ATF[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ATF.zip
Size

4.1MB
MD5

4ba4748ebecba35127be20e6b0d5eb61
SHA1

ebdff6adccdb6ff090df42c4683a878e17a564ca
SHA256

f07072607cddefea80aa86c65a272328db9efb9cbe352a73156f76b7cc61b8ec
SHA512

a502a888bdbe4ba5b3c6e13c8663aca3b08d5e15258d12b622c68854047a52317e892d68d32384bbc0fde2a9770ca8f577aa40e8a946e6d9ab51088ec28131d3
SSDEEP

98304:KudpfvTNO5vHtPYvWHcAwRvnfeZeEMMr6ZJ4EP+nOcBL:bD85ftPYvFA9EEBgJ44AL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ATF/apl_atf.exe

Files

ATF.zip
.zip
ATF/apl_atf.exe
.exe windows x86

62f205fe3d5e06c190cbad78ac9b9e4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pbvm90

ord137

kernel32

GetModuleFileNameA
FreeEnvironmentStringsA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetCPInfo
IsDBCSLeadByte
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetACP
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
GetStringTypeA
VirtualFree
RtlUnwind
WriteFile
GetStringTypeW
HeapFree
HeapAlloc
VirtualAlloc

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ATF/apl_atf.pbd
ATF/atf.ini
ATF/atf_cgr.pbd
ATF/atf_comunicado.pbd
ATF/atf_consulta_item_auto.pbd
ATF/atf_cor.pbd
ATF/atf_ctr.pbd
ATF/atf_gfn.pbd
ATF/atf_jrd.pbd
ATF/atf_processo_sinistro.pbd
ATF/atf_processo_sinistro_controle.pbd
ATF/atf_prp.pbd
ATF/atf_rns_controle.pbd
ATF/atf_seg.pbd
ATF/atf_slv.pbd
ATF/atf_vistoria.pbd
ATF/bd.pbd
ATF/bsg_base.pbd
ATF/bsg_dr_ances.pbd
ATF/bsg_menu.pbd
ATF/bsg_srv.pbd
ATF/bsg_util.pbd
ATF/cgr_funcionario.pbd
ATF/cgr_pessoa_endereco.pbd
ATF/crn_veiculo.pbd
ATF/date.pbd
ATF/dddw.pbd
ATF/dr_ances.pbd
ATF/dr_apoio.pbd
ATF/dr_janel.pbd
ATF/dr_serv.pbd
ATF/dr_util.pbd
ATF/dw_con_atf.pbd
ATF/dw_det.pbd
ATF/dw_man.pbd
ATF/dw_mestre.pbd
ATF/dw_sel.pbd
ATF/fu_atf.pbd
ATF/fu_outros.pbd
ATF/gfn_manter_evento.pbd
ATF/jrd_manter_acordo_reuso.pbd
ATF/mn_atf.pbd
ATF/snt_acompanhamento.pbd
ATF/snt_atf_consultas.pbd
ATF/snt_atf_consultas02.pbd
ATF/snt_atf_consultas_vst.pbd
ATF/snt_aviso.pbd
ATF/snt_base.pbd
ATF/snt_bns_crv_franquia.pbd
ATF/snt_condutor.pbd
ATF/snt_distribuicao.pbd
ATF/snt_encaminhamento.pbd
ATF/snt_fluxo_processo.pbd
ATF/snt_geral.pbd
ATF/snt_indice_ajuste_psl.pbd
ATF/snt_oficina.pbd
ATF/snt_perfil.pbd
ATF/snt_prestadores_servicos.pbd
ATF/snt_rns.pbd
ATF/snt_terceiro.pbd
ATF/snt_terceiros_sincronismo.pbd
ATF/snt_veiculo.pbd
ATF/srv_auto.pbd
ATF/srv_snt.pbd
ATF/st_snt.pbd
ATF/uo_atf.pbd
ATF/uo_cof.pbd
ATF/uo_snt.pbd
ATF/uo_srv.pbd
ATF/wi_arg.pbd
ATF/wi_con.pbd
ATF/wi_man.pbd
ATF/wi_mestre_det.pbd
ATF/wi_sel.pbd

Sharing

General

Malware Config

Signatures

Files

62f205fe3d5e06c190cbad78ac9b9e4e

Headers

File Characteristics

Imports

pbvm90

kernel32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size:

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: