2024-09-08_6492bef999502d308e2a2a7faf1bf5d8_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_6492bef999502d308e2a2a7faf1bf5d8_avoslocker_revil
Size

3.3MB
MD5

6492bef999502d308e2a2a7faf1bf5d8
SHA1

0e69e0332f54a999a1a01b5264ffde9b86e1e0dd
SHA256

d4beb6bf070f86f567b9065bf29932410899fce36e148b11263e411207809ca6
SHA512

8b8509e75c159397cf180deb4897b6cb6e27d634fc4b4b6707dbd632a633f207d44a25a354bbdee292d0de2a6a0e68344a6ce05daad8a4f092dc762ff76a0d26
SSDEEP

98304:uV/OLGVCETVqYf7zrR3XhBz80vN7rwSoI0l:uULGVCE4Yjz13Xj7rwW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-08_6492bef999502d308e2a2a7faf1bf5d8_avoslocker_revil

Files

2024-09-08_6492bef999502d308e2a2a7faf1bf5d8_avoslocker_revil
.exe windows:6 windows x86 arch:x86

879d39320132282730281b4ecdc57d0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\mentor-desktop\mentor-uninstaller-release\uninstall.pdb

Imports

ws2_32

send
gethostname
getnameinfo
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
ioctlsocket
shutdown

crypt32

CertDuplicateCertificateContext
CertOpenStore
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW

wldap32

ord219
ord145
ord127
ord46
ord14
ord301
ord147
ord133
ord79
ord216
ord167
ord142
ord27
ord26
ord117
ord41
ord208

kernel32

SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
ExitProcess
LoadLibraryExW
RaiseException
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
CreateDirectoryW
ReadFile
SizeofResource
FindFirstFileW
HeapFree
FindNextFileW
WriteFile
TerminateProcess
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
GetVersionExW
OpenProcess
SetFileAttributesW
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
Process32NextW
K32GetModuleBaseNameW
LockResource
DeleteFileW
Process32FirstW
CloseHandle
LoadResource
FindResourceW
HeapAlloc
K32EnumProcesses
LocalFree
GetCurrentProcessId
GetProcessHeap
WriteConsoleW
CreateMutexW
ReleaseMutex
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
SetLastError
MoveFileExW
CompareFileTime
GetEnvironmentVariableA
FileTimeToSystemTime
GetFileType
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleA
GetConsoleMode
ReadConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
SystemTimeToFileTime
GetSystemTime
CreateThread
WideCharToMultiByte
ExitThread
GetTimeZoneInformation
HeapSize
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
GetConsoleOutputCP
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileSizeEx
FlushFileBuffers
SetEndOfFile
GetCurrentDirectoryW
GetTickCount
GetStdHandle
GetFullPathNameW

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

advapi32

CryptDestroyKey
CryptGetUserKey
CryptAcquireContextW
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptGetProvParam
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
RegEnumKeyW
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
OpenServiceW
QueryServiceStatusEx
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

879d39320132282730281b4ecdc57d0d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

wldap32

kernel32

user32

advapi32

shell32

bcrypt

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 529KB - Virtual size: 528KB

.data Size: 18KB - Virtual size: 34KB

.rsrc Size: 225KB - Virtual size: 224KB

.reloc Size: 640KB - Virtual size: 644KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 529KB - Virtual size: 528KB

.data
Size: 18KB - Virtual size: 34KB

.rsrc
Size: 225KB - Virtual size: 224KB

.reloc
Size: 640KB - Virtual size: 644KB