amrts[.]exe | Triage

Resubmissions

14-05-2024 20:19

240514-y3zbwaee7x 4

Sharing

Copy URL

Twitter E-mail

General

Target

amrts.exe
Size

2.7MB
MD5

ab74e46fc8987c45b38b8c998a4c84ca
SHA1

fb74ed58be44eb103646a1d63e6d8dc6e103ad98
SHA256

94d12cc0672f0156478b5daec3263a97cf21c179b6bc7e73c494663ff1bf3394
SHA512

e43e51e49bc54375141540aafbe0cdb8450a2b5eea0a41bf6084f6b708824ea71f4f4113caf44bca05aae75952760d963816e22816ff43bb63c12342f71877c8
SSDEEP

49152:6x/upC2r/JgRgnVBc7qWtvP7GnWiEWyjv3D/6lhPYl:dplJguVie2H7GnWiEr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
amrts.exe

Files

amrts.exe
.exe windows:4 windows x86 arch:x86

88df6d95b8c45f6ddff4a09f2a959008

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

binkw32

_BinkCopyToBuffer@28
_BinkNextFrame@4
_BinkDoFrame@4
_BinkWait@4
_BinkGoto@12
_BinkPause@8
_BinkSetSoundSystem@8
_BinkOpenMiles@4
_BinkGetError@0
_BinkOpen@8
_BinkClose@4

mss32

_AIL_set_sample_pan@8
_AIL_start_sample@4
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_digital_CPU_percent@4
_AIL_digital_master_volume@4
_AIL_set_digital_master_volume@8
_AIL_close_digital_driver@4
_AIL_ms_count@0
_AIL_set_sample_loop_count@8
_AIL_sample_position@4
_AIL_allocate_sample_handle@4
_AIL_end_sample@4
_AIL_init_sample@4
_AIL_set_named_sample_file@20
_AIL_set_sample_file@12
_AIL_set_sample_volume@8
_AIL_set_sample_position@8
_AIL_resume_sample@4
_AIL_open_digital_driver@16
_AIL_digital_configuration@16
_AIL_last_error@0
_AIL_sample_status@4
_AIL_release_sample_handle@4

shell32

SHFileOperationA
ShellExecuteA

advapi32

RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegCloseKey

winmm

timeGetTime

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetFileAttributesA
GetCurrentProcessId
ReleaseSemaphore
GetComputerNameA
RemoveDirectoryA
SetCurrentDirectoryA
ReadFile
CreateThread
DuplicateHandle
GetOEMCP
SetConsoleCtrlHandler
IsBadWritePtr
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapSize
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
FileTimeToLocalFileTime
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetDriveTypeA
GetModuleFileNameA
Sleep
GetProcAddress
LoadLibraryA
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
ExitProcess
GetModuleHandleA
GetUserDefaultLangID
DebugBreak
HeapCreate
InitializeCriticalSection
GetSystemInfo
DeleteCriticalSection
HeapDestroy
GlobalMemoryStatus
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
VirtualAlloc
VirtualFree
HeapAlloc
HeapFree
HeapValidate
VirtualQuery
GetProcessHeap
CloseHandle
Heap32ListNext
Heap32Next
Heap32First
Heap32ListFirst
Module32Next
Module32First
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
FormatMessageA
GetLastError
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
RaiseException
MultiByteToWideChar
GetACP
GetCurrentThread
GetCurrentThreadId
CreateEventA
WaitForSingleObject
SetEvent
FlushInstructionCache
ResumeThread
GetThreadContext
SuspendThread
QueryPerformanceCounter
SetThreadPriority
SetPriorityClass
GetPriorityClass
GetThreadPriority
QueryPerformanceFrequency
FatalAppExitA
CreateFileA
HeapReAlloc
WriteFile
SetFilePointer
FlushFileBuffers
GetFileSize
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetLocaleInfoA
SetFileAttributesA
RtlUnwind
WideCharToMultiByte
IsValidCodePage
IsValidLocale
ReleaseMutex
CreateSemaphoreA
CreateMutexA
WaitForMultipleObjects
DeleteFileA
GetExitCodeThread
PulseEvent
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
FindClose
FileTimeToSystemTime
GetStartupInfoA
GetCommandLineA
GetVersion
GetLocalTime
GetTimeZoneInformation
GetSystemTime
MoveFileA
GetFullPathNameA
GetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
FindNextFileA

user32

ScreenToClient
SetFocus
GetCursorPos
ToAscii
MapVirtualKeyA
GetKeyboardState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
ShowWindow
TranslateMessage
PeekMessageA
DispatchMessageA
SetCursor
DefWindowProcA
PostQuitMessage
CreateWindowExA
RegisterClassA
LoadIconA
FindWindowA
SendMessageA
GetDlgItem
GetWindowRect
GetMenu
SystemParametersInfoA
EndDialog
GetDoubleClickTime
GetWindowLongA
GetSystemMetrics
SendDlgItemMessageA
CheckDlgButton
DialogBoxIndirectParamA
wsprintfA
SetRect
ClientToScreen
AdjustWindowRect
MessageBoxA
SetWindowPos
SetCursorPos
GetClientRect
SetWindowLongA
RedrawWindow
DrawMenuBar
ClipCursor
SetMenu

gdi32

DeleteObject
GetStockObject

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

88df6d95b8c45f6ddff4a09f2a959008

Headers

File Characteristics

Imports

binkw32

mss32

shell32

advapi32

winmm

version

kernel32

user32

gdi32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 124KB - Virtual size: 122KB

.data Size: 200KB - Virtual size: 955KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 124KB - Virtual size: 122KB

.data
Size: 200KB - Virtual size: 955KB

.rsrc
Size: 16KB - Virtual size: 12KB