fenix atc[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

fenix atc.7z
Size

6.2MB
MD5

30433bffb199021f552d1ed0bc0661a1
SHA1

d58ba68ab0a566cdc7623034912f47f8a19767af
SHA256

4e24d3469f403d346aee8db502bcf8b774ab9558d1e00d1b1da869e15b6a72f6
SHA512

c49dd3f3fb4ee992e8c02e9837b95ca0fd2368d79227d9d345259168ec7711f6260ccbb77c0c41aabf06561134d6675ff1daf82423e525191cdc7592c8e73969
SSDEEP

196608:NBPdhKBvVnMzndeO7vx9/CuGxa6SKvyMKLNY:b4VMzEO7yulVNL2

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fenix atc/ATCFenixTelco.exe
unpack001/fenix atc/FenixATCInstaller.exe

Files

fenix atc.7z
.7z
fenix atc/ATCFenixTelco.exe
.exe windows:4 windows x86 arch:x86

4dbf67cc3bbffe41d599e20718ceb7f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaRedimPreserveVar
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFpCDblR8
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaResume
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
ord552
ord553
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaStrDate
ord661
__vbaSetSystemError
ord662
__vbaHresultCheckObj
ord556
ord557
__vbaVargVarCopy
ord558
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaVarTstLe
__vbaAryVar
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaVarIndexLoadRefLock
ord592
ord593
__vbaBoolStr
__vbaVarForInit
__vbaStrBool
__vbaForEachCollObj
__vbaExitProc
ord300
ord594
ord301
__vbaCyAdd
__vbaStrLike
__vbaOnError
__vbaObjSet
ord595
ord302
__vbaVargObj
ord596
_adj_fdiv_m16i
ord303
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
__vbaVarIndexLoad
ord598
ord305
__vbaFpR4
ord306
__vbaStrFixstr
__vbaForEachCollVar
ord520
__vbaBoolVar
ord307
ord308
ord522
ord309
__vbaVargVar
__vbaVarTstLt
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord524
__vbaErase
ord631
__vbaVargVarMove
__vbaVarZero
ord525
__vbaNextEachCollObj
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaVarAbs
__vbaGenerateBoundsError
ord528
ord529
__vbaExitEachColl
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
__vbaR4Str
ord560
__vbaNextEachCollVar
__vbaVarLikeVar
__vbaObjVar
__vbaI2I4
ord561
ord562
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCySub
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
ord310
__vbaRedimVar
__vbaLateIdCallSt
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord312
ord711
ord313
__vbaPrintFile
__vbaStrToUnicode
ord712
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
ord714
__vbaFailedFriend
__vbaVarDiv
ord607
__vbaR8ErrVar
__vbaLateIdStAd
__vbaI2Str
ord608
ord531
ord716
__vbaVarCmpLe
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaInStr
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaFreeStrList
__vbaVarNot
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarLateMemStAd
__vbaForEachAry
ord689
__vbaVarCmpEq
__vbaFpCy
ord610
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord320
__vbaStrComp
ord612
__vbaStrToAnsi
__vbaVarDup
ord321
ord613
__vbaVerifyVarObj
__vbaFpI2
__vbaVarTstGe
__vbaVarCopy
ord616
__vbaFpI4
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
__vbaR8IntI2
_CIatan
ord540
ord618
__vbaI2ErrVar
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaForEachVar
__vbaR8IntI4
__vbaStrVarCopy
ord619
ord542
ord543
ord650
_allmul
__vbaVarLateMemCallSt
ord544
__vbaLateIdSt
ord545
ord652
_CItan
ord546
__vbaNextEachCollAd
ord547
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaStrCy
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 22.7MB - Virtual size: 22.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fenix atc/FenixATCInstaller.exe
.exe windows:5 windows x86 arch:x86

ac220fb01eeea4ecb84da554526c3e36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Branch\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

CreateFileW
CloseHandle
WriteFile
DeleteFileW
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateEventW
SetEvent
InitializeCriticalSection
lstrcpynW
WaitForSingleObject
CreateThread
GetProcAddress
LoadLibraryExW
DecodePointer
Sleep
GetDiskFreeSpaceExW
GetExitCodeThread
GetCurrentProcessId
CreateDirectoryW
GetSystemDirectoryW
FreeLibrary
lstrlenW
GetVersionExW
lstrcmpiW
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
CompareStringW
GetTempPathW
GetSystemTime
SystemTimeToFileTime
GetTempFileNameW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
GetFileAttributesW
SetFileAttributesW
GetFileTime
CopyFileW
ReadFile
FindClose
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
GetCurrentProcess
GetSystemInfo
WaitForMultipleObjects
WriteConsoleW
VirtualProtect
VirtualQuery
LoadLibraryExA
GetShortPathNameW
GetStringTypeW
SetUnhandledExceptionFilter
FormatMessageW
GetEnvironmentVariableW
LocalFree
LoadLibraryA
GetModuleFileNameA
GetFullPathNameW
GetCurrentThread
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
SetFilePointer
FlushFileBuffers
OutputDebugStringW
CreateProcessW
GetExitCodeProcess
GetCommandLineW
SetCurrentDirectoryW
SetEndOfFile
EnumResourceLanguagesW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID
GetWindowsDirectoryW
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ResetEvent
MoveFileW
GlobalFree
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetLocalTime
CreateNamedPipeW
ConnectNamedPipe
TerminateThread
LocalAlloc
CompareFileTime
CopyFileExW
OpenEventW
PeekNamedPipe
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
LCMapStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
QueryPerformanceFrequency
GetACP
ExitProcess
GetModuleHandleExW
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetOEMCP
SetFilePointerEx
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadConsoleW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fenix atc/Leeme.txt

Sharing

General

Malware Config

Signatures

Files

4dbf67cc3bbffe41d599e20718ceb7f5

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 22.7MB - Virtual size: 22.6MB

.data Size: 4KB - Virtual size: 104KB

.rsrc Size: 660KB - Virtual size: 656KB

ac220fb01eeea4ecb84da554526c3e36

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 337KB - Virtual size: 336KB

.data Size: 9KB - Virtual size: 28KB

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 83KB - Virtual size: 82KB

.text
Size: 22.7MB - Virtual size: 22.6MB

.data
Size: 4KB - Virtual size: 104KB

.rsrc
Size: 660KB - Virtual size: 656KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 337KB - Virtual size: 336KB

.data
Size: 9KB - Virtual size: 28KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 83KB - Virtual size: 82KB