2024-09-25_71039096de14c7f93b40700d51bb0705_avoslocker_floxif

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-25_71039096de14c7f93b40700d51bb0705_avoslocker_floxif
Size

7.3MB
MD5

71039096de14c7f93b40700d51bb0705
SHA1

dcb111b9587baf36cacdbadef47c2ddced02bf3e
SHA256

e4d09a93b33a10eec7ab5df3941b5cf0eec319ac859303e5355ea1bf81494e38
SHA512

128b01ccb5a659a1ad72c6ae19e86a57a41b6b3870e469e463751453bbde0f136b0fd26dd0e5449edb5e7ebc82a5b7fd8968005eec13e3e474e888899b7f8780
SSDEEP

98304:vFIXsG/he04LbyzviYHnl0p5585OCjqYCskq1c8kZMo3:dIX//MNL6vvl0p55RCkgo3

Score

1^/10

Malware Config

Signatures

Files

2024-09-25_71039096de14c7f93b40700d51bb0705_avoslocker_floxif
.exe windows:5 windows x86 arch:x86

a4b5be933fe74c23bd7bffb044fc8cd1

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-01-2019 00:00

Not After

03-02-2021 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:8a:c5:47:9c:48:78:be:76:b0:61:c8:79:fa:e1:69:a9:b3:d2:47:0f:35:1c:e1:2b:67:7a:14:63:65:59:1f
Signer

Actual PE Digest

ed:8a:c5:47:9c:48:78:be:76:b0:61:c8:79:fa:e1:69:a9:b3:d2:47:0f:35:1c:e1:2b:67:7a:14:63:65:59:1f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Set-up.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

PathRemoveBackslashW
PathIsNetworkPathW
PathIsUNCW
PathStripPathW
UrlIsW
SHGetValueW
UrlEscapeW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFileExistsW
PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathIsDirectoryW
PathRenameExtensionW
PathIsSystemFolderW
PathFileExistsA
PathIsRelativeW
PathIsRootW
PathAddBackslashW
PathStripToRootW

shell32

SHGetKnownFolderPath
ord51
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord680
SHGetMalloc
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW
SHBrowseForFolderW

kernel32

FindNextFileW
WaitForMultipleObjects
CreateFileW
CreateEventW
SetEvent
ResetEvent
GetOverlappedResult
ReadDirectoryChangesW
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
FindClose
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetLocalTime
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
DeviceIoControl
GetTempPathW
GetVersionExW
GetComputerNameExW
FileTimeToSystemTime
GetNativeSystemInfo
RaiseException
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW
FreeLibrary
InitializeCriticalSectionEx
DecodePointer
MulDiv
GetModuleFileNameW
TerminateProcess
RemoveDirectoryW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CopyFileW
GetExitCodeProcess
ReadFile
SetLastError
lstrlenW
LocalAlloc
GetDiskFreeSpaceExW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileExW
GetFileSize
lstrcpyW
lstrcmpiW
lstrcmpW
GetDriveTypeW
GetFullPathNameW
HeapSize
HeapReAlloc
HeapDestroy
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemDirectoryW
SetDllDirectoryW
GetStdHandle
AttachConsole
FreeConsole
GetConsoleWindow
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
LeaveCriticalSection
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalFree
VerSetConditionMask
FindFirstFileW
GetUserDefaultLCID
LCMapStringW
DuplicateHandle
ProcessIdToSessionId
TerminateThread
CreateThread
FindResourceExW
GetThreadTimes
QueryFullProcessImageNameW
GetUserDefaultLangID
GetUserDefaultUILanguage
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
CreateDirectoryW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreW
GetTimeZoneInformation
QueryPerformanceFrequency
GetCurrentThread
SetFilePointerEx
ResumeThread
EnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
CompareStringW
GetCPInfo
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeW
SwitchToThread
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
LoadLibraryExA
VirtualQuery
VirtualProtect
GetCurrentProcessId
GetCurrentThreadId
OpenMutexW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetLastError
FormatMessageW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
DeleteCriticalSection
GetModuleHandleA
LoadLibraryExW
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
SetStdHandle
WriteConsoleW
ExitProcess
GetConsoleCP
GetConsoleMode
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
VerifyVersionInfoW
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
SetEnvironmentVariableW
GetFullPathNameA

user32

CharNextW
BringWindowToTop
TranslateAcceleratorW
GetClassNameW
SetCapture
GetDlgItem
GetParent
RegisterWindowMessageW
GetForegroundWindow
GetSysColor
AttachThreadInput
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
InvalidateRgn
IsWindow
SetWindowTextW
ScreenToClient
FillRect
GetFocus
GetWindow
ReleaseCapture
SetForegroundWindow
InvalidateRect
IsIconic
BeginPaint
EndPaint
GetWindowTextW
GetSystemMetrics
GetWindowLongW
GetMessageW
DefWindowProcW
CreateAcceleratorTableW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
MoveWindow
SetFocus
CallWindowProcW
GetWindowTextLengthW
GetWindowThreadProcessId
wsprintfW
PostThreadMessageW
RegisterClassExW
GetActiveWindow
DispatchMessageW
TranslateMessage
LoadCursorW
SetWindowLongW
PostQuitMessage
GetDesktopWindow
GetClassInfoExW
GetDC
MessageBoxW
ShowWindow
GetAsyncKeyState
ReleaseDC
PostMessageW
UnregisterClassW
GetClientRect
EnumWindows
GetShellWindow
AllowSetForegroundWindow
LoadImageW
SystemParametersInfoW
EnableMenuItem
LoadIconW
GetSystemMenu
GetClassLongW
AppendMenuW
SetClassLongW
GetWindowRect

gdi32

CreateCompatibleDC
GetStockObject
GetDeviceCaps
GetObjectW
DeleteObject
CreateSolidBrush
DeleteDC
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

LookupAccountSidW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateWellKnownSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegFlushKey
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
EqualSid
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
DuplicateTokenEx
ConvertSidToStringSidW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
CredDeleteW
CredFree
CredEnumerateW
CredReadW
CredWriteW
GetUserNameW
GetTokenInformation

ole32

CoCreateGuid
CoAddRefServerProcess
OleRun
CoUninitialize
CoInitialize
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
StringFromGUID2
OleInitialize
OleUninitialize
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoReleaseServerProcess

oleaut32

VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
VariantInit
SysAllocString
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
VariantCopy
SysStringByteLen
DispCallFunc
GetErrorInfo
VariantClear

bcrypt

BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyKey
BCryptEncrypt
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptGetProperty

crypt32

CertGetNameStringW
CertGetIssuerCertificateFromStore
CryptProtectData
CryptUnprotectData
CryptStringToBinaryW
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CertCloseStore
CertAddCertificateContextToStore
CertVerifySubjectCertificateContext

secur32

GetUserNameExW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 904KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4b5be933fe74c23bd7bffb044fc8cd1

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ed:8a:c5:47:9c:48:78:be:76:b0:61:c8:79:fa:e1:69:a9:b3:d2:47:0f:35:1c:e1:2b:67:7a:14:63:65:59:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

shell32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

bcrypt

crypt32

secur32

wintrust

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 904KB - Virtual size: 904KB

.data Size: 135KB - Virtual size: 160KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 197KB - Virtual size: 196KB

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ed:8a:c5:47:9c:48:78:be:76:b0:61:c8:79:fa:e1:69:a9:b3:d2:47:0f:35:1c:e1:2b:67:7a:14:63:65:59:1f
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 904KB - Virtual size: 904KB

.data
Size: 135KB - Virtual size: 160KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 197KB - Virtual size: 196KB