2024-09-18_c0f68b5a05bb0dcfd2e8fd1a1e0f9f51_avoslocker_rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-18_c0f68b5a05bb0dcfd2e8fd1a1e0f9f51_avoslocker_rhadamanthys
Size

1.8MB
MD5

c0f68b5a05bb0dcfd2e8fd1a1e0f9f51
SHA1

048e068806c78939eaabafd2242a7d202cf9ced8
SHA256

fb3a1a86a07de26747ba6e03714199ea532537581b8ee4e1ee1fc9c991f4e7e3
SHA512

bb45f50b29d9ce9eedba0a7f97b1d7599ac64a4624958b0c2354b1bd32737625ec3a640ac79cf4998fa142c47ddea8e78ce4548a5b6fd929fadde94ad07eb7f7
SSDEEP

49152:vF+HFC5B1k6pG5UTGis+u88nHq5HaONnAQC+6GwrnCJnb3EnCI3kEUZ9vdT+mFTH:viFsB1k6pGTiskb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-18_c0f68b5a05bb0dcfd2e8fd1a1e0f9f51_avoslocker_rhadamanthys

Files

2024-09-18_c0f68b5a05bb0dcfd2e8fd1a1e0f9f51_avoslocker_rhadamanthys
.exe windows:6 windows x86 arch:x86

5d28495ab68d4e682e4f08e8f0a00508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-windows-plugin\output\i386\bin\Release\atinst.pdb

Imports

wininet

HttpAddRequestHeadersW
HttpQueryInfoW
InternetCrackUrlA
InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestW
HttpSendRequestA
HttpOpenRequestW
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
InternetReadFileExW
InternetReadFileExA
InternetReadFile
InternetConnectW
InternetConnectA
InternetOpenA
InternetOpenW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteExW
CommandLineToArgvW

shlwapi

StrCmpIW
SHDeleteKeyA
PathAppendW
PathFileExistsW
StrRChrIW
PathFindFileNameW
PathRemoveFileSpecW
PathBuildRootW
PathGetDriveNumberW
StrChrIW
SHDeleteKeyW
PathFileExistsA

kernel32

GetFileSizeEx
GetTempFileNameW
SetFilePointer
GetTempPathW
CopyFileW
MoveFileExW
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
TerminateThread
GetTickCount
ReleaseMutex
CreateMutexW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
GetModuleHandleA
CreateEventA
GetLogicalDriveStringsW
HeapAlloc
HeapFree
GetProcessHeap
GetCommandLineA
CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
GetFileAttributesW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
WriteFile
GetTempPathA
GetTempFileNameA
OpenEventA
OpenEventW
GetVersionExA
GetVersionExW
LoadLibraryA
GetPrivateProfileIntA
WritePrivateProfileStringA
CopyFileA
MoveFileExA
EnumSystemGeoID
GetDriveTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
VirtualQuery
FlushViewOfFile
OpenFile
GetOEMCP
HeapReAlloc
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetFileSize
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetLocaleInfoW
FindNextFileW
FindFirstFileW
FindClose
FormatMessageW
Sleep
SetLastError
ReadFile
CreateFileW
GetTimeFormatW
GetDateFormatW
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetUserGeoID
IsBadReadPtr
GetModuleFileNameA
IsProcessInJob
CreateProcessW
GetCurrentThread
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCommandLineW
GetPrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
lstrcpynW
lstrcmpiW
LocalFree
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
OpenProcess
GetCurrentProcessId
CloseHandle
GetLongPathNameW
DeleteFileW
CreateDirectoryW
lstrlenA
lstrcmpiA
GetLastError
RaiseException
DecodePointer
OutputDebugStringW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetCurrentDirectoryW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
GetThreadTimes
GetFileAttributesExW
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
EncodePointer
SwitchToThread
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
QueryDosDeviceW
WaitForSingleObjectEx
TryEnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW

user32

GetWindowThreadProcessId
GetForegroundWindow
GetShellWindow
FindWindowW
SendMessageA
SetWindowPos
GetWindowLongW
KillTimer
SetTimer
PostThreadMessageW
SendMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
GetWindow
IsWindowVisible
FindWindowExW
FindWindowExA
GetWindowRect
GetPropW
GetPropA

ole32

CoCreateInstance
CoTaskMemFree
CoCreateGuid

advapi32

GetTokenInformation
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
CreateProcessWithTokenW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenThreadToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetSecurityDescriptorSacl
ConvertSidToStringSidW
RegDeleteTreeW
RegDeleteTreeA
RegSetValueExA
RegSetValueW
RegSetValueA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyW
RegOpenKeyA
RegFlushKey
RegEnumValueW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
RevertToSelf
MapGenericMask
ImpersonateSelf
GetFileSecurityW
AccessCheck
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetFileSecurityW
OpenProcessToken

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CertGetNameStringW
CryptVerifyMessageSignature
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertComparePublicKeyInfo

wintrust

WinVerifyTrust

Sections

.text
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d28495ab68d4e682e4f08e8f0a00508

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

shell32

shlwapi

kernel32

user32

ole32

advapi32

version

crypt32

wintrust

Sections

.text Size: 582KB - Virtual size: 581KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 1010KB - Virtual size: 1009KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 582KB - Virtual size: 581KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 1010KB - Virtual size: 1009KB

.reloc
Size: 31KB - Virtual size: 31KB