2024-09-09_d380268d3527627955516d6bf2dc1bf4_avoslocker_hijackloader_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-09_d380268d3527627955516d6bf2dc1bf4_avoslocker_hijackloader_revil
Size

3.0MB
MD5

d380268d3527627955516d6bf2dc1bf4
SHA1

cd01364289f5855e35c7e2444cefd1fca73966f5
SHA256

8f7f3e9f6b7be5ba192bdd88d3ff1d47e25cee41b8b4ba752f1f7677b0b029ae
SHA512

0220ae280df2a8eea4542d798519a61d5c5e213a397b19ea7a79feb6fbbf2bfeaf648796aff0aadfcb03bdc2462519e67312d56ceaf491f78833fd51103dbb53
SSDEEP

49152:BnEqf/jkQmnBb2HASMFGF1Konq+Pu97NrHTkLiffwv6c6j6mufGk:BnBjWBnSMFUfC97NrOiffq3

Score

1^/10

Malware Config

Signatures

Files

2024-09-09_d380268d3527627955516d6bf2dc1bf4_avoslocker_hijackloader_revil
.exe windows:6 windows x86 arch:x86

3c73f0075c238b5a5e1de8ae8b97cc8a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-06-2024 00:00

Not After

19-06-2027 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:09:9a:5f:8c:9b:6c:80:1c:82:d1:ba:51:0f:8d:af:66:c8:99:8c:e5:03:fc:a2:f9:f7:5d:6d:ff:96:be:dd
Signer

Actual PE Digest

67:09:9a:5f:8c:9b:6c:80:1c:82:d1:ba:51:0f:8d:af:66:c8:99:8c:e5:03:fc:a2:f9:f7:5d:6d:ff:96:be:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PCGMR_BUILD\Cim\CiSrc\pdfconverter\pdfconverter_sdk_sogou\product\win32\pdfsdk.pdb

Imports

kernel32

UnmapViewOfFile
GetFileInformationByHandle
GetExitCodeThread
OutputDebugStringW
TerminateThread
WritePrivateProfileStringW
FreeResource
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetComputerNameA
GetTickCount64
lstrcmpiW
LoadLibraryExW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
LoadLibraryW
RaiseException
CloseHandle
GetCurrentDirectoryW
LocalFileTimeToFileTime
WriteConsoleW
ReadConsoleInputW
SetConsoleMode
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
ReadConsoleW
GetConsoleMode
HeapReAlloc
SetFileTime
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleCP
SetConsoleCtrlHandler
SetFilePointerEx
GetFileAttributesExW
CreateFileW
ExitThread
GetModuleHandleExW
ExitProcess
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetCommandLineA
GetFullPathNameW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
VerifyVersionInfoA
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
GetPrivateProfileIntW
GetCurrentProcessId
FormatMessageW
Sleep
GetCurrentThreadId
CreateMutexW
SetEndOfFile
SetLastError
GetFileSizeEx
ResetEvent
CreateThread
SetEvent
CreateEventW
WaitForMultipleObjects
GetTempPathW
GetLocalTime
MoveFileW
CopyFileW
lstrlenW
GetCommandLineW
GetTickCount
GetWindowsDirectoryW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SystemTimeToFileTime
MoveFileExW
RemoveDirectoryW
FindNextFileW
DeleteFileW
GetPrivateProfileStringW
GetFileAttributesW
FindClose
InitializeCriticalSection
GetModuleFileNameW
FindFirstFileW
CreateDirectoryW
GetUserDefaultLCID
LockResource
GetLastError
GetLogicalDriveStringsW
HeapSize
OpenProcess
WaitForSingleObject
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
HeapFree
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
EncodePointer
GetStringTypeW
GetFileSize
SetFilePointer
ReadFile
GetSystemDirectoryW
GetVersionExW
FileTimeToSystemTime
GetExitCodeProcess
FreeLibrary
GetModuleHandleW
FreeLibraryAndExitThread
CreateProcessW
QueryDosDeviceW
EnumSystemLocalesW
SizeofResource

user32

EqualRect
UnregisterClassW
ReleaseDC
SystemParametersInfoW
GetDC
CopyRect
GetMonitorInfoW
OffsetRect
RegisterWindowMessageW
DestroyMenu
CreatePopupMenu
wsprintfW
GetWindowTextW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
InvalidateRect
GetDlgItem
SetWindowLongW
IsWindow
SetWindowTextW
SendMessageW
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
EndPaint
BeginPaint
GetClassInfoExW
DrawTextW
GetClientRect
LoadCursorW
SetFocus
MoveWindow
ShowWindow
RegisterClassExW
CreateWindowExW
FillRect
IsWindowVisible
InflateRect
PostMessageW
GetDesktopWindow
EnableWindow
GetNextDlgTabItem
GetCursorPos
SetForegroundWindow
ReleaseCapture
PtInRect
GetParent
SetRect
UpdateLayeredWindow
SetRectEmpty
SetCursor
SetCapture
FindWindowW
TranslateMessage
IsWindowEnabled
GetForegroundWindow
AttachThreadInput
MapWindowPoints
IsChild
PeekMessageW
GetDlgCtrlID
IsDialogMessageW
DispatchMessageW
GetActiveWindow
SetTimer
GetMessageW
GetWindow
GetWindowRect
GetFocus
SetWindowPos
DestroyIcon
ClientToScreen
ChangeWindowMessageFilter
MonitorFromWindow
IsRectEmpty
IntersectRect
LoadIconW
PostThreadMessageW
DrawIconEx
KillTimer
CharNextW
GetMenuItemInfoW
GetMenuItemCount
SetActiveWindow
ScreenToClient
LoadImageW
GetMenuStringW
LoadBitmapW
GetWindowThreadProcessId

gdi32

GetClipRgn
OffsetRgn
TextOutW
LineTo
MoveToEx
ExtSelectClipRgn
RoundRect
GetViewportOrgEx
SaveDC
StretchBlt
CreatePen
SetStretchBltMode
RestoreDC
CreateBitmap
CreateDIBSection
GetStockObject
CreateRectRgnIndirect
CreateRoundRectRgn
CreateRectRgn
Rectangle
SelectClipRgn
GetObjectW
GetTextColor
RectInRegion
CreateFontIndirectW
GetCurrentObject
CombineRgn
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
SetBkMode
SetViewportOrgEx
DeleteDC
SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
GetDeviceCaps

advapi32

CryptEnumProvidersA
CryptDestroyHash
CryptCreateHash
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
CryptDecrypt
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptSignHashA

shell32

ShellExecuteExW
ord155
SHBindToParent
SHParseDisplayName
ord680
CommandLineToArgvW
Shell_NotifyIconW
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathCombineW
StrToIntA
PathAddBackslashW
StrToInt64ExW
StrToIntW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

DrawShadowText
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipGetFontSize
GdipFree
GdipDeleteFontFamily
GdipSetStringFormatFlags
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipSetStringFormatAlign
GdipCloneFontFamily
GdipNewPrivateFontCollection
GdipCreatePen1
GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipGetFontCollectionFamilyList
GdipDrawString
GdipDrawLinesI
GdipCreateFontFromLogfontW
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipSetCompositingQuality
GdipGetFamily
GdipAddPathPieI
GdipDrawRectangleI
GdipAddPathRectangleI
GdipAddPathArcI
GdipSetPenStartCap
GdipDeletePath
GdipSetSmoothingMode
GdipSetClipPath
GdipCreatePath
GdipFillPath
GdipAddPathStringI
GdipSetPenDashStyle
GdipDrawLine
GdipSetPixelOffsetMode
GdipFillRectangle
GdipClosePathFigure
GdipDrawPath
GdipResetWorldTransform
GdipSetPenEndCap
GdipRotateWorldTransform
GdipMeasureString
GdipTranslateWorldTransform
GdipSetPenMode
GdipDrawImageI
GdipCreateLineBrushFromRectWithAngleI
GdipLoadImageFromFile
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipDrawImagePointsRectI
GdipDrawImageRectRect
GdipCloneImage
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipDisposeImageAttributes
GdipDisposeImage
GdipSetInterpolationMode
GdipCloneBitmapArea
GdipGraphicsClear
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipSetStringFormatLineAlign
GdipCreateFont
GdipCreateSolidFill

ws2_32

gethostbyname
shutdown
ntohl
gethostname
ioctlsocket
sendto
recvfrom
send
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
getservbyname
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertCloseStore

wldap32

ord50
ord60
ord211
ord46
ord217
ord22
ord35
ord79
ord30
ord200
ord301
ord45
ord41
ord26
ord32
ord27
ord143
ord33

normaliz

IdnToAscii

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c73f0075c238b5a5e1de8ae8b97cc8a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

67:09:9a:5f:8c:9b:6c:80:1c:82:d1:ba:51:0f:8d:af:66:c8:99:8c:e5:03:fc:a2:f9:f7:5d:6d:ff:96:be:ddSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

msimg32

gdiplus

ws2_32

crypt32

wldap32

normaliz

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 474KB - Virtual size: 473KB

.data Size: 54KB - Virtual size: 68KB

.rsrc Size: 536KB - Virtual size: 536KB

.reloc Size: 96KB - Virtual size: 96KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:ba:be:96:e5:0e:a2:5f:3f:0e:88:42:9a:74:a4:62
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

67:09:9a:5f:8c:9b:6c:80:1c:82:d1:ba:51:0f:8d:af:66:c8:99:8c:e5:03:fc:a2:f9:f7:5d:6d:ff:96:be:dd
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 474KB - Virtual size: 473KB

.data
Size: 54KB - Virtual size: 68KB

.rsrc
Size: 536KB - Virtual size: 536KB

.reloc
Size: 96KB - Virtual size: 96KB