AtBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AtBroker.exe
Size

42KB
MD5

f404a80a71c764429d168a31e3988c9d
SHA1

7076dda02c77cb6c55ab5b8d644676b6bb5bc9cf
SHA256

bff5fe5ff9850a22f851a705c8b61c8849961aafcae466ce916b0216742a82d3
SHA512

f640409fcdfb55a24479a5c335a5c3ff1adda79ca5349c039d2da15771a70ba5f127823801421e2504b9c51a405a59f497c8ba3b3e710828ce2141689e6f3ac0
SSDEEP

768:WBRaO2NA/7ixXg6BNUGbaEN49dkRgZDDIXFTqtk4j:ZNJxXg6DUG2EokeZXkqK4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AtBroker.exe

Files

AtBroker.exe
.exe windows x86

3088806ba7b3133755e0d858968df84f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
AllocateAndInitializeSid
UnregisterTraceGuids
FreeSid
RegOpenKeyExW
GetTraceEnableLevel
CheckTokenMembership
QueryServiceConfigW
RegCloseKey
RegisterTraceGuidsW
RegSetKeyValueW
TraceMessage

kernel32

OpenMutexW
LocalAlloc
lstrcmpiW
GetCurrentThreadId
SetProcessShutdownParameters
CloseHandle
LocalFree
GetVersionExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
Sleep
ExpandEnvironmentStringsW
OpenJobObjectW
IsProcessInJob
RegEnumValueW
RegDeleteTreeW
RegNotifyChangeKeyValue
RegEnumKeyExW
FindResourceExW
LoadResource
LockResource
SizeofResource
DeleteFileW
GetFileAttributesW
HeapFree
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RegLoadMUIStringW
K32EnumProcesses
ProcessIdToSessionId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
MultiByteToWideChar
RegSetValueExW
RegCreateKeyExW
GetLastError
InitializeProcThreadAttributeList
HeapAlloc
GetProcessHeap

user32

SendMessageTimeoutW
SendInput
GetThreadDesktop
GetShellWindow
GetWindowThreadProcessId
GetUserObjectInformationW
SystemParametersInfoW
GetKeyState
UnregisterClassA

msvcrt

_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
_wtoi
??2@YAPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_wcslwr_s
memcpy_s
memmove_s
_except_handler4_common
_vsnwprintf
_ltow_s
wcsspn
wcscspn
memset
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcscpy_s
malloc
free
_wcsicmp
??3@YAXPAX@Z
_CxxThrowException
wcsrchr
__CxxFrameHandler3

ntdll

WinSqmAddToStream
WinSqmIsOptedIn

shell32

ShellExecuteW

shlwapi

PathFileExistsW
ord460

uxtheme

ord65

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3088806ba7b3133755e0d858968df84f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shell32

shlwapi

uxtheme

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB