atl[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

atl.dll
Size

107KB
MD5

3de880a7e2a4395c8e866b17dc514ddc
SHA1

2549b822f8b57153d53bf244ecfce412337e4d31
SHA256

626c15e99d6883f6e0cff347d086a8b472f0a6939cf4af6d05988cda410e5199
SHA512

25073bab7fb8199faba55e654a841a697bc8293f5e71072ee953e33a8138113511f2d5c9b66bfcf289395e997db1ed5ba8662a3f524ef6965928f8f55f66507b
SSDEEP

1536:9hiPIHsQc5oolVxjsdHPAhpZSd8AR8ttlKBI0pDBcGBRd4QbJc31:LiPIM3NlrEHPIbCytyB5DBLBRBm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
atl.dll

Files

atl.dll
.dll regsvr32 windows:6 windows x64 arch:x64

5bee47162218429b8c0aa8d92c023205

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

atl.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
wcscat_s
realloc
??_U@YAPEAX_K@Z
??2@YAPEAX_K@Z
wcscpy_s
malloc
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
free
memcmp
memcpy
memset

kernel32

ResolveDelayLoadedAPI
TerminateProcess
DelayLoadFailureHook
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetACP
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
FormatMessageW
HeapDestroy
GetModuleFileNameW
GetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
lstrcpyW
RaiseException
GetCurrentThreadId
WideCharToMultiByte
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
GlobalFree
GlobalHandle
FreeResource
FindResourceA
GetVersionExA
DisableThreadLibraryCalls
SetLastError
GetModuleHandleW
lstrcmpiW
lstrcpynW
GetVersionExW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
MultiByteToWideChar
SizeofResource
FindResourceExW
CloseHandle
ReadFile
GetFileSize
CreateFileW
EncodePointer
HeapAlloc
GetCurrentProcess
HeapFree
VirtualFree
GetProcessHeap
InterlockedPopEntrySList
FlushInstructionCache
DecodePointer
LoadLibraryExA
InterlockedPushEntrySList
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter

user32

CharPrevW
CreateWindowExW
CallWindowProcW
CharNextW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
GetDC
ReleaseDC
UnregisterClassW
GetSysColor
IsChild
GetFocus
SetFocus
GetWindow
BeginPaint
GetClientRect
FillRect
EndPaint
RedrawWindow
IsWindow
GetParent
GetClassNameW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetDesktopWindow
CreateAcceleratorTableW
SetCapture
ReleaseCapture
InvalidateRect
InvalidateRgn
GetDlgItem
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
DialogBoxIndirectParamW
DialogBoxIndirectParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
RegisterWindowMessageW
MessageBoxA
DestroyWindow

gdi32

BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
DeleteDC
CreateDCW
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_GetSizeMax
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlMarshalPtrInProc
AtlModuleAddCreateWndData
AtlModuleAddTermFunc
AtlModuleExtractCreateWndData
AtlModuleGetClassObject
AtlModuleInit
AtlModuleLoadTypeLib
AtlModuleRegisterClassObjects
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServer
AtlModuleUnregisterServerEx
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlSetErrorInfo2
AtlUnadvise
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bee47162218429b8c0aa8d92c023205

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 81KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 384B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 672B

.text
Size: 82KB - Virtual size: 81KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 672B