2024-09-03_df88cacdb9ae0cdb01cc68ecbd80102d_avoslocker_metamorfo_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-03_df88cacdb9ae0cdb01cc68ecbd80102d_avoslocker_metamorfo_revil
Size

3.5MB
MD5

df88cacdb9ae0cdb01cc68ecbd80102d
SHA1

f17ab69ef4262e5a4a9e235aa5f1c0d0ccb57f45
SHA256

58eb8be26ebbcebeef67c965f74a9191fee192b0318d5ca08023df73ef6b781a
SHA512

1c3da2c31a5da2134dbec02ddd2a30c95f0d871ffdade0b8075c4cbb894d8cec6d4435a373338e7e72cce6268560103554dd36ebb82bf7551b6a3bf1e5bc07b0
SSDEEP

49152:G6v7karQ6lGrG5D53I2hiOPUUdC3tPsbXC0iOvMm2FN2XoCYHgZQmFWe30jaNf1q:G6v7kwhGy5FI2gOMrybXEm2r2qU023W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_df88cacdb9ae0cdb01cc68ecbd80102d_avoslocker_metamorfo_revil

Files

2024-09-03_df88cacdb9ae0cdb01cc68ecbd80102d_avoslocker_metamorfo_revil
.exe windows:6 windows x86 arch:x86

086f28fc97889de8aca08aaacd185ac3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildslave\steam_rel_client_hotfix_win32\build\src\steamUI\gamestream\secure_desktop_capture\Release\secure_desktop_capture.pdb

Imports

kernel32

FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GlobalAlloc
GlobalUnlock
GlobalLock
LocalAlloc
LocalFree
MultiByteToWideChar
WriteConsoleW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
SetStdHandle
HeapAlloc
HeapFree
LCMapStringW
CompareStringW
HeapValidate
HeapSize
SetConsoleCtrlHandler
GetModuleHandleExW
GetFullPathNameW
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
VirtualQuery
GetCurrentProcessId
Sleep
SetLastError
OutputDebugStringA
WriteFile
FreeEnvironmentStringsW
FindFirstFileW
FindClose
CreateFileW
LoadLibraryA
GetProcAddress
GetCurrentThreadId
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OpenProcess
GetCurrentProcess
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
GetLastError
CloseHandle
LeaveCriticalSection
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
ExitProcess
EnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetCurrentDirectoryW
FindNextFileW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
DeleteFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
GetCommandLineW
TerminateProcess
GlobalMemoryStatusEx
VirtualAlloc
GetModuleFileNameA
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
QueryPerformanceFrequency
DuplicateHandle
RaiseException
TryEnterCriticalSection
SwitchToThread
CreateThread
GetCurrentThread
OpenThread
GetExitCodeThread
SetUnhandledExceptionFilter
LoadLibraryExA
LoadLibraryExW
DebugBreak
GetProcessHeaps
SetEnvironmentVariableW
FindFirstFileExW
FlushFileBuffers
GetDriveTypeW
GetFileInformationByHandle
GetFileSizeEx
ReadFile
SetEndOfFile

user32

EndDialog
GetDlgItem
OpenClipboard
SetDlgItemInt
SetClipboardData
EmptyClipboard
GetWindowTextLengthA
GetDesktopWindow
CloseDesktop
GetDlgItemInt
CloseClipboard
SetDlgItemTextA
OpenDesktopA
GetWindowRect
DialogBoxParamA
GetWindowThreadProcessId
EnumWindows
GetShellWindow
wsprintfA
IsWindowVisible
ReleaseDC
GetDC
SetWindowPos
ShowWindow
GetCursorInfo
LoadCursorA
GetCursorPos
MessageBoxA
GetSystemMetrics
SendInput
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

gdi32

GdiFlush
SetBrushOrgEx
CreateDIBSection
SetStretchBltMode
StretchBlt
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt

advapi32

RegisterEventSourceW
ReportEventW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
CreateWellKnownSid
CopySid
AddAccessAllowedAce
OpenProcessToken
DeregisterEventSource

shell32

CommandLineToArgvW

oleaut32

VariantClear

psapi

GetProcessMemoryInfo

bcrypt

BCryptGenRandom

ws2_32

WSASetLastError
recv
WSAGetLastError
send
closesocket
WSACleanup

Exports

Exports

CreateInterface
g_dwDllEntryThreadId

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

086f28fc97889de8aca08aaacd185ac3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

psapi

bcrypt

ws2_32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 553KB - Virtual size: 552KB

.data Size: 27KB - Virtual size: 534KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 553KB - Virtual size: 552KB

.data
Size: 27KB - Virtual size: 534KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 648KB - Virtual size: 652KB