2024-10-01_ec419c20b3ae26591509ab9c56882f5a_avoslocker_revil_wapomi

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-01_ec419c20b3ae26591509ab9c56882f5a_avoslocker_revil_wapomi
Size

2.2MB
MD5

ec419c20b3ae26591509ab9c56882f5a
SHA1

91ed1b064ccd3247e8a4232a6cf4818d40f8039c
SHA256

28c2c72660a2f5b7a4e4a40235d88d7c5df4b2a4660406672fd7f7514096db50
SHA512

1223e85e9d247f40838bb34fdba8ceccd353c93b565d48f41479630138af7bc6cb216f93c31ee1ce330327efd031991652e658a5b71438b207a9748759804e21
SSDEEP

49152:SFRuV9W8C7a6UYoWW4o+oCGCPZuDfkwJU+Qd8:SFR2RX6UCHoDrquD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-01_ec419c20b3ae26591509ab9c56882f5a_avoslocker_revil_wapomi

Files

2024-10-01_ec419c20b3ae26591509ab9c56882f5a_avoslocker_revil_wapomi
.exe windows:6 windows x86 arch:x86

d84beafbcff3ffa476417da7b28c9c71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFreeEx
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
LoadLibraryW
OpenProcess
Process32NextW
CreateToolhelp32Snapshot
GetFullPathNameW
Sleep
LocalFree
GetCurrentProcess
GetPrivateProfileIntW
MoveFileW
DeleteFileW
WriteFile
GetLastError
ReadFile
GetFileSize
CreateFileW
CloseHandle
CreateProcessW
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleFileNameW
DeleteFileA
CreateThread
WritePrivateProfileStringW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
SetLastError
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
FindClose
FindFirstFileW
FindNextFileW
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
ExitProcess
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetExitCodeProcess
GetFileAttributesExW
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
GetTimeZoneInformation
GetCurrentDirectoryW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
SetEndOfFile
FormatMessageA

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
ControlService
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
CreateServiceW
OpenServiceA
OpenSCManagerA
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

ws2_32

getaddrinfo
WSAGetLastError
socket
connect
closesocket
send
WSAStartup
WSACleanup
recv
WSASetLastError

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

z�%3�u]
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d84beafbcff3ffa476417da7b28c9c71

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 458KB - Virtual size: 458KB

.data Size: 31KB - Virtual size: 45KB

.rsrc Size: 126KB - Virtual size: 125KB

.reloc Size: 59KB - Virtual size: 58KB

z�%3�u] Size: 16KB - Virtual size: 20KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 458KB - Virtual size: 458KB

.data
Size: 31KB - Virtual size: 45KB

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 59KB - Virtual size: 58KB

z�%3�u]
Size: 16KB - Virtual size: 20KB