2024-09-19_b2995bdd13ec8b1c4454cdf29eca271c_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-19_b2995bdd13ec8b1c4454cdf29eca271c_avoslocker_revil
Size

3.5MB
MD5

b2995bdd13ec8b1c4454cdf29eca271c
SHA1

eddd624510d93ef48775b94712a3128f2cf03c43
SHA256

29e2549eceba494fae832256ff708abbfe6cb41083260fab5b0e237af618854f
SHA512

0f0c0b5762b5a10370918b4c477c565653398850a491a7679e742435ffe2ab98427725d1cd9249a13eb1f1941a624186a96df4e5206663476c2eab9c4819d022
SSDEEP

49152:BOvvVoQqdMSxRGOFQ2DqHp4NhANdYkutPyNnxmukzgm+ZTe+3ZSJ00zRt2vVyt+p:BOvvaQqLGkQtHpuh8umnxZm+Zu2vXtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-19_b2995bdd13ec8b1c4454cdf29eca271c_avoslocker_revil

Files

2024-09-19_b2995bdd13ec8b1c4454cdf29eca271c_avoslocker_revil
.exe windows:6 windows x86 arch:x86

4d0881b6e58724fc08a057e1a8145aa7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\buildworker\steam_rel_client_win32\build\src\steamUI\gamestream\secure_desktop_capture\Release\secure_desktop_capture.pdb

Imports

kernel32

FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GlobalAlloc
GlobalUnlock
GlobalLock
LocalAlloc
LocalFree
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
SetStdHandle
HeapAlloc
HeapFree
LCMapStringW
CompareStringW
HeapValidate
HeapSize
SetConsoleCtrlHandler
GetModuleHandleExW
GetFullPathNameW
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
VirtualQuery
GetCurrentProcessId
Sleep
SetLastError
OutputDebugStringA
WriteFile
WriteConsoleW
FindFirstFileW
FindClose
CreateFileW
LoadLibraryA
GetProcAddress
GetCurrentThreadId
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OpenProcess
GetCurrentProcess
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
GetLastError
CloseHandle
LeaveCriticalSection
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetCPInfo
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ExitProcess
EnterCriticalSection
SetEndOfFile
ReadFile
GetCurrentDirectoryW
FindNextFileW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
DeleteFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
GetCommandLineW
TerminateProcess
GlobalMemoryStatusEx
VirtualAlloc
GetModuleFileNameA
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
QueryPerformanceFrequency
DuplicateHandle
RaiseException
TryEnterCriticalSection
SwitchToThread
CreateThread
GetCurrentThread
OpenThread
GetExitCodeThread
SetUnhandledExceptionFilter
LoadLibraryExA
LoadLibraryExW
DebugBreak
GetProcessHeaps
SetEnvironmentVariableW
FindFirstFileExW
FlushFileBuffers
GetDriveTypeW
GetFileInformationByHandle
GetFileSizeEx

user32

EndDialog
GetDlgItem
OpenClipboard
SetDlgItemInt
SetClipboardData
EmptyClipboard
GetWindowTextLengthA
GetDesktopWindow
CloseDesktop
GetDlgItemInt
CloseClipboard
SetDlgItemTextA
OpenDesktopA
DialogBoxParamA
GetWindowThreadProcessId
EnumWindows
GetShellWindow
wsprintfA
GetWindowRect
IsWindowVisible
ReleaseDC
GetDC
SetWindowPos
ShowWindow
GetCursorInfo
LoadCursorA
GetCursorPos
MessageBoxA
GetSystemMetrics
SendInput
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

gdi32

GdiFlush
SetBrushOrgEx
CreateDIBSection
SetStretchBltMode
StretchBlt
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt

advapi32

RegisterEventSourceW
ReportEventW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
CreateWellKnownSid
CopySid
AddAccessAllowedAce
OpenProcessToken
DeregisterEventSource

shell32

CommandLineToArgvW

oleaut32

VariantClear

psapi

GetProcessMemoryInfo

bcrypt

BCryptGenRandom

ws2_32

WSASetLastError
recv
WSAGetLastError
send
closesocket
WSACleanup

Exports

Exports

CreateInterface
g_dwDllEntryThreadId

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d0881b6e58724fc08a057e1a8145aa7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

psapi

bcrypt

ws2_32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 551KB - Virtual size: 551KB

.data Size: 27KB - Virtual size: 534KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 551KB - Virtual size: 551KB

.data
Size: 27KB - Virtual size: 534KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 648KB - Virtual size: 652KB