at[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

at.exe
Size

30KB
MD5

f4416891d11bba6975e5067fa10507c8
SHA1

ec6f04aa61d8f0fa0945ebfc58f6cc7cebb1377a
SHA256

73a9a6a4c9cf19fcd117eb3c430e1c9acaded31b42875ba4f02fa61da1b8a6dc
SHA512

ae12dd30afd9d9efa45a22bf256d1e6bf781f407a07208dd9b832e3b8fc78af31fea5e77cec2f3b83471f20462df4626e68aeca8bc4d940b169e72b2003ef380
SSDEEP

768:ddvxiSkGxY6ZQppLMVt+QFZ7Xu9qAJ9jq2g:ncXGhcC+QFBFAJJdg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
at.exe

Files

at.exe
.exe windows x64

fa9a9b0d471e4b5f3683c346c3d880bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

strspn
strcat_s
wcscmp
wcscpy_s
_stricmp
strcpy_s
sscanf_s
_XcptFilter
_amsg_exit
strpbrk
__getmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
malloc
wcsrchr
strchr
free
_fmode
wcschr
fgets
wcstok_s
wcstoul
_commode
_wcsupr
_wcsicmp
?terminate@@YAXXZ
memset
_vsnwprintf
exit
_itoa_s
__iob_func

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetStdHandle

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
ReadConsoleW

api-ms-win-core-localization-l1-2-0

GetCPInfo
SetThreadUILanguage
GetThreadLocale
FormatMessageW

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

schedcli

NetScheduleJobGetInfo
NetScheduleJobAdd
NetScheduleJobDel
NetScheduleJobEnum

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetSystemTimeAsFileTime

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringA
GetProfileIntA

ntdll

WinSqmIsOptedIn
WinSqmAddToStream

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa9a9b0d471e4b5f3683c346c3d880bd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l1-1-0

schedcli

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

netutils

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

ntdll

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 1024B - Virtual size: 636B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 1024B - Virtual size: 636B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 204B