2024-12-19_cb52832d9299693081fd0b500f744c9a_avoslocker_luca-stealer_rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-19_cb52832d9299693081fd0b500f744c9a_avoslocker_luca-stealer_rhadamanthys
Size

10.0MB
MD5

cb52832d9299693081fd0b500f744c9a
SHA1

73da329c10ae8077376332502be9478124a16138
SHA256

5aec1bdb65d91129f58844c126bd3e3f324b1db33b400a875497c10fd08f031d
SHA512

a82c059468e2108d39fb0374cf8f1ea2bef2dcb2b7ba46af2f10e10edfb60c5b1b2f3873bbbdb879dd128c07a8a31261e46331d9d29b8992a0636190c5495b54
SSDEEP

49152:ouYZayP3pgXWFVeVpPsgtS0f6SEdz6CdnE1P:XOZFVeVpUIS0ySEdz/nE1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-19_cb52832d9299693081fd0b500f744c9a_avoslocker_luca-stealer_rhadamanthys

Files

2024-12-19_cb52832d9299693081fd0b500f744c9a_avoslocker_luca-stealer_rhadamanthys
.exe windows:6 windows x86 arch:x86

2c16a3088b04240b7e18e69b991515be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARM.pdb

Imports

msi

ord114
ord16
ord120
ord123
ord205
ord159
ord160
ord141
ord8
ord118
ord171
ord92
ord116
ord115
ord119
ord88
ord240
ord131
ord150
ord78
ord70
ord181
ord195
ord32
ord281

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

DeleteUrlCacheEntryW
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetErrorDlg
InternetSetOptionW
InternetCloseHandle

sensapi

IsNetworkAlive

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FlushFileBuffers
GetFullPathNameW
LockFile
UnlockFile
DuplicateHandle
LoadLibraryExW
LoadLibraryA
GetCurrentThreadId
GetVersionExW
FreeLibrary
GlobalDeleteAtom
SetThreadPriority
SuspendThread
ResumeThread
GetPrivateProfileIntW
GlobalAddAtomW
EncodePointer
GetSystemDirectoryW
GetModuleFileNameW
CompareStringW
FileTimeToLocalFileTime
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
GetACP
ExpandEnvironmentStringsW
GetCurrentProcessId
ProcessIdToSessionId
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetSystemInfo
WideCharToMultiByte
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
OpenEventW
Module32NextW
Module32FirstW
GetNativeSystemInfo
Process32NextW
GetLongPathNameW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
lstrcmpA
lstrcmpW
LocalAlloc
GetExitCodeProcess
CreateProcessW
GetFileInformationByHandle
OpenMutexW
CreateMutexW
SystemTimeToFileTime
SetEndOfFile
RemoveDirectoryW
GetFileSize
SetFilePointer
GetThreadLocale
GetPrivateProfileSectionNamesW
MoveFileW
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ReadFile
LocalFree
GetUserDefaultLangID
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
FormatMessageW
GetLocalTime
GetModuleHandleW
GetProcAddress
GetVolumeInformationW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
CreateFileW
GetCurrentThread
GetCurrentProcess
GetTempPathW
OpenProcess
CopyFileW
WaitForSingleObject
SetEvent
GetTickCount64
CloseHandle
CreateEventW
SetLastError
Sleep
GetThreadPriority
MultiByteToWideChar
FindClose
FindFirstFileW
DeleteFileW
lstrlenW
SetFileAttributesW
SetFileTime
WriteFile
GetLastError
CreateDirectoryW
GetModuleHandleA
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetCPInfo
RtlUnwind
GetDriveTypeW
SetEnvironmentVariableW
SetCurrentDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
SetStdHandle
GetFileType
HeapQueryInformation
GetStdHandle
ExitProcess
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GlobalFindAtomW
GlobalFlags

user32

DestroyMenu
GetMonitorInfoW
MonitorFromWindow
WinHelpW
UnhookWindowsHookEx
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollPos
RedrawWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
CopyRect
GetSysColor
ScreenToClient
EndPaint
BeginPaint
ReleaseDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowLongW
GetWindowTextLengthW
SetFocus
GetDlgCtrlID
SetDlgItemTextW
GetSysColorBrush
ShowWindow
GetLastActivePopup
GetWindowLongW
IsWindowEnabled
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
PostQuitMessage
CharUpperW
GetMenuStringW
OffsetRect
SendDlgItemMessageA
UnregisterClassW
GetWindow
FindWindowW
ExitWindowsEx
RegisterWindowMessageW
RealChildWindowFromPoint
InvalidateRect
EnumWindows
GetWindowTextW
IsWindowVisible
GetWindowThreadProcessId
FindWindowExW
SystemParametersInfoW
SetActiveWindow
DrawAnimatedRects
SetForegroundWindow
SetMenuDefaultItem
ModifyMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
ClientToScreen
GetCursorPos
LoadMenuW
SetCursor
DrawFocusRect
InflateRect
SetRectEmpty
GetParent
SetWindowTextW
LoadCursorW
GetActiveWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PeekMessageW
UpdateWindow
GetFocus
IsWindow
SetTimer
GetWindowRect
SendMessageW
LoadIconW
EnableWindow
PostMessageW
SetWindowPos
GetForegroundWindow
KillTimer
MessageBoxW
GetDlgItem
DestroyWindow

gdi32

CreateBitmap
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetTextColor
CreateFontIndirectW
GetObjectW
SetMapMode
SetBkMode
SetBkColor
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
CopySid
GetLengthSid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
OpenProcessToken
OpenThreadToken
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegFlushKey
ConvertSidToStringSidW
LookupAccountNameW
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateWellKnownSid
RegDeleteKeyExW
RegEnumKeyExW
LookupAccountSidW
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
DuplicateToken

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHFileOperationW
Shell_NotifyIconW
SHAppBarMessage
SHGetFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
SHDeleteKeyW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
OleRun
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantCopy
VariantChangeType
GetErrorInfo

urlmon

URLDownloadToFileW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

crypt32

CryptUnprotectData
CryptProtectData
CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam

wintrust

WinVerifyTrust

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 724KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c16a3088b04240b7e18e69b991515be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

wininet

sensapi

secur32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

userenv

crypt32

wintrust

oleacc

Sections

.text Size: 724KB - Virtual size: 724KB

.rdata Size: 352KB - Virtual size: 356KB

.data Size: 11KB - Virtual size: 36KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 724KB - Virtual size: 724KB

.rdata
Size: 352KB - Virtual size: 356KB

.data
Size: 11KB - Virtual size: 36KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB