2024-09-03_3d84cef03221a138580da7b18b482f94_avoslocker_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-03_3d84cef03221a138580da7b18b482f94_avoslocker_magniber_revil
Size

13.1MB
MD5

3d84cef03221a138580da7b18b482f94
SHA1

90a3ee332502299ffe7a229cb63319f61aad3192
SHA256

cecb7faba4bcf6ad114ed63d03f59c4773c78e12c78a508f6ea1a62545757944
SHA512

17c1da776bdd1d13344f93ab99d16cf265444dd976ece3e1318ac69ce3c22ac9e603d0972cdfc3fbd499721c75e61be4cbd9729bac87b8c59f9f302332f6cc43
SSDEEP

196608:qfFnS0fD4wj2EEld1rf8HGKBiV+UDAcL5B4dpqpTmBt:qfFL0KTEv1rf8mJpAcL84pTm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_3d84cef03221a138580da7b18b482f94_avoslocker_magniber_revil

Files

2024-09-03_3d84cef03221a138580da7b18b482f94_avoslocker_magniber_revil
.exe windows:5 windows x86 arch:x86

de09c7fae62cbe6570bba3a33df3abbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gocart-client-build\win-intel\build\gocartclient\public\gcclient\binaries\windows\release\AdobeGCClient.pdb

Imports

psapi

GetProcessImageFileNameW

libcef

cef_parse_url
cef_create_url
cef_api_hash
cef_get_min_log_level
cef_string_utf16_cmp
cef_string_map_alloc
cef_string_map_free
cef_command_line_create
cef_command_line_get_global
cef_process_message_create
cef_log
cef_set_osmodal_loop
cef_browser_host_create_browser
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_shared_process_message_builder_create
cef_string_multimap_alloc
cef_string_multimap_free
cef_quit_message_loop
cef_run_message_loop
cef_shutdown
cef_initialize
cef_execute_process
cef_post_delayed_task
cef_post_task
cef_currently_on
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_stream_reader_create_for_handler
cef_stream_reader_create_for_data
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf16_set
cef_string_utf8_clear
cef_string_utf16_to_utf8
cef_string_ascii_to_utf16

msi

ord205
ord70

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpReadData
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpOpen

shell32

SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathRenameExtensionW
UrlEscapeW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathFileExistsA
PathIsDirectoryEmptyW
PathRemoveExtensionW

netapi32

NetWkstaGetInfo
NetApiBufferFree

vulcanmessage5

??1EndPoint@api5@vulcan@adobe@@UAE@XZ
?GetInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PAPAV1234@@Z
?ReleaseInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SAXXZ
?TYPE_PREFIX@SuiteMessage@api5@vulcan@adobe@@2QBDB
?SetPayload@SuiteMessage@api5@vulcan@adobe@@QAEXPBD@Z
?GetAppIdSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetAppId@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppVersionSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetAppVersion@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
??0SuiteMessage@api5@vulcan@adobe@@QAE@PBD@Z
?GetType@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppIdSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppId@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?SetConfig@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PBD0@Z
?SetDestinations@SuiteMessage@api5@vulcan@adobe@@QAEXPBVEndPoint@234@I@Z
??0IVulcanMessageListener@api5@vulcan@adobe@@QAE@XZ
?GetAppVersionSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetFault@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetFaultSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetError@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetErrorSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetPayload@SuiteMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetPayloadSize@SuiteMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppVersion@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
??0EndPoint@api5@vulcan@adobe@@QAE@ABV0123@@Z
??1SuiteMessage@api5@vulcan@adobe@@UAE@XZ
?SetSource@SuiteMessage@api5@vulcan@adobe@@QAEXABVEndPoint@234@@Z
?GetTypeSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ

vulcancontrol

?GetInstance@IVulcanController@api5@vulcan@adobe@@SA?AW4VulcanControlErrorCode@@PAPAV1234@@Z
?ReleaseInstance@IVulcanController@api5@vulcan@adobe@@SAXXZ
?SetConfig@IVulcanController@api5@vulcan@adobe@@SA?AW4VulcanControlErrorCode@@PBD0@Z

dbghelp

SymGetSearchPathW
SymSetOptions
SymCleanup
SymSetSearchPathW
SymFromAddr
SymGetLineFromAddr64
SymInitialize

winmm

timeGetTime

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

adobe_caps

pcdSessionCommit
pcdCloseSession
pcdOpenSessionNoCreate
pcdOpenCacheSession
pcdRemoveDomainData
pdbOpenSession
pcdGetDomainDataKeys
pcdGetDomainDataSubdomains
pcdOpenSession
pcdSetDomainData
pdbCloseSession
pdbGetAppLaunchPath
pcdGetDomainData

iphlpapi

GetAdaptersAddresses

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

rpcrt4

UuidToStringA
RpcStringFreeW
UuidCreate
UuidToStringW
RpcStringFreeA

kernel32

InterlockedPopEntrySList
GetThreadTimes
QueryDepthSList
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
SignalObjectAndWait
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CreateFileW
ReadFile
WriteFile
CloseHandle
GetLastError
ConnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
Sleep
LocalAlloc
LocalFree
SetEvent
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CreateSemaphoreW
GetSystemTime
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
OpenProcess
GetCommandLineW
SetErrorMode
CompareFileTime
ExpandEnvironmentStringsW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ExpandEnvironmentStringsA
DeleteFileA
CreateEventW
TerminateProcess
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
VerSetConditionMask
lstrlenW
VerifyVersionInfoW
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
lstrcmpA
lstrcmpW
SetFilePointer
CreateMutexW
SetHandleInformation
CreatePipe
CreateProcessW
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateDirectoryW
DuplicateHandle
GetCurrentProcess
ResumeThread
GetTickCount
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetModuleFileNameW
GetTempPathW
UnhandledExceptionFilter
GetEnvironmentVariableA
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileAttributesW
GetLogicalDriveStringsW
QueryDosDeviceW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetComputerNameExW
GetVersionExW
MulDiv
SystemTimeToFileTime
GetLocaleInfoA
GetStdHandle
GetFileType
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileW
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
WaitForMultipleObjects
GlobalFree
SetFilePointerEx
GetFileSizeEx
TerminateThread
GetVolumeInformationW
GetFileInformationByHandleEx
DeviceIoControl
SetFileAttributesW
GetLocalTime
GetTimeFormatW
GetDateFormatW
GetSystemDirectoryW
GetNativeSystemInfo
GetWindowsDirectoryW
ReleaseMutex
OpenMutexW
GetVolumePathNameW
CreateIoCompletionPort
ResetEvent
GetQueuedCompletionStatus
UnregisterWait
RegisterWaitForSingleObject
TerminateJobObject
PostQueuedCompletionStatus
GetUserDefaultLangID
GetUserDefaultLCID
GetUserDefaultLocaleName
EnumSystemLocalesEx
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
UnregisterWaitEx
GetCurrentThread
IsDebuggerPresent
IsWow64Process
GetThreadId
SetThreadPriority
GetThreadPriority
HeapSetInformation
SetProcessDEPPolicy
VirtualQueryEx
VirtualAllocEx
GetProductInfo
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessorNumber
SetThreadAffinityMask
VirtualFree
GetProcessHeaps
AcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
QueryInformationJobObject
VirtualProtectEx
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetLongPathNameW
VirtualFreeEx
GetProcessHandleCount
TlsGetValue
VirtualAlloc
LoadLibraryExW
DebugBreak
TlsAlloc
TlsFree
TlsSetValue
SetFileTime
GetFileInformationByHandle
SetUnhandledExceptionFilter
RtlCaptureStackBackTrace
CreateRemoteThread
MoveFileExW
SetCurrentDirectoryW
VirtualQuery
FindFirstFileExW
GetLogicalProcessorInformation
InitializeConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
InitializeSRWLock
VirtualProtect
GetTimeZoneInformation
GetUserDefaultUILanguage
SwitchToThread
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
GetExitCodeThread
GetStringTypeW
ReadConsoleInputW
SetConsoleMode
EnumSystemLocalesW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
ExitProcess
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
IsValidLocale
GetModuleHandleExW

user32

BeginDeferWindowPos
ShowWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
LoadStringW
CreateWindowStationW
OffsetRect
CopyRect
SetRect
SetWindowTextW
ReleaseDC
GetDC
SetWindowPos
SendMessageW
GetSystemMenu
CreateDesktopW
DeferWindowPos
EnableMenuItem
UpdateWindow
GetClientRect
SetWindowLongW
GetParent
LoadCursorW
EndDeferWindowPos
LoadIconW
GetWindowRect
DrawMenuBar
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
CloseDesktop
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
GetDesktopWindow

gdi32

CreateRoundRectRgn
GetDeviceCaps

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
CredWriteW
RegEnumValueW
CredReadW
RegDeleteKeyExW
RevertToSelf
AllocateAndInitializeSid
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
CreateProcessAsUserW
SetThreadToken
OpenProcessToken
AddMandatoryAce
CreateRestrictedToken
DuplicateTokenEx
EqualSid
FreeSid
GetAce
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
InitializeAcl
SetTokenInformation
LookupPrivilegeValueW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegDisablePredefinedCache
CredEnumerateW
ConvertSidToStringSidW
SetKernelObjectSecurity
GetKernelObjectSecurity
MapGenericMask
AccessCheck
ImpersonateLoggedOnUser
GetSecurityInfo
GetNamedSecurityInfoW
BuildTrusteeWithSidW
SystemFunction036
CredFree
CredDeleteW
DuplicateToken
OpenThreadToken
ReportEventA
RegisterEventSourceA
ConvertSidToStringSidA
ConvertStringSidToSidW
GetExplicitEntriesFromAclW
SetNamedSecurityInfoW
CopySid
CreateWellKnownSid
GetSidSubAuthority
InitializeSid
IsValidSid
GetUserNameW
DeregisterEventSource
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegQueryValueExA
AdjustTokenPrivileges

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoInitialize

oleaut32

VariantInit
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantClear

ws2_32

inet_ntoa

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptUnprotectData
CryptProtectData
CertCreateCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CryptStringToBinaryW
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CertVerifySubjectCertificateContext

wintrust

WinVerifyTrust

secur32

GetUserNameExW

bcrypt

BCryptVerifySignature
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptHashData
BCryptGenerateSymmetricKey

Exports

Exports

AGDServiceAllKeysInSubDomain
AGDServiceConvertAGDStatusTypeEnumToString
AGDServiceCountKeysInSubDomain
AGDServiceRemoveAllKeysInSubDomain
AGDServiceRemoveKeyInSubDomain
AGDServiceSetMultipleValueForKeyInSubDomain
AGDServiceSetValueForKeyInSubDomain
AGDServiceValueForKeyInSubDomain
AGDTruncateAdobeGenuineDataTable
CCDGetNGLAppID
CCDServiceSetAllRecords
CCDTruncateCCDataTable
GCDDropGCDataTable
GCDServiceAllKeysInSubdomain
GCDServiceAllSubdomains
GCDServiceClose
GCDServiceCreate
GCDServiceDeleteAllKeysInSubdomain
GCDServiceDeleteKeyInSubdomain
GCDServiceIncrementValueForKeyInSubdomain
GCDServiceSetValueForKeyInSubdomain
GCDServiceValueForKeyInSubdomain
GetAsnVersion
GetHandleVerifier
IAL_CloseSession
IAL_CreateSession
IAL_DownloadAdobeGCClientFromPath
IAL_FetchRulesForLEIDs
IAL_GetAdobeGCClientAppDownloadPath
IAL_GetClientConfiguration
IAL_GetServerURLFromDispatch
IAL_GetVersion
IAL_PostRulesForLEIDs
IAL_SendCheckPatch
IAL_SendEventToETSHostfileMod
IAL_SendInAppEvents
IAL_SendMachineEvents
IAL_SendNotifAuditEvents
IAL_SendPHEvents
IAL_SendPatchAudit
IAL_SendUninstallationStatus
IAL_SetLoggingMethod
IAL_SetProxyDetails
IsSandboxedProcess
LEDGetCachedGMEpoch
LEDServiceGetAllRecords
LEDServiceRecordEvent
LEDTruncateGCDataTable
NADServiceGetAllRecords
NADServiceRecordEvent
NADTruncateTable
RSDConvertPCDStatusTypeEnumToString
RSDServiceGetAllRecords
RSDServiceRecordStatus
RSDTruncateGCDataTable
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 434KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de09c7fae62cbe6570bba3a33df3abbb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

libcef

msi

winhttp

shell32

shlwapi

netapi32

vulcanmessage5

vulcancontrol

dbghelp

winmm

version

adobe_caps

iphlpapi

setupapi

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

crypt32

wintrust

secur32

bcrypt

Exports

Exports

Sections

.text Size: 9.1MB - Virtual size: 9.1MB

malloc_h Size: 512B - Virtual size: 257B

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 434KB - Virtual size: 1.2MB

.rsrc Size: 428KB - Virtual size: 427KB

.reloc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 9.1MB - Virtual size: 9.1MB

malloc_h
Size: 512B - Virtual size: 257B

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 434KB - Virtual size: 1.2MB

.rsrc
Size: 428KB - Virtual size: 427KB

.reloc
Size: 1.3MB - Virtual size: 1.3MB