2024-09-06_2078368878151ea99e819ff98e7db7a0_avoslocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-06_2078368878151ea99e819ff98e7db7a0_avoslocker
Size

2.5MB
MD5

2078368878151ea99e819ff98e7db7a0
SHA1

c17c114618782f7a2075b85cfe406b9334f7c4e0
SHA256

0342775814913d1b2fa10ed02c64647c7a89b02d1115e18f3294a7dfba3f589c
SHA512

74b2aa6a4548965ee36e79cea38cbd8725441a2a0908f46d6f779e41c8984e3d299e50a8572d8f17ed0975425e2a5b26d9289f0dad0487db8e6baa92e170b90c
SSDEEP

49152:MY9rVRu6hKk7Hzl53WK3IIBRq/1teLteBqX:rru6hKqHzF4qqfeLwwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-06_2078368878151ea99e819ff98e7db7a0_avoslocker

Files

2024-09-06_2078368878151ea99e819ff98e7db7a0_avoslocker
.exe windows:6 windows x86 arch:x86

a15374eeff9b2f975f01ee8e93ee6603

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\10_Projects\GR_Dock\MCU Source Code\GUI\TBT4DockFWTool_FW1018-1_NVM41.81_20240425_Released(1018-1)\Release\Fwupdate.pdb

Imports

hid

HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_GetHidGuid

setupapi

SetupDiGetClassImageIndex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Sibling_Ex
CM_Disconnect_Machine
CM_Get_Child_Ex
CM_Locate_DevNode_ExW
SetupDiGetClassImageList
CM_Connect_MachineW
SetupDiGetDeviceRegistryPropertyW
CM_Locate_DevNodeW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_Device_IDW
CM_Get_Parent
CM_Get_Sibling
CM_Get_Child
CM_Reenumerate_DevNode
CM_Get_DevNode_Registry_PropertyW

rpcrt4

UuidFromStringW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CertFindCertificateInStore
CertOpenStore
CertGetNameStringW
CertCloseStore

wintrust

WinVerifyTrust

kernel32

GlobalUnlock
GlobalLock
GetCurrentThreadId
SetThreadPriority
SuspendThread
GetCurrentThread
GetVersionExW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
EncodePointer
GetSystemDirectoryW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
SetErrorMode
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
EnterCriticalSection
FileTimeToSystemTime
GetModuleHandleA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
SetLastError
OutputDebugStringA
GetACP
TerminateThread
WaitForSingleObject
GetExitCodeThread
SetEvent
ResumeThread
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
CreateEventW
WriteFile
GetTempFileNameW
GetTempPathW
QueryFullProcessImageNameW
GetNativeSystemInfo
GetProductInfo
GetCommandLineW
FormatMessageW
FreeLibrary
LoadLibraryW
GetPrivateProfileStringW
GetModuleFileNameW
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
GetComputerNameW
GetModuleHandleW
GetProcAddress
GetStdHandle
OpenProcess
GetCurrentProcessId
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreatePipe
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetSystemPowerStatus
WideCharToMultiByte
WinExec
GetConsoleWindow
WritePrivateProfileStringW
Sleep
GlobalFree
DeviceIoControl
GlobalAlloc
DeleteFileW
SetCurrentDirectoryW
ReadFile
SetFilePointer
MultiByteToWideChar
CreateDirectoryW
GetLastError
CloseHandle
CreateFileW
LocalFree
LocalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
OutputDebugStringW
RtlUnwind
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetConsoleCP
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetCommandLineA
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetTimeZoneInformation
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
GetConsoleOutputCP
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
LeaveCriticalSection
WriteConsoleW

user32

SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
IsWindowEnabled
GetMenuItemCount
GetMenuItemID
GetSubMenu
OffsetRect
FindWindowW
CloseWindow
RegisterDeviceNotificationW
RegisterClassExW
CreateWindowExW
GetMessageW
GetClientRect
SetRect
PostQuitMessage
PtInRect
GetFocus
SetForegroundWindow
PostMessageW
RedrawWindow
IsWindowVisible
UpdateWindow
GetWindowRect
ReleaseDC
GetSystemMetrics
GetParent
CopyRect
SetWindowLongW
IsWindow
RegisterSuspendResumeNotification
SystemParametersInfoW
SendMessageW
LoadCursorW
GetSysColor
LoadIconW
GetDC
EnableWindow
ShowWindow
MessageBoxW
wsprintfW
QueryDisplayConfig
GetDisplayConfigBufferSizes
SetTimer
DispatchMessageW
TranslateMessage
GetForegroundWindow
BeginPaint
EndPaint
GetScrollPos
SetPropW
GetPropW
RemovePropW
GetWindowTextW
AdjustWindowRectEx
MapWindowPoints
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
UnhookWindowsHookEx
WinHelpW
MonitorFromWindow
ScreenToClient
SetRectEmpty
DestroyMenu
InvalidateRect
RealChildWindowFromPoint
SetCursor
GetSysColorBrush
CharUpperW
ClientToScreen
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
SetWindowTextW
MoveWindow
PeekMessageW
KillTimer

gdi32

DeleteObject
Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetBkMode
SetMapMode
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateBitmap
SetTextColor
SetBkColor
DeleteDC
PatBlt
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
CreateFontW
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteKeyExW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathIsDirectoryW

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoCreateGuid
CoInitialize

oleaut32

SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocString

winusb

WinUsb_Initialize
WinUsb_SetPowerPolicy
WinUsb_Free
WinUsb_GetDescriptor
WinUsb_GetPowerPolicy

iphlpapi

GetAdaptersInfo

powrprof

PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerGetActiveScheme
DevicePowerClose
DevicePowerEnumDevices
PowerReadDCValueIndex
PowerReadACValueIndex
DevicePowerOpen

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a15374eeff9b2f975f01ee8e93ee6603

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

setupapi

rpcrt4

version

imagehlp

crypt32

wintrust

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

winusb

iphlpapi

powrprof

oleacc

Sections

.text Size: 490KB - Virtual size: 489KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 11KB - Virtual size: 30KB

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 490KB - Virtual size: 489KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 11KB - Virtual size: 30KB

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 41KB - Virtual size: 41KB