atmlib[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

atmlib.dll
Size

39KB
MD5

c5cc6ba0d413bf346689307c2c118302
SHA1

5dc3702204d8d62bfd9328a8933031a76e2d30e1
SHA256

04c6218fb0a839a5763681330382b640e5d16f15a694b01ea50847d0a5600e65
SHA512

0cc30462b3281d96a6397e5ea27a97947bc0ed69c4d4dee6f801c540103b41db11c5085449db4610da5bfba5685c8de32a048cf48836ae2050a2c670c8c92734
SSDEEP

768:YujV/KnUi3NTQgOkdUq/wB0ESLJOb95F04PnEtZWuXFmue:tV/KUi3NsgdHu0ESL495FNEDWuXFmn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
atmlib.dll

Files

atmlib.dll
.dll windows:10 windows x86 arch:x86

3913cca8b22305f690b73141af1c6c32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atmlib.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o___stdio_common_vsprintf
_o___stdio_common_vswprintf
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
memmove
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o_atoi
_o_calloc
_o_free
_o_iswdigit
_o_malloc
_o_realloc
_except_handler4_common
wcsrchr
wcschr

kernel32

ReadFile
ReleaseSemaphore
WriteFile
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
UnmapViewOfFile
_lwrite
WideCharToMultiByte
CreateSemaphoreW
GetFileSize
GetWindowsDirectoryW
ResetEvent
CloseHandle
DisableThreadLibraryCalls
SetEvent
GetLastError
MultiByteToWideChar
CreateEventW
GetSystemDefaultLangID
ReleaseMutex
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
SetFilePointer
WaitForMultipleObjects

gdi32

GetGlyphOutlineW
GetFontResourceInfoW
RemoveFontResourceExW
AddFontResourceExW
NamedEscape
EnumFontFamiliesExW
GetFontData

user32

GetDC
ReleaseDC
PostMessageW

advapi32

RegDeleteValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

ATMAddFont
ATMAddFontA
ATMAddFontEx
ATMAddFontExA
ATMAddFontExW
ATMAddFontW
ATMBBoxBaseXYShowText
ATMBBoxBaseXYShowTextA
ATMBBoxBaseXYShowTextW
ATMBeginFontChange
ATMClient
ATMEndFontChange
ATMEnumFonts
ATMEnumFontsA
ATMEnumFontsW
ATMEnumMMFonts
ATMEnumMMFontsA
ATMEnumMMFontsW
ATMFinish
ATMFontAvailable
ATMFontAvailableA
ATMFontAvailableW
ATMFontSelected
ATMFontStatus
ATMFontStatusA
ATMFontStatusW
ATMForceFontChange
ATMGetBuildStr
ATMGetBuildStrA
ATMGetBuildStrW
ATMGetFontBBox
ATMGetFontInfo
ATMGetFontInfoA
ATMGetFontInfoW
ATMGetFontPaths
ATMGetFontPathsA
ATMGetFontPathsW
ATMGetGlyphList
ATMGetGlyphListA
ATMGetGlyphListW
ATMGetMenuName
ATMGetMenuNameA
ATMGetMenuNameW
ATMGetNtmFields
ATMGetNtmFieldsA
ATMGetNtmFieldsW
ATMGetOutline
ATMGetOutlineA
ATMGetOutlineW
ATMGetPostScriptName
ATMGetPostScriptNameA
ATMGetPostScriptNameW
ATMGetVersion
ATMGetVersionEx
ATMGetVersionExA
ATMGetVersionExW
ATMInstallSubstFontA
ATMInstallSubstFontW
ATMMakePFM
ATMMakePFMA
ATMMakePFMW
ATMMakePSS
ATMMakePSSA
ATMMakePSSW
ATMProperlyLoaded
ATMRemoveFont
ATMRemoveFontA
ATMRemoveFontW
ATMRemoveSubstFontA
ATMRemoveSubstFontW
ATMSelectEncoding
ATMSelectObject
ATMSetFlags
ATMXYShowText
ATMXYShowTextA
ATMXYShowTextW

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3913cca8b22305f690b73141af1c6c32

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

kernel32

gdi32

user32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB