2024-10-17_008b008da03983202c06533c75d831c9_avoslocker_hijackloader_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-17_008b008da03983202c06533c75d831c9_avoslocker_hijackloader_revil
Size

2.5MB
MD5

008b008da03983202c06533c75d831c9
SHA1

24a01ce675a90c8e340b30e4cd5e310844af1cb7
SHA256

7bfb9c377bdd3db6505377e2c447a336f41aaf80d8356f2b72596d8512b065bd
SHA512

f7d83d8be49d3239c865d5f8baab272fbb3469ff3bb102cb9de80b29eb43eef60a3aa3adfa5578a7bf671191ed6234f7e5522c210a0916318fe3fa8b78687259
SSDEEP

49152:8JGYEwrTvnMQYE1kKadgBfLqJMwGQD5dbRj+x8OiP5gBG+htkNkT28xJVsZZrFS8:8JGY/TtdOgBFhtkyyNrFSadU8ISfZipi

Score

1^/10

Malware Config

Signatures

Files

2024-10-17_008b008da03983202c06533c75d831c9_avoslocker_hijackloader_revil
.exe windows:6 windows x86 arch:x86

9f6ce04423b677354ac6ff1caf472de0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:64:79:81:72:b8:05:45:4b:b3:8a:ee:0f:ad:72:ed
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/09/2023, 00:00

Not After

01/09/2026, 23:59

Subject

SERIALNUMBER=1933033,CN=IDrive\, Inc.,OU=IDrive Inc,O=IDrive\, Inc.,L=Calabasas,ST=California,C=US,2.5.4.15=#131450726976617465206f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:65:f5:58:3d:62:21:c4:b0:ac:f7:d0:85:5c:95:3f:4a:33:b8:04
Signer

Actual PE Digest

98:65:f5:58:3d:62:21:c4:b0:ac:f7:d0:85:5c:95:3f:4a:33:b8:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TeamCity\buildAgent\work\db7ec94591d688a1\Code\Tools\RPCUtility\HelpDesk_Release\RpcUtility.pdb

Imports

crypt32

CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

ws2_32

WSASetLastError
recv
WSACleanup
closesocket
WSAGetLastError
send

kernel32

GetCurrentProcess
GetWindowsDirectoryW
GetProcAddress
CreateProcessW
GetModuleHandleW
WriteFile
CreateNamedPipeW
GetCurrentProcessId
ConnectNamedPipe
GetModuleFileNameA
CreateDirectoryA
GetModuleFileNameW
LocalFree
FormatMessageW
FormatMessageA
GetUserDefaultUILanguage
LoadLibraryW
QueryPerformanceCounter
DeleteFileA
ProcessIdToSessionId
VerSetConditionMask
VerifyVersionInfoW
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
OutputDebugStringW
MultiByteToWideChar
GetModuleHandleExW
DeleteFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
ConvertFiberToThread
FreeLibrary
LoadLibraryA
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
SetStdHandle
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
WriteConsoleW
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ReadFile
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
DeviceIoControl
GetFullPathNameW
GetFileAttributesW
GetCurrentDirectoryW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
CompareStringEx
ExitProcess
GlobalUnlock
GlobalLock
CloseHandle
SetEvent
AllocConsole
GetLocaleInfoEx
LCMapStringEx
EncodePointer
Sleep
CreateEventW
WaitForMultipleObjects
GetLastError
SleepConditionVariableCS
GetStringTypeW
AreFileApisANSI
SetFilePointerEx
SleepConditionVariableSRW
WaitForSingleObjectEx
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
CreateFileW
GetExitCodeThread
InitializeSRWLock

user32

FillRect
SetRect
MonitorFromPoint
ChangeDisplaySettingsExW
EndDialog
SendMessageW
PostMessageW
UpdateWindow
PostQuitMessage
KillTimer
GetDlgItem
GetClientRect
SetDlgItemTextW
EnumDisplaySettingsW
LoadImageW
SetWindowLongW
LoadCursorW
SetLayeredWindowAttributes
DispatchMessageW
IsWindow
ShowWindow
RegisterClassExW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetMessageW
CopyRect
SetWindowDisplayAffinity
SetWindowPos
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayDevicesW
GetMonitorInfoW
OffsetRect
EnumDisplayMonitors
SystemParametersInfoW
AnimateWindow
TranslateMessage
SetTimer
SendDlgItemMessageW
GetUserObjectInformationW
GetProcessWindowStation
GetSystemMetrics
GetWindowRect
CreateDialogParamW
LoadStringW
MessageBoxW
ExitWindowsEx
LockWorkStation
GetWindowLongW
UnhookWinEvent

gdi32

GetStockObject
CreateFontW
SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
AddPrinterW

advapi32

CryptGetProvParam
OpenProcessToken
RegSetValueExA
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CreateProcessAsUserW
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

shell32

DragQueryFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSRegisterSessionNotification

aw_sas32

sendCtrlAltDel

shlwapi

PathCombineW

winmm

timeBeginPeriod
timeEndPeriod

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f6ce04423b677354ac6ff1caf472de0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

03:64:79:81:72:b8:05:45:4b:b3:8a:ee:0f:ad:72:edCertificate

Extended Key Usages

Key Usages

98:65:f5:58:3d:62:21:c4:b0:ac:f7:d0:85:5c:95:3f:4a:33:b8:04Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

version

wtsapi32

aw_sas32

shlwapi

winmm

bcrypt

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 429KB - Virtual size: 428KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 325KB - Virtual size: 325KB

.reloc Size: 58KB - Virtual size: 58KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

03:64:79:81:72:b8:05:45:4b:b3:8a:ee:0f:ad:72:ed
Certificate

98:65:f5:58:3d:62:21:c4:b0:ac:f7:d0:85:5c:95:3f:4a:33:b8:04
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 429KB - Virtual size: 428KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 325KB - Virtual size: 325KB

.reloc
Size: 58KB - Virtual size: 58KB