2024-09-03_2d80c95350ca5b2ddb074c73c1e18a70_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-03_2d80c95350ca5b2ddb074c73c1e18a70_avoslocker_revil
Size

4.9MB
MD5

2d80c95350ca5b2ddb074c73c1e18a70
SHA1

9d84b1ec573a4a67e38a2051e3e3337e5a67dba7
SHA256

4dfcb1bdbfc90a7e6d975dfdeaf29416d33570b62191cb7d24a4b129f4238e73
SHA512

155844f1c1bef38ddb4da52c0eaa398928c1be2eb5afc543f237830136b44623f1825cb05567b6ec8adf77e062fbddf9c14e855b04e58c3c41943d54317b5ccb
SSDEEP

98304:EoyRv3YvCbuegtUmmSHtfbQSTpqt/9wHWP58n1t2sEE5:EdvGPmSHtzQxwJ1t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_2d80c95350ca5b2ddb074c73c1e18a70_avoslocker_revil

Files

2024-09-03_2d80c95350ca5b2ddb074c73c1e18a70_avoslocker_revil
.exe windows:5 windows x86 arch:x86

265e90d39307d676e6dff798fe84dd9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gocart-client-build\win-intel\build\gocartclient\public\gcdirectorywatcher\binaries\windows\release\AGMService.pdb

Imports

msi

ord70
ord205

iphlpapi

GetAdaptersAddresses

winhttp

WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpReadData

setupapi

SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW

psapi

GetProcessImageFileNameW

shlwapi

PathRenameExtensionW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathRemoveExtensionW
PathIsFileSpecW
PathFileExistsW
PathStripPathW
PathRemoveBackslashW
PathAddExtensionW
PathAppendW
PathRemoveFileSpecW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetFolderLocation
SHGetFolderPathW
SHGetKnownFolderPath

rpcrt4

UuidToStringW
RpcStringFreeA
RpcStringFreeW
UuidToStringA
UuidCreate

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetWkstaGetInfo

ws2_32

inet_ntoa

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

kernel32

CompareFileTime
ReleaseSemaphore
CreateSemaphoreW
GetProcessTimes
OpenProcess
K32EnumProcesses
K32GetProcessImageFileNameW
GetModuleFileNameW
VerSetConditionMask
lstrlenW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateDirectoryW
RemoveDirectoryW
DecodePointer
DuplicateHandle
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
DeleteCriticalSection
GetCurrentProcess
TerminateProcess
ResumeThread
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LocalAlloc
LocalFree
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetLogicalDriveStringsW
QueryDosDeviceW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
ProcessIdToSessionId
GetSystemTime
GetComputerNameExW
GetVersionExW
SystemTimeToFileTime
GetLocaleInfoA
OutputDebugStringA
GetEnvironmentVariableA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTempPathW
GetModuleHandleExW
SetFileAttributesW
FreeLibrary
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WriteFile
SetFilePointer
GetCurrentThread
GetTimeZoneInformation
GlobalFree
QueueUserWorkItem
ReadFile
GetFileSizeEx
GetLocalTime
GetTimeFormatW
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetStdHandle
GetFileType
GetModuleHandleW
LoadLibraryA
GlobalMemoryStatus
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
UnlockFileEx
DeleteTimerQueueTimer
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
SwitchToThread
FlushConsoleInputBuffer
MoveFileW
lstrcmpW
SetHandleInformation
CreatePipe
PeekNamedPipe
FileTimeToSystemTime
GetThreadTimes
SetFilePointerEx
TerminateThread
ConnectNamedPipe
CreateNamedPipeW
GetACP
TlsAlloc
GetStringTypeW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateTimerQueueTimer
CreateTimerQueue
FindResourceW
SizeofResource
LockResource
LoadResource
InitializeCriticalSectionAndSpinCount
GetTickCount
CreateThread
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
GetOverlappedResult
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
CreateFileW
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
SetFileTime
MoveFileExW
ExitProcess
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetConsoleCP
GetCommandLineA
GetCommandLineW
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
SetStdHandle
SetConsoleMode
ReadConsoleInputW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
VirtualAlloc
VirtualProtect
VirtualFree
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
LocalFileTimeToFileTime
lstrcatW
DeleteTimerQueue
SetEndOfFile
DosDateTimeToFileTime
ReadDirectoryChangesW
GetFileTime
TryEnterCriticalSection
lstrcmpA

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

InitializeSecurityDescriptor
ControlService
EnumDependentServicesW
OpenServiceW
QueryServiceStatusEx
RevertToSelf
CreateProcessAsUserW
OpenProcessToken
CopySid
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventA
RegisterEventSourceA
OpenThreadToken
SetSecurityInfo
GetNamedSecurityInfoW
CreateWellKnownSid
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSidToSidW
ConvertSidToStringSidA
LookupPrivilegeValueW
SetTokenInformation
SetSecurityDescriptorDacl
CloseServiceHandle
GetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
FreeSid
EqualSid
DuplicateTokenEx
CreateRestrictedToken
AllocateAndInitializeSid
SetThreadToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
QueryServiceStatus
OpenSCManagerW
DeleteService
CreateServiceW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx

oleaut32

SysStringLen
VariantClear
SysFreeString
VariantInit
SysAllocString
SysAllocStringByteLen

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptDecodeObject
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust

Exports

Exports

AGDServiceAllKeysInSubDomain
AGDServiceConvertAGDStatusTypeEnumToString
AGDServiceCountKeysInSubDomain
AGDServiceRemoveAllKeysInSubDomain
AGDServiceRemoveKeyInSubDomain
AGDServiceSetMultipleValueForKeyInSubDomain
AGDServiceSetValueForKeyInSubDomain
AGDServiceValueForKeyInSubDomain
AGDTruncateAdobeGenuineDataTable
Adobe_GC_GetLatestGCApplication
Adobe_GC_InvokeApplication
Adobe_GC_InvokeApplication_NGL
Adobe_GC_ReleaseRef
Adobe_GC_SetDownloadPath
Adobe_GC_SetInstallPath
CCDGetNGLAppID
CCDServiceSetAllRecords
CCDTruncateCCDataTable
IAL_CloseSession
IAL_CreateSession
IAL_DownloadAdobeGCClientFromPath
IAL_FetchRulesForLEIDs
IAL_GetAdobeGCClientAppDownloadPath
IAL_GetClientConfiguration
IAL_GetServerURLFromDispatch
IAL_GetVersion
IAL_PostRulesForLEIDs
IAL_SendCheckPatch
IAL_SendEventToETSHostfileMod
IAL_SendInAppEvents
IAL_SendMachineEvents
IAL_SendNotifAuditEvents
IAL_SendPHEvents
IAL_SendPatchAudit
IAL_SendUninstallationStatus
IAL_SetLoggingMethod
IAL_SetProxyDetails
LEDGetCachedGMEpoch
LEDServiceGetAllRecords
LEDServiceRecordEvent
LEDTruncateGCDataTable
RSDConvertPCDStatusTypeEnumToString
RSDServiceGetAllRecords
RSDServiceRecordStatus
RSDTruncateGCDataTable

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 844KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

265e90d39307d676e6dff798fe84dd9e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

iphlpapi

winhttp

setupapi

psapi

shlwapi

shell32

rpcrt4

userenv

version

netapi32

ws2_32

wtsapi32

kernel32

user32

advapi32

ole32

oleaut32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 644KB - Virtual size: 643KB

.data Size: 312KB - Virtual size: 333KB

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 844KB - Virtual size: 848KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 644KB - Virtual size: 643KB

.data
Size: 312KB - Virtual size: 333KB

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 844KB - Virtual size: 848KB