atom[.]exe | Triage

Resubmissions

01/11/2022, 15:36

221101-s154radag7 8

01/11/2022, 15:11

221101-skmbpsdgfp 8

Sharing

Copy URL Twitter E-mail

General

Target

atom.exe
Size

986KB
MD5

0984be7bc0373ed58bf437207fe67411
SHA1

d3af4b1b3ff4ae39620eac6ec6a1981c3cbb45f0
SHA256

a7a1a7d62f3311a5220032218dc9c785b69ec11b717d47dfd0e13cd6412e7e0b
SHA512

b2c29a83bd5de6ab44d1c43d694d2d7f04535ca39c8c08d64f74327f3a0f3fc86635fa13b9cc8382153298c1a244045078aaa5bde068b4338b728724e7a56348
SSDEEP

24576:jhF85NkPtURYImCLfAnCm+6cbsRG6ELOGf8x:jaSPHIHAnCFFDh30

Score

N/A

Malware Config

Signatures

Files

atom.exe
.exe windows x86

902c8ce1c8cd5980422e7e3ab48764d8

Code Sign

0a:19:7d:b6:f1:e1:f1:04:82:26:68:d3:ad:a0:02:c3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/06/2021, 00:00

Not After

15/06/2022, 23:59

Subject

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Москва,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b8:54:24:43:2a:61:7c:57:29:d1:b6:dd:ab:77:68:e2:26:9e:ac:2b
Signer

Actual PE Digest

b8:54:24:43:2a:61:7c:57:29:d1:b6:dd:ab:77:68:e2:26:9e:ac:2b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Москва,C=RU

28/10/2022, 15:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
GetTickCount
GetStartupInfoW
CreateProcessW
GetACP
SetLastError
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
GetVersionExW
GetNativeSystemInfo
WaitForSingleObject
InitializeCriticalSection
FindClose
FindFirstFileExW
FindNextFileW
InterlockedDecrement
GlobalAlloc
GlobalLock
InterlockedIncrement
GlobalUnlock
lstrcmpW
MulDiv
ReadFile
SetFilePointer
GetFileSize
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
DuplicateHandle
DeleteFileW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
Sleep
CreateEventW
WriteConsoleW
SetStdHandle
CreateThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
FlushFileBuffers
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetCurrentThread
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
SetEvent
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateFileW
WriteFile
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
GetPhysicallyInstalledSystemMemory
GetModuleHandleW
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
QueryPerformanceFrequency
GetStringTypeW
TryEnterCriticalSection
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
LoadLibraryExA
VirtualQuery
GetExitCodeProcess
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
LocalFree
SetEndOfFile
GetCommandLineW
VirtualProtect
GetSystemInfo

user32

PostThreadMessageW
wsprintfW
DefWindowProcW
LoadCursorW
RegisterClassExW
SendMessageW
TranslateMessage
DispatchMessageW
SetWindowLongW
DestroyWindow
GetWindowLongW
SetTimer
GetCursorPos
UnregisterClassW
PeekMessageW
KillTimer
GetWindowTextLengthW
GetWindow
GetFocus
GetDC
SetWindowPos
FillRect
ScreenToClient
GetSystemMetrics
SetWindowTextW
ShowWindow
IsWindow
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
GetClassNameW
SetCapture
GetClientRect
GetDlgItem
GetDesktopWindow
SystemParametersInfoW
GetParent
RegisterWindowMessageW
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW
CallWindowProcW
CreateWindowExW
GetClassInfoExW
PostQuitMessage
MsgWaitForMultipleObjects

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject
CreateSolidBrush

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoAddRefServerProcess
CoReleaseServerProcess
OleUninitialize
CoCreateInstance
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
StringFromCLSID
CoGetClassObject
CoCreateGuid

oleaut32

SysFreeString
SysStringLen
VariantCopy
VariantClear
SysAllocString
OleCreateFontIndirect
DispCallFunc
VariantChangeType
LoadRegTypeLi
VariantInit
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW

ws2_32

ntohl

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

902c8ce1c8cd5980422e7e3ab48764d8

Code Sign

0a:19:7d:b6:f1:e1:f1:04:82:26:68:d3:ad:a0:02:c3Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

b8:54:24:43:2a:61:7c:57:29:d1:b6:dd:ab:77:68:e2:26:9e:ac:2bSigner

Signature Validations

Verification

28/10/2022, 15:07 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

ws2_32

Sections

.text Size: 367KB - Virtual size: 367KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 25KB - Virtual size: 29KB

.rsrc Size: 415KB - Virtual size: 414KB

.reloc Size: 27KB - Virtual size: 26KB

0a:19:7d:b6:f1:e1:f1:04:82:26:68:d3:ad:a0:02:c3
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

b8:54:24:43:2a:61:7c:57:29:d1:b6:dd:ab:77:68:e2:26:9e:ac:2b
Signer

28/10/2022, 15:07
Valid: false

.text
Size: 367KB - Virtual size: 367KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 25KB - Virtual size: 29KB

.rsrc
Size: 415KB - Virtual size: 414KB

.reloc
Size: 27KB - Virtual size: 26KB