2024-11-21_b7cff84f85a9fd5e1c45a3cfd5af6fe9_avoslocker_luca-stealer_qakbot_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-21_b7cff84f85a9fd5e1c45a3cfd5af6fe9_avoslocker_luca-stealer_qakbot_revil
Size

3.1MB
MD5

b7cff84f85a9fd5e1c45a3cfd5af6fe9
SHA1

286dc00b7a2a6a561269cbcc0e1480a1051c6959
SHA256

99e43ffbc68a44c41b43515ba40a554a0d1dcb348ce1075d28f305a6dec26b1f
SHA512

1aeffaa7b189d730430eb46bdc3bb5c651e9eddc6aa43fc48660eb89e110d20d059c821f2e68a94d15095d65aaa9d9ce636b3d6e30bed07b1949be94b54d1ba4
SSDEEP

98304:J+vJAYCRopGE8/8+YXWN5aqvmh69CEN6rV:0JA2p05tvmhIm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-11-21_b7cff84f85a9fd5e1c45a3cfd5af6fe9_avoslocker_luca-stealer_qakbot_revil

Files

2024-11-21_b7cff84f85a9fd5e1c45a3cfd5af6fe9_avoslocker_luca-stealer_qakbot_revil
.exe windows:6 windows x86 arch:x86

b8fc84170bc8c3a0820bef1fd0ccb452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\buildworker\steam_rel_client_win32\build\src\SteamServiceHost\Release\SteamService_exe.pdb

Imports

kernel32

GetFileSize
GetFullPathNameW
RemoveDirectoryW
OutputDebugStringA
SetLastError
GetCurrentProcess
GetCurrentProcessId
ProcessIdToSessionId
GetVersionExA
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
LocalAlloc
VerifyVersionInfoW
WTSGetActiveConsoleSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
CreateEventA
WideCharToMultiByte
GetCurrentDirectoryW
SetThreadAffinityMask
CreateDirectoryW
ExpandEnvironmentStringsA
WriteConsoleW
GetStringTypeW
GetCPInfo
GetOEMCP
VerSetConditionMask
IsValidCodePage
DecodePointer
SetStdHandle
GetConsoleCP
SetFilePointerEx
GetTimeZoneInformation
HeapReAlloc
LCMapStringW
LocalFree
GetTickCount
OpenProcess
TerminateProcess
CreateSymbolicLinkW
DeviceIoControl
GetConsoleWindow
SetConsoleTitleW
SetConsoleCtrlHandler
MoveFileExW
CopyFileW
Sleep
CreateMutexA
ReleaseMutex
OutputDebugStringW
WriteFile
SetFilePointer
SetFileAttributesW
ReadFile
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetCommandLineW
GetProcAddress
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
SetCurrentDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLastError
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceA
LockResource
LoadResource
LoadLibraryExA
FreeLibrary
CompareStringW
HeapFree
HeapAlloc
ExitProcess
HeapValidate
HeapSize
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetModuleHandleExW
GetLocalTime
VirtualQuery
EncodePointer
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SystemTimeToFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeThread
TerminateThread
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
DeleteFiber
GetFileType
GetEnvironmentVariableW
LoadLibraryA
GetACP
GetStdHandle
SetProcessAffinityMask
GetProcessHeaps
DebugBreak
SetUnhandledExceptionFilter
QueryPerformanceFrequency
QueryPerformanceCounter
FindFirstFileExW
FlushFileBuffers
GetDiskFreeSpaceA
GetDriveTypeW
GetFileSizeEx
SetEndOfFile
SetFileTime
SleepEx
GetSystemTimeAsFileTime
CopyFileExW
ReplaceFileW
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
GlobalMemoryStatusEx
VirtualAlloc
VirtualProtect
GetModuleFileNameA
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GetSystemInfo
GetProcessAffinityMask
DuplicateHandle
RaiseException
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SwitchToThread
CreateThread
GetCurrentThread
OpenThread

user32

OpenClipboard
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
SetClipboardData
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
IsWindowVisible
EmptyClipboard
CloseClipboard
GetWindowTextLengthA
MessageBoxW
GetDesktopWindow
GetDlgItem
GetWindowThreadProcessId
EnumWindows
EndDialog
GetWindowRect
wsprintfA
SetWindowPos
DialogBoxParamA
ShowWindow

advapi32

StartServiceW
RegisterEventSourceW
DeregisterEventSource
SetNamedSecurityInfoW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
LookupPrivilegeValueA
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CreateProcessAsUserW
ConvertStringSidToSidW
SetEntriesInAclW
StartServiceCtrlDispatcherW
SetServiceStatus
SetServiceObjectSecurity
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
ReportEventW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

ws2_32

WSAGetLastError
recv
send
WSACleanup
closesocket
gethostname
WSAStartup
WSASetLastError

shlwapi

SHDeleteKeyA

wintrust

WinVerifyTrust

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

bcrypt

BCryptGenRandom

Exports

Exports

CreateInterface
g_dwDllEntryThreadId

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 636KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b8fc84170bc8c3a0820bef1fd0ccb452

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

wintrust

psapi

bcrypt

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 596KB - Virtual size: 595KB

.data Size: 19KB - Virtual size: 530KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 636KB - Virtual size: 640KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 596KB - Virtual size: 595KB

.data
Size: 19KB - Virtual size: 530KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 636KB - Virtual size: 640KB