2024-11-26_cd91a2ada0432588dcb07beff5691ed1_avoslocker_luca-stealer_rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-26_cd91a2ada0432588dcb07beff5691ed1_avoslocker_luca-stealer_rhadamanthys
Size

10.9MB
MD5

cd91a2ada0432588dcb07beff5691ed1
SHA1

c28ac39399ad1bfa7a9e483478bd8c0a53dcf48d
SHA256

8d965a35813b9050c252e6c94b72fb9090f34d1a254d77106caa656c8a436fe7
SHA512

809e453cf77d09532b261c848e8a5f0bd76809e366fe3cf61909a7cf7dffe4e589e0b89c63db970b2bdb8531644feffab18f0c2d10546452e937d1ac29782c0c
SSDEEP

196608:kMKK8Gneb2pEjrJZaiyCqkJEKhNkH9HG6b03VZ30fbsJ2Z:lTpneVjrfP9hGNG6ObcZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-11-26_cd91a2ada0432588dcb07beff5691ed1_avoslocker_luca-stealer_rhadamanthys

Files

2024-11-26_cd91a2ada0432588dcb07beff5691ed1_avoslocker_luca-stealer_rhadamanthys
.exe windows:5 windows x86 arch:x86

a145f38c3493eac22c77b1b63d00f981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sources\notepad-plus-plus\PowerEditor\bin\npp.pdb

Imports

shlwapi

ColorRGBToHLS
ColorHLSToRGB
PathStripPathW
PathAppendW
PathFindFileNameW
PathRemoveExtensionW
PathIsDirectoryW
PathAddExtensionW
PathCombineW
PathIsRelativeW
AssocQueryStringW
PathCompactPathExW
PathGetDriveNumberW
PathMatchSpecW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

shell32

SHFileOperationW
SHCreateItemFromParsingName
Shell_NotifyIconW
SHGetFolderPathW
ord165
ShellExecuteW
DragFinish
DragQueryPoint
DragQueryFileW

dbghelp

ImageNtHeader

crypt32

CertGetCertificateContextProperty
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertNameToStrW
CryptMsgClose

wintrust

WinVerifyTrust

kernel32

GlobalUnlock
WriteFile
GetTimeFormatEx
CreateFileW
GetDateFormatEx
FormatMessageW
GlobalAlloc
CloseHandle
GetLocalTime
GetCurrentDirectoryW
SetFilePointerEx
LCMapStringW
FlushFileBuffers
FormatMessageA
ExpandEnvironmentStringsW
SetCurrentDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
WaitForSingleObject
CreateEventW
SetEvent
CreateThread
ResetEvent
CopyFileW
GetCurrentProcess
GetCurrentProcessId
CreateMutexW
ReleaseMutex
Sleep
GlobalSize
lstrcpynW
WaitForMultipleObjects
CopyFileExW
GetVersionExW
GetSystemInfo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetLastError
GetFullPathNameW
CancelIo
WaitForSingleObjectEx
QueueUserAPC
SleepEx
ReadDirectoryChangesW
GetLocaleInfoA
GetTickCount
GetStringTypeExW
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
LoadLibraryA
WriteConsoleW
TlsAlloc
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
GetDateFormatW
GetSystemTimeAsFileTime
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
GetNativeSystemInfo
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SetEndOfFile
HeapSize
CompareFileTime
CreateDirectoryW
lstrcmpW
GetFileAttributesW
FindClose
lstrlenW
FindNextFileW
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GetVersion
GetACP
GetModuleFileNameW
GetCurrentThreadId
MulDiv
LocalFree
SystemTimeToTzSpecificLocalTime
OutputDebugStringW
GetLastError
LocalAlloc
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
GetProcAddress
VirtualProtect
SetStdHandle
GetProcessHeap
GlobalLock
lstrcpyW
MoveFileExW
GetTimeFormatW
DeleteFileW
FileTimeToSystemTime
GetFileAttributesExW
SetFileAttributesW
GetLongPathNameW
TlsGetValue
TlsSetValue
TlsFree
ReadFile
ExitProcess
ExitThread
FreeLibraryAndExitThread
GetStdHandle
HeapAlloc
HeapFree
GetFileType
GetConsoleMode
ReadConsoleW
CompareStringW
GetLocaleInfoW
IsValidLocale
SetEnvironmentVariableW
EnumSystemLocalesW
GetTimeZoneInformation
GetFileSizeEx
GetConsoleOutputCP
IsValidCodePage
GetOEMCP
HeapReAlloc
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTempPathW

user32

ScrollWindow
RemovePropW
GetPropW
InsertMenuItemW
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
KillTimer
GetCaretBlinkTime
AppendMenuA
GetMessageTime
GetKeyboardLayout
ValidateRect
SetTimer
MsgWaitForMultipleObjects
NotifyWinEvent
GetUpdateRgn
SystemParametersInfoA
GetDoubleClickTime
DrawTextA
CopyImage
MonitorFromPoint
AdjustWindowRectEx
LoadStringW
LoadStringA
DestroyCursor
SetForegroundWindow
IsIconic
ModifyMenuW
GetMenuItemID
GetSubMenu
SetDlgItemInt
RemoveMenu
GetIconInfo
CreateIconIndirect
LoadIconW
WindowFromPoint
LockWindowUpdate
mouse_event
GetDesktopWindow
GetDCEx
GetDlgItemTextA
SetScrollInfo
GetScrollInfo
GetWindowTextLengthW
GetMessageW
UnregisterClassW
RegisterClassExW
TrackPopupMenu
DispatchMessageW
DestroyIcon
TranslateMessage
FlashWindowEx
PostQuitMessage
GetSysColorBrush
BringWindowToTop
SetCapture
ReleaseCapture
GetActiveWindow
RedrawWindow
IsChild
SetParent
FindWindowExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetMenuState
GetMenuItemCount
CreatePopupMenu
SetMenuItemInfoW
DestroyMenu
InsertMenuW
CheckMenuItem
EnableMenuItem
CreateMenu
IsWindow
EmptyClipboard
SetClipboardData
GetDlgCtrlID
GetDlgItemInt
CreateDialogParamW
IsWindowVisible
ShowWindow
ClientToScreen
RegisterClipboardFormatW
SetClipboardViewer
OpenClipboard
CreateCursor
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
ShowScrollBar
PostMessageW
GetMenu
DestroyWindow
GetDC
HideCaret
CreateWindowExW
MessageBeep
GetScrollPos
GetWindowPlacement
GetKeyboardState
SetCaretPos
GetScrollRange
CreateCaret
RegisterClassW
SetWindowPlacement
MessageBoxA
RegisterWindowMessageW
AppendMenuW
GetCapture
LoadBitmapW
SetRectEmpty
MonitorFromRect
CreateDialogIndirectParamW
ShowCursor
CreateAcceleratorTableW
FindWindowW
IsCharLowerW
DrawTextExW
LoadCursorW
CharUpperW
CharLowerW
GetClassNameA
IsCharAlphaNumericW
IsCharAlphaW
DrawIcon
LoadMenuW
IsDialogMessageW
SetMenu
CheckMenuRadioItem
MonitorFromWindow
DeleteMenu
SetMenuItemBitmaps
ChildWindowFromPointEx
GetMonitorInfoW
DestroyAcceleratorTable
GetMenuStringW
DestroyCaret
SetCursor
SetScrollRange
ShowCaret
SetScrollPos
DrawEdge
GetParent
UpdateWindow
DrawFrameControl
ToAscii
MoveWindow
GetKeyState
EndDialog
SendDlgItemMessageW
DialogBoxIndirectParamW
SetFocus
DrawIconEx
DialogBoxParamW
LoadImageW
EnableWindow
GetMenuItemInfoW
DefWindowProcW
GetWindowRect
GetFocus
InflateRect
SetWindowPos
EnumChildWindows
FillRect
ScreenToClient
GetSystemMetrics
GetMenuBarInfo
OffsetRect
MapWindowPoints
TrackMouseEvent
FrameRect
DrawFocusRect
GetSysColor
IsWindowEnabled
IntersectRect
GetClassNameW
GetWindowDC
EnumThreadWindows
GetComboBoxInfo
GetClientRect
DrawTextW
PtInRect
InvalidateRect
ChildWindowFromPoint
ReleaseDC
GetCursorPos
BeginPaint
EndPaint
GetWindowTextW
GetWindowLongW
CallWindowProcW
SendMessageW
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
SetDlgItemTextA
SetWindowLongW
GetDlgItem
MessageBoxW
wsprintfW
SetPropW
SystemParametersInfoW
GetAncestor
TranslateAcceleratorW
DrawMenuBar
ChangeClipboardChain
IsZoomed

gdi32

DeleteDC
GetPixel
GetDeviceCaps
LineTo
CreateCompatibleBitmap
RestoreDC
SaveDC
GetTextExtentPoint32W
MoveToEx
CreateHatchBrush
CreateFontW
GetTextMetricsW
Rectangle
SetROP2
GetROP2
SelectObject
CreateCompatibleDC
GetStockObject
OffsetWindowOrgEx
SetWindowOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
SetDIBits
GetDIBits
EnumFontFamiliesExW
EndPage
DPtoLP
StartDocW
SetTextAlign
EndDoc
StartPage
GetTextExtentPointW
StretchBlt
CombineRgn
IntersectClipRect
Ellipse
Polygon
ExtCreatePen
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
CreateDIBSection
ExtTextOutA
CreateRectRgnIndirect
Polyline
GetClipRgn
SetTextColor
SetBkMode
CreatePen
SelectClipRgn
GetObjectW
ExcludeClipRect
SetBkColor
DeleteObject
CreateSolidBrush
CreateFontIndirectW
RoundRect
ExtTextOutW
CreateRectRgn
BitBlt
CreateFontA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
IsTextUnicode

Exports

Exports

_CreateLexer@4
_GetLexerCount@0
_GetLexerFactory@4
_GetLexerName@12
_GetLibraryPropertyNames@0
_GetNameSpace@0
_LexerNameFromID@4
_SetLibraryProperty@8

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 645KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a145f38c3493eac22c77b1b63d00f981

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

shell32

dbghelp

crypt32

wintrust

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 645KB - Virtual size: 648KB

.data Size: 52KB - Virtual size: 124KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 645KB - Virtual size: 648KB

.data
Size: 52KB - Virtual size: 124KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB