fe63898578a8eacccb13abe240da605905877d8aa6ec625bea8abb0ea41a82c2N

Sharing

Copy URL Twitter E-mail

General

Target

fe63898578a8eacccb13abe240da605905877d8aa6ec625bea8abb0ea41a82c2N
Size

14KB
MD5

ad8db61a143f9cd3969976ebd47e39c0
SHA1

ba74e8627c42b5f861cb2f76aa14051c641ae22a
SHA256

fe63898578a8eacccb13abe240da605905877d8aa6ec625bea8abb0ea41a82c2
SHA512

456ca51939b87d5cb63d9d69cbb3964776a8737a6b307a6854df5edf5390ac22e5b50b318045e327da8aece0481fe3831c396019d0987047414450396ab69d75
SSDEEP

384:EuyQGLpfR3Jw+Hf/H9SAhvzmmTYW3jgJCkzuX:VlGLpfjbna2gJCn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/atmlib.dll

Files

fe63898578a8eacccb13abe240da605905877d8aa6ec625bea8abb0ea41a82c2N
.cab
atmlib.dll
.dll windows:5 windows x86 arch:x86

38c318b68bbe9fcac5a45ab79ab9842b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atmlib.pdb

Imports

msvcrt

free
strncpy
wcscpy
wcsrchr
wcsncmp
memmove
_stricmp
atoi
malloc
_wcsicmp
wcschr
calloc
_initterm
_adjust_fdiv
iswctype
realloc
wcscat
wcslen
sprintf
wcsncpy
_except_handler3

kernel32

Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrlenW
MultiByteToWideChar
_lwrite
WriteFile
GetLastError
CreateFileW
GetTempPathW
WideCharToMultiByte
WaitForMultipleObjects
ReleaseMutex
ResetEvent
ReleaseSemaphore
WaitForSingleObject
SetEvent
CloseHandle
ReadFile
lstrcatW
GetWindowsDirectoryW
SetFilePointer
GetFileSize
GetSystemDefaultLangID
CreateSemaphoreW
CreateEventW
CreateMutexW
DisableThreadLibraryCalls
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle

gdi32

GetGlyphOutlineW
RemoveFontResourceExW
AddFontResourceExW
GetFontResourceInfoW
EnumFontFamiliesExW
GetFontData
NamedEscape

user32

ReleaseDC
wsprintfW
PostMessageW
GetDC

advapi32

RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

Exports

Exports

ATMAddFont
ATMAddFontA
ATMAddFontEx
ATMAddFontExA
ATMAddFontExW
ATMAddFontW
ATMBBoxBaseXYShowText
ATMBBoxBaseXYShowTextA
ATMBBoxBaseXYShowTextW
ATMBeginFontChange
ATMClient
ATMEndFontChange
ATMEnumFonts
ATMEnumFontsA
ATMEnumFontsW
ATMEnumMMFonts
ATMEnumMMFontsA
ATMEnumMMFontsW
ATMFinish
ATMFontAvailable
ATMFontAvailableA
ATMFontAvailableW
ATMFontSelected
ATMFontStatus
ATMFontStatusA
ATMFontStatusW
ATMForceFontChange
ATMGetBuildStr
ATMGetBuildStrA
ATMGetBuildStrW
ATMGetFontBBox
ATMGetFontInfo
ATMGetFontInfoA
ATMGetFontInfoW
ATMGetFontPaths
ATMGetFontPathsA
ATMGetFontPathsW
ATMGetGlyphList
ATMGetGlyphListA
ATMGetGlyphListW
ATMGetMenuName
ATMGetMenuNameA
ATMGetMenuNameW
ATMGetNtmFields
ATMGetNtmFieldsA
ATMGetNtmFieldsW
ATMGetOutline
ATMGetOutlineA
ATMGetOutlineW
ATMGetPostScriptName
ATMGetPostScriptNameA
ATMGetPostScriptNameW
ATMGetVersion
ATMGetVersionEx
ATMGetVersionExA
ATMGetVersionExW
ATMInstallSubstFontA
ATMInstallSubstFontW
ATMMakePFM
ATMMakePFMA
ATMMakePFMW
ATMMakePSS
ATMMakePSSA
ATMMakePSSW
ATMProperlyLoaded
ATMRemoveFont
ATMRemoveFontA
ATMRemoveFontW
ATMRemoveSubstFontA
ATMRemoveSubstFontW
ATMSelectEncoding
ATMSelectObject
ATMSetFlags
ATMXYShowText
ATMXYShowTextA
ATMXYShowTextW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38c318b68bbe9fcac5a45ab79ab9842b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

advapi32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB