Atlas[.]Playbook[.]22H2[.]v0[.]2[.]zip

Resubmissions

25-04-2023 20:18

230425-y3j7yscg23 10

Sharing

Copy URL

Twitter E-mail

General

Target

Atlas.Playbook.22H2.v0.2.zip
Size

2.5MB
MD5

a2d23532c10384caf831b20d5918f3a4
SHA1

fdab91979b2664c61d66066e1ab4e846172c28ff
SHA256

d261cc4cc40165817ae64ca19140e5c574f36d97c703165256e92e1df02becd0
SHA512

12670994bf8957d97bf85a5858b7b04cc1d330ad6215b6333af0a3b14890312b39511365302433adb187e8ba638f6fd737efac9541edbc27623f819579415e7d
SSDEEP

49152:22KlMManjcsIZfTMt4ibP1x6ElaJGT3H4uUNkSPKHwgi1y9A+P7YUKkvA6mjeLS:2apnosYf4p1xBlaJGT3B2k6RNIGO7YUo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Executables/AtlasModules/Tools/multichoice.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Executables/AtlasModules/Tools/filepicker.exe
unpack001/Executables/AtlasModules/Tools/multichoice.exe
unpack003/out.upx

Files

Atlas.Playbook.22H2.v0.2.zip
.7z

Password: malte
Configuration/custom.yml
Configuration/features/atlas/appx.yml
Configuration/features/atlas/components.yml
Configuration/features/atlas/config.yml
Configuration/features/atlas/packages.yml
Configuration/features/atlas/services.yml
Configuration/features/atlas/start.yml
.ps1
Executables/7ZIP.cmd
Executables/Atlas/1. Software/Install Software.ps1
.ps1
Executables/Atlas/1. Software/Scoop.url
.url
Executables/Atlas/2. Drivers/Driver Instructions.url
Executables/Atlas/3. Configuration/1. General Configuration/Animations/Disable Animations (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Animations/Enable Animations.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Animations/Visual Effect Settings.lnk
.lnk
Executables/Atlas/3. Configuration/1. General Configuration/Background Apps/Disable Background Apps (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Background Apps/Enable Background Apps.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Bluetooth/Disable Bluetooth (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Bluetooth/Enable Bluetooth.cmd
Executables/Atlas/3. Configuration/1. General Configuration/FSO and Game Bar/Disable FSO and Game Bar (default).reg
Executables/Atlas/3. Configuration/1. General Configuration/FSO and Game Bar/Enable FSO and Game Bar.reg
Executables/Atlas/3. Configuration/1. General Configuration/Firewall/Disable Windows Firewall.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Firewall/Enable Windows Firewall (Default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Game Mode/Disable Game Mode (Default).reg
Executables/Atlas/3. Configuration/1. General Configuration/Game Mode/Enable Game Mode.reg
Executables/Atlas/3. Configuration/1. General Configuration/HAGS/Disable HAGS (Default).reg
Executables/Atlas/3. Configuration/1. General Configuration/HAGS/Enable HAGS.reg
Executables/Atlas/3. Configuration/1. General Configuration/Hyper-V and VBS/Disable Hyper-V and VBS (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Hyper-V and VBS/Enable Hyper-V and VBS.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Lanman Workstation (SMB)/Disable Lanman Workstation (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Lanman Workstation (SMB)/Enable Lanman Workstation.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Microsoft Store/Disable Microsoft Store.cmd
.cmd .ps1
Executables/Atlas/3. Configuration/1. General Configuration/Microsoft Store/Enable Microsoft Store (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Anti-Cheat Support/Data Execution Prevention.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Anti-Cheat Support/Disable Meltdown-Spectre (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Anti-Cheat Support/Enable Meltdown-Spectre.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Disable All Mitigations.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Enable All Mitigations.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Set Windows Default Mitigations.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Network Discovery/Disable Network Discovery (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Network Discovery/Enable Network Discovery.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Notifications/Disable Notifications (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Notifications/Enable Notifications.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Oculus VR/Disable Oculus Services (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Oculus VR/Enable Oculus Services.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Power/CPU Idle/Disable Idle.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Power/CPU Idle/Enable Idle (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Power/Hibernation/Disable Hibernation (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Power/Hibernation/Enable Hibernation.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Printing/Disable Printing (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Printing/Enable Printing.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Search Indexing/Disable Search Indexing (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Search Indexing/Enable Search Indexing.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Start Menu/Atlas Openshell Preset.xml
.xml
Executables/Atlas/3. Configuration/1. General Configuration/Start Menu/Disable Start Menu and Search.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Start Menu/Enable Start Menu and Search.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Start Menu/Install Open-Shell (run first).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Start Menu/Unlock Start Menu Tiles.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Troubleshooting/Disable Troubleshooting (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Troubleshooting/Enable Troubleshooting.cmd
Executables/Atlas/3. Configuration/1. General Configuration/UAC/Configure UAC.lnk
.lnk
Executables/Atlas/3. Configuration/1. General Configuration/UAC/Disable UAC (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/UAC/Enable UAC.cmd
Executables/Atlas/3. Configuration/1. General Configuration/UWP/Disable All UWP.cmd
.cmd .ps1
Executables/Atlas/3. Configuration/1. General Configuration/UWP/Enable All UWP.cmd
Executables/Atlas/3. Configuration/1. General Configuration/UWP/Start Menu.lnk
.lnk
Executables/Atlas/3. Configuration/1. General Configuration/VPN/Disable VPN support (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/VPN/Enable VPN support.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Wi-Fi/Disable Wi-Fi.cmd
Executables/Atlas/3. Configuration/1. General Configuration/Wi-Fi/Enable Wi-Fi (default).cmd
Executables/Atlas/3. Configuration/1. General Configuration/Xbox/Remove Xbox Applications.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Affinity/AutoGpuAffinity.url
Executables/Atlas/3. Configuration/2. Advanced Configuration/Affinity/GoInterruptPolicy.url
Executables/Atlas/3. Configuration/2. Advanced Configuration/Affinity/Interrupt Affinity Tool.url
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Appearence/Boot Logo.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Appearence/Boot Messages.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Appearence/New Boot Menu.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Appearence/Spinning Animation.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Behavior/Always goto Advanced Boot Options.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Behavior/Automatic Repair.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Behavior/Editing Kernel Parameters on Startup.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Behavior/Highest Mode.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/Explanations from Microsoft.url
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/README.txt
Executables/Atlas/3. Configuration/2. Advanced Configuration/Boot Configuration/View Current Values.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/DSCP/Add Game to DSCP Policy.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Event Log and Task Scheduler/Disable Event Log.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Event Log and Task Scheduler/Disable Task Scheduler.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Event Log and Task Scheduler/Enable Event Log (default).cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Event Log and Task Scheduler/Enable Task Scheduler (default).cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Must Read First.url
Executables/Atlas/3. Configuration/2. Advanced Configuration/NVIDIA Display Container/Context Menu/Disable Container Context Menu.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/NVIDIA Display Container/Context Menu/Enable Container Context Menu.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/NVIDIA Display Container/Disable NVIDIA Display Container LS.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/NVIDIA Display Container/Enable NVIDIA Display Container LS.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/NVIDIA Display Container/README.txt
Executables/Atlas/3. Configuration/2. Advanced Configuration/Static IP/Automatically Set Static IP.cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Static IP/Revert Static IP (default).cmd
Executables/Atlas/3. Configuration/2. Advanced Configuration/Utilities/GameUtil.url
Executables/Atlas/3. Configuration/2. Advanced Configuration/Utilities/MSI Utility V3.url
Executables/Atlas/3. Configuration/2. Advanced Configuration/Utilities/Process Explorer/Install Process Explorer.cmd
.cmd .ps1
Executables/Atlas/3. Configuration/2. Advanced Configuration/Utilities/Process Explorer/Uninstall Process Explorer (default).cmd
Executables/Atlas/3. Configuration/3. Windows Settings/Activation.url
Executables/Atlas/3. Configuration/3. Windows Settings/Colors.url
Executables/Atlas/3. Configuration/3. Windows Settings/Date & Time.url
Executables/Atlas/3. Configuration/3. Windows Settings/Default Apps.url
Executables/Atlas/3. Configuration/3. Windows Settings/Desktop Icons.lnk
.lnk
Executables/Atlas/3. Configuration/3. Windows Settings/Language.url
Executables/Atlas/3. Configuration/3. Windows Settings/Privacy.url
Executables/Atlas/3. Configuration/3. Windows Settings/Region.lnk
.lnk
Executables/Atlas/3. Configuration/3. Windows Settings/Taskbar.url
Executables/Atlas/3. Configuration/4. Optional Tweaks/Alt-Tab/Modern Alt-Tab.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Alt-Tab/Old Alt-Tab (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/CPU Idle in context menu/Add Idle toggle in context menu.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/CPU Idle in context menu/Remove Idle toggle in context menu (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Dark Titlebars/Disable Dark Mode Titlebars (Default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Dark Titlebars/Enable Dark Mode Titlebars.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Folders in This PC/Remove all folders in This PC (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Folders in This PC/Restore all folders in This PC.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Network Navigation Pane/Network Pane.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Network Navigation Pane/No Network Pane (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Network Navigation Pane/Run With RunAsTI.lnk
.lnk
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Quick Access/Remove Quick Access.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Quick Access/Show Quick Access (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Removable Drives in Sidebar/Disable Removable Drives in Sidebar (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/File Explorer Customization/Removable Drives in Sidebar/Enable Removable Drives in Sidebar.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Lock Screen/Hide Lock Screen (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Lock Screen/Show Lock Screen.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Run With Priority in context menu/Add Run With Priority In Context Menu.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Run With Priority in context menu/Remove Run With Priority In Context Menu (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Send To Context Menu/Debloat Send To Context Menu.cmd
Executables/Atlas/3. Configuration/4. Optional Tweaks/Shortcut Text/Disable Shortcut Text (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Shortcut Text/Restore Shortcut Text.reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Volume Flyout/Modern Volume Flyout (default).reg
Executables/Atlas/3. Configuration/4. Optional Tweaks/Volume Flyout/Old Volume Flyout.reg
Executables/Atlas/4. Troubleshooting/Network/Reset Network to Atlas Default.cmd
Executables/Atlas/4. Troubleshooting/Network/Reset Network to Windows Default.cmd
Executables/Atlas/4. Troubleshooting/Safe Mode/Exit Safe Mode.cmd
Executables/Atlas/4. Troubleshooting/Safe Mode/Safe Mode with Command Prompt.cmd
Executables/Atlas/4. Troubleshooting/Safe Mode/Safe Mode with Networking.cmd
Executables/Atlas/4. Troubleshooting/Safe Mode/Safe Mode.cmd
Executables/Atlas/4. Troubleshooting/Services/Run with RunAsTI.lnk
.lnk
Executables/Atlas/4. Troubleshooting/Visual C++ Redistributables/Reinstall Visual C++ Redistibutables.cmd
.cmd .vbs
Executables/Atlas/4. Troubleshooting/Visual C++ Redistributables/Visual C++ Redistributables AIO Source.url
Executables/Atlas/Atlas Discord.url
Executables/Atlas/Atlas Documentation.url
Executables/Atlas/Atlas Forum.url
Executables/Atlas/Atlas GitHub.url
Executables/Atlas/Atlas Website.url
Executables/AtlasModules/Acknowledgements/Atlas Utilities (filepicker & multichoice).url
Executables/AtlasModules/Acknowledgements/setSvc GitHub.url
Executables/AtlasModules/Other/Blank.ico
Executables/AtlasModules/Other/NVIDIA.ico
Executables/AtlasModules/README.md
Executables/AtlasModules/Scripts/Auto-Cleaner.cmd
Executables/AtlasModules/Scripts/RunAsTI.cmd
.cmd .ps1
Executables/AtlasModules/Scripts/setSvc.cmd
.cmd .vbs
Executables/AtlasModules/Scripts/toggleDev.cmd
.cmd .vbs
Executables/AtlasModules/Tools/filepicker.exe
.exe windows x64

Password: malte

b060988e1a4f4715e23e28268f7717c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FormatMessageW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentThreadId
FreeLibrary
GetCurrentProcessId
QueryPerformanceCounter
TlsAlloc
IsProcessorFeaturePresent
WriteConsoleW
WriteFile
GetConsoleMode
GetStdHandle
CloseHandle
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
ReleaseMutex
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
GetCurrentDirectoryW
GetEnvironmentVariableW
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLastError
GetModuleFileNameW
SetLastError
HeapFree
GetCommandLineW
HeapAlloc
GetProcessHeap
InitializeSListHead
HeapReAlloc

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

shell32

SHCreateItemFromParsingName

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

vcruntime140

memcpy
memset
memcmp
memmove
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-runtime-l1-1-0

__p___argv
__p___argc
_cexit
_c_exit
terminate
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Executables/AtlasModules/Tools/multichoice.exe
.exe windows x64

Password: malte

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Executables/BACKUP1.cmd
.cmd .vbs
Executables/BACKUP2.cmd
.cmd .vbs
Executables/CONVERTUSERS.cmd
Executables/COPYDESKTOP.cmd
Executables/DISABLEPNP.ps1
Executables/EDGE.cmd
Executables/FINALIZE.cmd
.cmd .vbs
Executables/Layout.xml
Executables/MITIGATIONPROMPT.ps1
.ps1
Executables/ONED.cmd
Executables/PFP.cmd
.cmd .ps1
Executables/POWER.cmd
.cmd .ps1
Executables/STARTMENU.cmd
Executables/SettingsCache.txt
Executables/UPDHEALTH.cmd
Executables/User Account Pictures/guest.bmp
Executables/User Account Pictures/guest.png
Executables/User Account Pictures/user-192.png
.png
Executables/User Account Pictures/user-32.png
.png
Executables/User Account Pictures/user-40.png
.png
Executables/User Account Pictures/user-48.png
.png
Executables/User Account Pictures/user.bmp
Executables/User Account Pictures/user.png
Executables/WALLPAPER.cmd
.cmd .ps1
Executables/Web/Screen/img100.jpg
.png
Executables/Web/Wallpaper/Windows/atlas-dark.jpg
.png
Executables/Web/Wallpaper/Windows/atlas-light.jpg
.png
playbook.conf
.xml
playbook.png
.png

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: malte

Password: malte

b060988e1a4f4715e23e28268f7717c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

shell32

oleaut32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 600B

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 812B

Password: malte

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.5MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 114KB - Virtual size: 487KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 113KB - Virtual size: 112KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 1024B - Virtual size: 984B

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 600B

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 812B

UPX0
Size: - Virtual size: 3.5MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 114KB - Virtual size: 487KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 113KB - Virtual size: 112KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 984B