atieclxx[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

atieclxx.exe
Size

915KB
MD5

d25b41b09bec8ab9c1bb6d5be9782a00
SHA1

52531a5b5a67c9f9f62ad6c08257b6cf8f584df7
SHA256

f76058d0fda49ca8bf50440aad443abb72f7f0b6318e497567c4761236630d5c
SHA512

7caa71e076e1b4ca60f4249854735b6fdbf89517206910d29924414f1da19fb362253176f272565f5bcb1f4080b2f2c2fe1b2fea9120315a89c5a327757547a3
SSDEEP

12288:G9TdAuS+NEXtjERdQEXNCpJ91PWXq23loIQ8dBiWi1cPB:G9TdAaEXtIdwJ91OXqMpQ8LircPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
atieclxx.exe

Files

atieclxx.exe
.exe windows:6 windows x64

6027bdf152756731874e4030ca7769a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

EnumDisplaySettingsA
CloseDesktop
RegisterHotKey
SystemParametersInfoA
SetSysColors
OpenInputDesktop
SetThreadDesktop
GetThreadDesktop
GetAsyncKeyState
ChangeDisplaySettingsExA
SendInput
GetSysColor
RedrawWindow
PostThreadMessageA
UnregisterDeviceNotification
RegisterDeviceNotificationA
SystemParametersInfoW
DisplayConfigSetDeviceInfo
RegisterClassExA
LoadIconA
LoadStringA
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
FindWindowExW
GetWindowLongPtrA
GetClientRect
GetWindowTextW
UnhookWinEvent
SetWinEventHook
GetWindowThreadProcessId
IsWindowVisible
MessageBoxW
DisplayConfigGetDeviceInfo
EnumDisplayDevicesA
EnumWindows
GetPropA
wsprintfW
MessageBoxA
RegisterWindowMessageA
ChangeWindowMessageFilter
QueryDisplayConfig
SetDisplayConfig
GetDisplayConfigBufferSizes
GetClassNameA
FindWindowA
GetForegroundWindow
UpdateWindow
KillTimer
SetTimer
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
UnregisterSuspendResumeNotification
RegisterSuspendResumeNotification
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
SendMessageA
UnregisterHotKey
DispatchMessageA
GetMessageA

gdi32

D3DKMTPollDisplayChildren
D3DKMTEnumAdapters
D3DKMTQueryAdapterInfo
DeleteDC
CreateDCA
SetDeviceGammaRamp

advapi32

DuplicateTokenEx
SetEntriesInAclW
RegNotifyChangeKeyValue
AllocateAndInitializeSid
RegCloseKey
RegDeleteValueA
RegGetValueW
RegSetValueExW
RegOpenCurrentUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserA
OpenProcessToken
RegDeleteTreeA
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegGetValueA
FreeSid

userenv

LoadUserProfileA
DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSRegisterSessionNotification
WTSQueryUserToken
WTSEnumerateProcessesA
WTSFreeMemory

powrprof

PowerRegisterSuspendResumeNotification
PowerGetActiveScheme
PowerSetActiveScheme
PowerWritePossibleValue
PowerWritePossibleFriendlyName
PowerReadSettingAttributes
PowerWriteACDefaultIndex
PowerWriteDCDefaultIndex
PowerWriteSettingAttributes
PowerRemovePowerSetting
PowerCreateSetting
PowerCreatePossibleSetting
PowerEnumerate
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerSettingAccessCheck
PowerReadACValueIndex
PowerReadDCValueIndex
PowerWriteFriendlyName

setupapi

CM_Reenumerate_DevNode
CM_Get_Parent
SetupDiSetClassInstallParamsA
CM_Get_Device_IDA
CM_Get_Child_Ex
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsExA
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiOpenDeviceInfoA
SetupDiGetHwProfileList
SetupDiGetDeviceInstanceIdA
SetupGetInfDriverStoreLocationA
SetupUninstallOEMInfA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
CM_Get_Device_ID_Size
CM_Locate_DevNodeA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status

dwmapi

DwmIsCompositionEnabled

ole32

CoCreateInstance
CoInitialize
CoCreateGuid
CoInitializeEx
PropVariantClear
CoUninitialize
CoTaskMemFree

difxapi

DriverPackageInstallA
DriverPackageUninstallA
DriverPackageGetPathA
DriverPackagePreinstallA

propsys

InitPropVariantFromDoubleVector

shlwapi

StrStrIA
PathFindFileNameW
PathStripPathW

newdev

DiInstallDriverA
DiInstallDevice

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
DeviceIoControl
QueryPerformanceFrequency
RtlVirtualUnwind
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
WinExec
TerminateThread
OpenMutexA
CreateMutexA
ReleaseMutex
SetEndOfFile
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
CompareStringW
GetTimeFormatW
GetPackageFamilyName
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCurrentThread
HeapFree
HeapReAlloc
HeapSize
ReadConsoleW
CreateFileW
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
WaitForMultipleObjects
OpenEventA
CreateEventA
ResetEvent
SetEvent
GetTickCount
VerifyVersionInfoW
RemoveDirectoryA
VerSetConditionMask
GetLocalTime
GetApplicationUserModelId
LoadLibraryW
GetModuleHandleA
GetTimeZoneInformation
FindNextFileA
DeleteFileA
CompareFileTime
GetWindowsDirectoryA
GetCommandLineW
FileTimeToSystemTime
lstrcmpA
LocalAlloc
FileTimeToLocalFileTime
SetThreadPriority
CreateThread
QueryPerformanceCounter
K32GetModuleBaseNameA
K32EnumProcessModules
QueryFullProcessImageNameA
GetEnvironmentVariableA
ReadFile
FindFirstFileA
FindClose
K32GetProcessImageFileNameA
K32EnumProcesses
GetSystemDefaultLangID
FindResourceExA
LockResource
LoadResource
FreeResource
GetSystemDirectoryA
SetLastError
GetFileTime
CreateFileA
CreateDirectoryA
ExpandEnvironmentStringsA
GetProcAddress
CopyFileA
LoadLibraryA
FreeLibrary
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
OutputDebugStringW
GetConsoleMode
GetConsoleCP
HeapAlloc
GetFileType
WideCharToMultiByte
MultiByteToWideChar
WriteConsoleW
GetTempPathW
SetFileAttributesA
GetFileAttributesA
Process32Next
Process32First
CreateToolhelp32Snapshot
FlushFileBuffers
EnumSystemLocalesW
QueryFullProcessImageNameW
GetCommandLineA
GetLastError
Sleep
CreateProcessA
GetModuleFileNameA
MoveFileExA
GetSystemPowerStatus
CloseHandle
MapViewOfFile
UnmapViewOfFile
AssignProcessToJobObject
CreateFileMappingA
OpenFileMappingA
WaitForSingleObject
GetExitCodeProcess
OpenProcess
IsWow64Process
OutputDebugStringA
SetInformationJobObject
CreateJobObjectA
WTSGetActiveConsoleSessionId
LocalFree
TerminateProcess
lstrlenW
GetDateFormatW

shell32

CommandLineToArgvW
SHGetKnownFolderPath
Shell_NotifyIconA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

crypt32

CryptQueryObject
CryptDecodeObjectEx
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore

dbgeng

DebugCreate

Exports

Exports

dumpanalyze_acquirefile
dumpanalyze_getbsodsummary
dumpanalyze_getnextblock
dumpanalyze_releasefile

Sections

.text
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6027bdf152756731874e4030ca7769a7

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

advapi32

userenv

wtsapi32

powrprof

setupapi

dwmapi

ole32

difxapi

propsys

shlwapi

newdev

kernel32

shell32

version

crypt32

dbgeng

Exports

Exports

Sections

.text Size: 623KB - Virtual size: 623KB

.rdata Size: 203KB - Virtual size: 203KB

.data Size: 5KB - Virtual size: 38KB

.pdata Size: 37KB - Virtual size: 37KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 623KB - Virtual size: 623KB

.rdata
Size: 203KB - Virtual size: 203KB

.data
Size: 5KB - Virtual size: 38KB

.pdata
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 2KB