ATKExpander_x64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ATKExpander_x64.dll
Size

503KB
MD5

62b577e1330b1ba1152168e8397affa2
SHA1

1f39d0e2a160c4a4fc1e00b14c4de022556c2adb
SHA256

cd489ac53dd39b49023c6e8d3a48dbee7ef199932dfb197c0ac02e7d8880d898
SHA512

b08ae2f169c2a3f101f14fc688f7eb1fcfd6cf0373664310618c9cc8927426a0f6ab01b63a139f998430b95f7a74f9246f5145e7d58aabd0ac74dad1e0547535
SSDEEP

12288:9yiJH3VjP4rnEmRO5No2CuUoohzCTaMnOJT:XPsnE3ojoTT/nOJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ATKExpander_x64.dll

Files

ATKExpander_x64.dll
.dll windows:6 windows x64 arch:x64

Password: infected

cbe6cabb84957f3f25671bdfc7785983

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Informatique\wdl-ol\ATK-plugins\ATKExpander\build-win\vst2\x64\bin\ATKExpander.pdb

Imports

wininet

InternetGetConnectedState

comctl32

InitCommonControlsEx

kernel32

SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
OutputDebugStringW
LoadLibraryExW
CloseHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
FlushFileBuffers
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
HeapSize
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
WriteConsoleW
CreateFileW
ExitProcess
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersion
MultiByteToWideChar
GetCurrentProcessId
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
SetEnvironmentVariableA
FreeEnvironmentStringsW
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetLastError
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
WideCharToMultiByte
ReadFile
GetProcessHeap
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext

user32

DrawTextW
DrawTextA
EndPaint
ClientToScreen
DestroyWindow
GetClassNameA
SetTimer
ScreenToClient
GetWindowRect
GetWindowLongPtrA
TrackPopupMenu
SetCapture
GetKeyState
GetParent
TrackMouseEvent
SetFocus
SendMessageA
BeginPaint
EnumWindows
GetUpdateRect
GetCapture
ShowCursor
SetWindowLongA
MessageBoxA
InvalidateRect
SetCursorPos
GetAncestor
UnregisterClassA
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
SetWindowPos
GetCursorPos
CreatePopupMenu
SetWindowLongPtrA
AppendMenuA
ReleaseCapture
SetWindowTextA
UpdateWindow
CallWindowProcA
DestroyMenu
LoadCursorA
ValidateRect
GetWindowThreadProcessId
RegisterClassA

gdi32

DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt
SetTextColor
SetBkColor
SetBkMode
GetStockObject
CreateFontA
GetTextMetricsA

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCloseKey
RegOpenKeyA

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA

Exports

Exports

VSTPluginMain
main

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

cbe6cabb84957f3f25671bdfc7785983

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Exports

Exports

Sections

.text Size: 311KB - Virtual size: 311KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 3KB - Virtual size: 3KB