AsComDtSvc[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

AsComDtSvc.rar
Size

42.2MB
MD5

27c54ebca327e21912d2c8ddf2d4c932
SHA1

e8b2fefce84d8915d1df27d211f0906b2a2551aa
SHA256

28dc274e4f75b88e22a58a0672e4abaf15f9660f939dbd49a8db443a7e8891a6
SHA512

4f39ffc94c5f1a896717f569ad7e2382decdd11d75f8fc114df905e38bc91f9eb4aaecfe977006c0118fc1f25ede55fcaaac33e8bb01b31d595cdc15788bb376
SSDEEP

786432:Pfea9IU6TwogytbsVcfGf6VHvz/fv0vL0PUBRpydEwUBZYQkXiDys7rE:PfeaqU6EvknPW9Nubs7g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ATKEX.dll

Files

AsComDtSvc.rar
.rar
ATKEX.dat
ATKEX.dll
.dll windows:5 windows x86 arch:x86

de07b3e108b97d977b4e7a0cd1d16f12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Fast需求\无毛果\v1.2\Controller_20201205\Shellcode-Enc\dllmain\Release\ATKEX.pdb

Imports

kernel32

CloseHandle
CreateFileW
GetFileSize
ReadFile
VirtualAlloc
VirtualFree
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
CreateThread
GetModuleFileNameW
lstrcpyW
VirtualProtect
DisableThreadLibraryCalls
GetModuleHandleA
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Exports

Exports

go
go1
go2
go3
go4

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NvSmart.hlp
NvSmart.x64
TraceIndexer.exe
.exe windows:6 windows x86 arch:x86

73066627ef3b9a142d19d961d629ea1d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:be:02:c8:83:8f:bf:02:ab:56:ed:ab:b1:e3:4c:19
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22-10-2021 00:00

Not After

22-10-2024 23:59

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:38:33:1f:6c:49:b5:b3:fc:b5:be:70:04:5f:93:c5:1d:68:de:df:ef:11:7a:d5:70:f8:ab:fe:51:7e:27:52
Signer

Actual PE Digest

33:38:33:1f:6c:49:b5:b3:fc:b5:be:70:04:5f:93:c5:1d:68:de:df:ef:11:7a:d5:70:f8:ab:fe:51:7e:27:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\atkexComSvc\Release\atkexComSvc.pdb

Imports

atkex

ord3
ord2

winmm

timeGetTime

kernel32

WriteFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
DeleteFileA
SetFileAttributesA
ReleaseMutex
CreateMutexW
CreateEventW
OpenEventW
LoadLibraryA
SetDllDirectoryW
GetCommandLineW
DeleteFileW
CreateThread
GetCurrentThreadId
lstrcpyW
GetCurrentProcess
GetCurrentThread
GetSystemInfo
GetNativeSystemInfo
SetThreadAffinityMask
SetThreadPriority
SuspendThread
ResumeThread
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileW
CreateFileA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntW
GetModuleFileNameA
GetModuleHandleA
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
FreeLibrary
GetTickCount
LoadLibraryW
GetProcAddress
Sleep
GetCommandLineA
GetCPInfo
FlushFileBuffers
WriteConsoleW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
HeapReAlloc
HeapSize
GetFileType
HeapAlloc
HeapFree
GetStdHandle
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

wsprintfW
MessageBoxA
CharNextW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
MessageBoxW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteValueW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

ole32

CoRevokeClassObject
CoInitializeSecurity
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoResumeClassObjects
StringFromGUID2
CoRegisterClassObject

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantCopy
VariantClear
VariantInit
SysStringLen
SafeArrayAccessData
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData

shlwapi

PathFileExistsW

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdump64.hlp
wps.hlp

Sharing

General

Malware Config

Signatures

Files

de07b3e108b97d977b4e7a0cd1d16f12

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 5KB - Virtual size: 4KB

73066627ef3b9a142d19d961d629ea1d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:be:02:c8:83:8f:bf:02:ab:56:ed:ab:b1:e3:4c:19Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

33:38:33:1f:6c:49:b5:b3:fc:b5:be:70:04:5f:93:c5:1d:68:de:df:ef:11:7a:d5:70:f8:ab:fe:51:7e:27:52Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

atkex

winmm

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 75KB

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:be:02:c8:83:8f:bf:02:ab:56:ed:ab:b1:e3:4c:19
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

33:38:33:1f:6c:49:b5:b3:fc:b5:be:70:04:5f:93:c5:1d:68:de:df:ef:11:7a:d5:70:f8:ab:fe:51:7e:27:52
Signer

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 75KB

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 15KB - Virtual size: 14KB