b:c2:5e:cc:62:5f:73:eb:54:ad:ec:01:fe:84:44:a3:0d:60
Signer

Actual PE Digest

0e:8b:3b:c2:5e:cc:62:5f:73:eb:54:ad:ec:01:fe:84:44:a3:0d:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tolk

Tolk_DetectScreenReader
Tolk_TrySAPI
Tolk_Unload
Tolk_IsLoaded
Tolk_Load
Tolk_Output
Tolk_PreferSAPI

teamtalk5pro

TT_AcquireUserVideoCaptureFrame
TT_ReleaseUserDesktopWindow
TT_AcquireUserDesktopWindow
TT_SendDesktopInput
TT_Palette_GetColorTable
TT_DoBan
TT_GetServerChannels
TT_DoDeleteUserAccount
TT_DoNewUserAccount
TT_GetMediaFileInfo
TT_StopLocalPlayback
TT_UpdateLocalPlayback
TT_InitLocalPlayback
TT_ReleaseUserVideoCaptureFrame
TT_DoQueryServerStats
TT_DoUpdateServer
TT_CloseSoundLoopbackTest
TT_StartSoundLoopbackTestEx
TT_Firewall_RemoveAppException
TT_Firewall_AddAppException
TT_AcquireUserMediaVideoFrame
TT_ReleaseUserMediaVideoFrame
TT_GetVersion
TT_Firewall_AppExceptionExists
TT_DBG_SetSoundInputTone
TT_HotKey_IsActive
TT_HotKey_Unregister
TT_HotKey_Register
TT_DesktopInput_Execute
TT_DesktopInput_KeyTranslate
TT_ReleaseUserAudioBlock
TT_AcquireUserAudioBlock
TT_SetUserMediaStorageDir
TT_GetUserByUsername
TT_GetMyUserAccount
TT_GetChannelFile
TT_GetServerUsers
TT_DoSaveConfig
TT_DoListBans
TT_DoBanUserEx
TT_DoListUserAccounts
TT_UpdateStreamingMediaFileToChannel
TT_DoUpdateChannel
TT_DoMakeChannel
TT_DoDeleteFile
TT_DoRecvFile
TT_DoSendFile
TT_DoKickUser
TT_DoChannelOpEx
TT_DoChannelOp
TT_DoTextMessage
TT_DoChangeNickname
TT_DoLeaveChannel
TT_DoJoinChannelByID
TT_DoJoinChannel
TT_DoLoginEx
TT_GetClientStatistics
TT_QueryMaxPayload
TT_Disconnect
TT_Connect
TT_SendDesktopCursorPosition
TT_SendDesktopWindowFromHWND
TT_Windows_GetDesktopActiveHWND
TT_CloseDesktopWindow
TT_StopStreamingMediaFileToChannel
TT_StartStreamingMediaFileToChannelEx
TT_CloseVideoCaptureDevice
TT_StopVideoCaptureTransmission
TT_StartVideoCaptureTransmission
TT_StopRecordingMuxedAudioFile
TT_StartRecordingMuxedStreams
TT_SetVoiceActivationLevel
TT_EnableVoiceActivation
TT_EnableVoiceTransmission
TT_SetSoundOutputMute
TT_SetSoundOutputVolume
TT_GetSoundInputPreprocessEx
TT_SetSoundInputPreprocessEx
TT_SetSoundInputGainLevel
TT_GetSoundInputLevel
TT_GetMessage
TT_SwapTeamTalkHWND
TT_SetLicenseInformation
TT_CloseTeamTalk
TT_InitTeamTalk
TT_HotKey_RemoveTestHook
TT_HotKey_InstallTestHook
TT_CancelFileTransfer
TT_GetFileTransferInfo
TT_GetChannelFiles
TT_Windows_GetWindow
TT_Windows_GetDesktopWindowHWND
TT_Windows_GetDesktopHWND
TT_HotKey_GetKeyString
TT_SetUserStereo
TT_SetUserMute
TT_SetUserVolume
TT_GetChannelIDFromPath
TT_DoUnsubscribe
TT_DoSubscribe
TT_InitVideoCaptureDevice
TT_GetVideoCaptureDevices
TT_SetSoundDeviceEffects
TT_CloseSoundDuplexDevices
TT_CloseSoundOutputDevice
TT_CloseSoundInputDevice
TT_InitSoundDuplexDevices
TT_InitSoundOutputDevice
TT_InitSoundInputDevice
TT_RestartSoundSystem
TT_GetSoundDevices
TT_GetDefaultSoundDevicesEx
TT_GetDefaultSoundDevices
TT_GetFlags
TT_PumpMessage
TT_GetChannel
TT_GetUserStatistics
TT_GetMyUserType
TT_IsChannelOperator
TT_GetMyChannelID
TT_DoMoveUser
TT_GetMyUserRights
TT_GetChannelUsers
TT_GetChannelPath
TT_GetRootChannelID
TT_GetServerProperties
TT_GetUser
TT_GetMyUserID
TT_DoChangeStatus
TT_DoUnBanUserEx
TT_DoRemoveChannel

mf

MFCreateTopology
MFCreateAudioRendererActivate
MFCreateVideoRendererActivate
MFCreateSampleGrabberSinkActivate
MFCreateTopoLoader
MFCreateTopologyNode
MFCreateMediaSession
MFGetService

mfplat

MFCreateMemoryBuffer
MFCreateWaveFormatExFromMFMediaType
MFCreateAttributes
MFCreateEventQueue
MFInvokeCallback
MFCreateAsyncResult
MFUnlockWorkQueue
MFAllocateWorkQueue
MFCreateSample
MFCreateMediaType
MFFrameRateToAverageTimePerFrame
MFStartup
MFPutWorkItem
MFCreateSourceResolver
MFShutdown

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9

evr

MFCreateVideoSampleFromSurface

mfreadwrite

MFCreateSourceReaderFromMediaSource

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeInt
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
GetThemePartSize
GetThemeColor
GetThemeBackgroundRegion
OpenThemeData

dwmapi

DwmGetWindowAttribute
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

gdi32

EnumFontFamiliesExW
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
CreatePen
CreateSolidBrush
Rectangle
GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
BitBlt
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
GetTextFaceW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SwapBuffers
GetPixelFormat
DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
OffsetRgn

oleaut32

VariantInit
VariantClear
SysFreeString
SysStringLen
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString

imm32

ImmGetContext
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetDefaultIMEWnd
ImmGetOpenStatus
ImmReleaseContext

iphlpapi

ConvertInterfaceNameToLuidW
GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid

crypt32

CertCloseStore
CertCreateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFindCertificateInStore
CertOpenSystemStoreW
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertFreeCertificateContext

user32

RealGetWindowClassW
SetWindowTextW
GetClientRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
GetLastInputInfo
GetWindowRect
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
BeginPaint
EndPaint
PeekMessageW
PostThreadMessageW
MsgWaitForMultipleObjects
GetShellWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
UnregisterDeviceNotification
DrawIconEx
MessageBoxW
ChangeWindowMessageFilterEx
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
GetUserObjectInformationW
GetProcessWindowStation
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
SetWindowRgn
GetUpdateRect
SetForegroundWindow
InvalidateRect

advapi32

CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect
listen
gethostname
WSACleanup
WSAStartup
WSASetLastError
send
recv
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
WSAGetLastError
setsockopt
select
htonl
ntohl
getaddrinfo
freeaddrinfo
getnameinfo
getsockopt
__WSAFDIsSet
bind
closesocket
getpeername
getsockname
htons

kernel32

GetFullPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
GetFileInformationByHandleEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
ConnectNamedPipe
CreateNamedPipeW
GetExitCodeProcess
GetProcessId
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
ReleaseMutex
HeapSize
SetEnvironmentVariableW
GetOEMCP
GetACP
GetFileInformationByHandle
GetFileAttributesW
CreateMutexW
VirtualAlloc
IsValidCodePage
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
HeapReAlloc
GetConsoleOutputCP
DeleteFileW
SetStdHandle
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
RtlUnwind
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
CreateDirectoryW
GetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetErrorMode
SetFilePointerEx
SetEndOfFile
ReadFile
GetLogicalDrives
FlushFileBuffers
GetModuleFileNameW
GetStartupInfoW
GetFileAttributesExW
CreateFileW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetSystemDirectoryW
GetSystemInfo
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
SwitchToThread
DuplicateHandle
WaitForSingleObjectEx
GetTickCount64
QueryPerformanceFrequency
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
OutputDebugStringW
GetLocalTime
GetCommandLineW
CompareStringEx
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
FreeLibrary
GetTickCount
lstrcmpW
CloseHandle
SetEvent
VirtualFree
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
LocalAlloc
LocalFree
FormatMessageW
ResetEvent
GetProcAddress
FileTimeToSystemTime
GetLastError
CreateThread
GetExitCodeThread
MulDiv
GetModuleHandleW
LoadLibraryW
HeapAlloc
HeapFree
GetProcessHeap
Sleep
GetCurrentThreadId
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
WriteConsoleW
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetCurrentProcessId
GetUserDefaultLangID
DecodePointer
RaiseException
InitializeCriticalSectionEx
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DeleteCriticalSection
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalFree
SetHandleInformation
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetFileType
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
SetFileAttributesW
ConvertThreadToFiber

ole32

PropVariantCopy
CLSIDFromString
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
OleUninitialize
PropVariantClear
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoCreateGuid
StringFromGUID2
StringFromCLSID
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CreateBindCtx
OleInitialize
CoGetMalloc

shell32

SHGetFileInfoW
SHGetStockIconInfo
ord727
ShellExecuteW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetMalloc
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetKnownFolderPath
CommandLineToArgvW

winmm

timeBeginPeriod
waveInGetDevCapsW
timeEndPeriod
waveInOpen
waveInClose
waveInPrepareHeader
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutOpen
timeSetEvent
waveInGetNumDevs
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInReset
mixerGetLineInfoW
mixerGetID
mixerGetLineControlsW
PlaySoundW
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
mixerSetControlDetails
timeKillEvent
mixerGetControlDetailsW

bcrypt

BCryptGenRandom

Sections

.text
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dbb90f24014578642d8b1ce5e457f1f

Code Sign

49:86:b7:20:56:b9:60:a1:18:da:02:18:bd:48:ca:e0Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

0e:8b:3b:c2:5e:cc:62:5f:73:eb:54:ad:ec:01:fe:84:44:a3:0d:60Signer

Headers

DLL Characteristics

File Characteristics

Imports

tolk

teamtalk5pro

mf

mfplat

d3d9

dxva2

evr

mfreadwrite

wtsapi32

uxtheme

dwmapi

gdi32

oleaut32

imm32

iphlpapi

crypt32

user32

advapi32

userenv

version

netapi32

ws2_32

kernel32

ole32

shell32

winmm

bcrypt

Sections

.text Size: 10.6MB - Virtual size: 10.6MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 110KB - Virtual size: 172KB

.qtmetad Size: 2KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 393KB - Virtual size: 392KB

49:86:b7:20:56:b9:60:a1:18:da:02:18:bd:48:ca:e0
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

0e:8b:3b:c2:5e:cc:62:5f:73:eb:54:ad:ec:01:fe:84:44:a3:0d:60
Signer

.text
Size: 10.6MB - Virtual size: 10.6MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 110KB - Virtual size: 172KB

.qtmetad
Size: 2KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 393KB - Virtual size: 392KB