AtmosLoader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AtmosLoader.exe
Size

81KB
MD5

83f5b569447e73756c2985fc5584448e
SHA1

b51bbb7603f9cb3bf1fc0559418c3b99359e5977
SHA256

b3e8192f0788152339d7f49453d2e42f70877e59282c49b0d2301b46ed269a50
SHA512

2201142bed30b4505481c454ccf671dea949dcc684d5d0e0e2a46cff439604c8057108f156a8b4d96768f024b6cd47bdd1691b408eab9c0a7e3fcde4200fc5f9
SSDEEP

1536:/lY0pmyPRoF8ZNMA9/kKWVDHJEv/wTN4alWdvFr4qcKnGmFyM:/m0ptPRo2P9sKAM/AXWdvFr4qcKnGmFX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AtmosLoader.exe

Files

AtmosLoader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

0ju4@+.
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ