AtlasInternalUpdater[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AtlasInternalUpdater.exe
Size

511KB
MD5

9af5433d57bb7891d7f31a0a06a51c82
SHA1

656f8568b85943c4fd92e45b78b9be6d3062d765
SHA256

4080e36ecb4ab1965680ee4453b0b95f5216d8e80cf0dad98dcb0976dc336917
SHA512

6304a05bc2eb3163ce0f2f9ea83e3af5e87a8fe8df66e0236ed775a85503f9f6f9017741473decc0b735d76a26e3bf19644337aa4d8d77fd0fd3b4df5be682a9
SSDEEP

12288:r61E6h1Ze85HBF9BE/CtDgl8oNUZzV8jz881b7EjgTDqsUl1IKieu:r6y6h14iwEETDqsUl6Kie

Score

N/A

Malware Config

Signatures

Files

AtlasInternalUpdater.exe
.exe windows x86

a091e3dc50e3f4ee15895a168ef8939b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
sendto
recvfrom
gethostname
ntohl
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
send
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
bind

wldap32

ord301
ord200
ord30
ord79
ord35
ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33

crypt32

PFXImportCertStore
CryptDecodeObjectEx
CertFreeCertificateChain
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
SetLastError
GetFileType
Sleep
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
GetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
PeekNamedPipe
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
GetFileSizeEx
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleHandleW
WaitForMultipleObjects
GetModuleFileNameA
ReadFile
WriteFile
SetFileTime
SetFilePointer
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
CreateFileA
CloseHandle
SystemTimeToFileTime
CreateDirectoryA

user32

wsprintfA

advapi32

CryptImportKey
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptAcquireContextA

msvcp140

??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z

vcruntime140

strstr
strrchr
memchr
__current_exception_context
memmove
_CxxThrowException
strchr
memcpy
memset
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_except_handler4_common
__current_exception

api-ms-win-crt-stdio-l1-1-0

fwrite
fputc
fopen
fflush
fseek
fclose
__stdio_common_vsprintf
__p__commode
_get_stream_buffer_pointers
_lseeki64
fgetpos
fgets
__acrt_iob_func
_open
fgetc
fputs
ftell
setvbuf
__stdio_common_vsscanf
_read
_write
_close
feof
ungetc
_fseeki64
_set_fmode
fread
fsetpos

api-ms-win-crt-convert-l1-1-0

strtol
strtod
wcstombs
strtoull
strtoll
atoi
strtoul

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_stat64
_unlock_file
_unlink
remove
_access
_fstat64

api-ms-win-crt-runtime-l1-1-0

strerror
_wassert
_invalid_parameter_noinfo_noreturn
terminate
__sys_nerr
system
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_beginthreadex
_errno
_getpid
_controlfp_s
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_seh_filter_exe
__p___argv
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
_callnewh
free
_set_new_mode

api-ms-win-crt-multibyte-l1-1-0

_mbsstr

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncpy
strcspn
isupper
tolower
strncmp
_strdup
strpbrk
strspn

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

Sections

.text
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a091e3dc50e3f4ee15895a168ef8939b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

normaliz

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 410KB - Virtual size: 410KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 410KB - Virtual size: 410KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 17KB