ASBR[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ASBR.exe
Size

19.8MB
MD5

27c9076961e8461d91e4cf614f10a06e
SHA1

f5a2f1068f895e4d2a0a73cc5611613dc0fc457e
SHA256

d7c3a0ca6b22fb1e5278a660d284aad27edad71cb9c125d45a4cd625140508fd
SHA512

4f6bc459a8e15c7d9330b326827141ff57c9014513cc8fae90d5cde129f5c04beb5b0d3512b8634de92074c622c6d2befff5027a953732f2fdbc44d975537dd3
SSDEEP

393216:5VyovUTeL0G9mFNDVD4OUodjaof+nyMF:5VRJomnyMF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ASBR.exe

Files

ASBR.exe
.exe windows x64

001ee159fb49e55b18b0fa2d49fda017

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

eossdk-win64-shipping

EOS_AntiCheatClient_BeginSession
EOS_AntiCheatClient_EndSession
EOS_AntiCheatClient_PollStatus
EOS_AntiCheatClient_ReceiveMessageFromServer
EOS_AntiCheatClient_GetProtectMessageOutputLength
EOS_AntiCheatClient_ProtectMessage
EOS_AntiCheatClient_UnprotectMessage
EOS_AntiCheatClient_RegisterPeer
EOS_AntiCheatClient_UnregisterPeer
EOS_AntiCheatClient_ReceiveMessageFromPeer
EOS_AntiCheatServer_AddNotifyMessageToClient
EOS_AntiCheatServer_RemoveNotifyMessageToClient
EOS_AntiCheatClient_RemoveNotifyMessageToServer
EOS_AntiCheatServer_RemoveNotifyClientActionRequired
EOS_AntiCheatServer_AddNotifyClientAuthStatusChanged
EOS_AntiCheatServer_RemoveNotifyClientAuthStatusChanged
EOS_AntiCheatServer_BeginSession
EOS_AntiCheatServer_EndSession
EOS_AntiCheatServer_RegisterClient
EOS_AntiCheatServer_UnregisterClient
EOS_AntiCheatServer_ReceiveMessageFromClient
EOS_AntiCheatServer_GetProtectMessageOutputLength
EOS_AntiCheatServer_ProtectMessage
EOS_AntiCheatClient_RemoveNotifyPeerAuthStatusChanged
EOS_AntiCheatClient_AddNotifyMessageToServer
EOS_Platform_GetAntiCheatServerInterface
EOS_Platform_GetAntiCheatClientInterface
EOS_ProductUserId_ToString
EOS_Auth_CopyUserAuthToken
EOS_Platform_GetConnectInterface
EOS_Connect_RemoveNotifyAuthExpiration
EOS_Connect_AddNotifyAuthExpiration
EOS_Connect_GetLoginStatus
EOS_Connect_GetLoggedInUserByIndex
EOS_Connect_GetLoggedInUsersCount
EOS_Connect_CreateUser
EOS_Connect_Login
EOS_Auth_Token_Release
EOS_Auth_RemoveNotifyLoginStatusChanged
EOS_Auth_AddNotifyLoginStatusChanged
EOS_Auth_GetLoginStatus
EOS_Auth_GetLoggedInAccountByIndex
EOS_Auth_GetLoggedInAccountsCount
EOS_Auth_DeletePersistentAuth
EOS_Auth_LinkAccount
EOS_Auth_Logout
EOS_Auth_Login
EOS_AntiCheatClient_RemoveNotifyPeerActionRequired
EOS_AntiCheatClient_AddNotifyPeerAuthStatusChanged
EOS_AntiCheatClient_AddNotifyPeerActionRequired
EOS_AntiCheatClient_RemoveNotifyMessageToPeer
EOS_AntiCheatServer_UnprotectMessage
EOS_AntiCheatClient_AddNotifyMessageToPeer
EOS_ByteArray_ToString
EOS_Platform_GetAuthInterface
EOS_EpicAccountId_ToString
EOS_EResult_IsOperationComplete
EOS_Platform_Tick
EOS_Platform_Release
EOS_Platform_Create
EOS_Logging_SetLogLevel
EOS_Logging_SetCallback
EOS_Shutdown
EOS_Initialize
EOS_AntiCheatServer_AddNotifyClientActionRequired

ws2_32

getpeername
getsockname
ioctlsocket
gethostname
gethostbyname
bind
htons
ntohs
inet_addr
setsockopt
socket
WSASetLastError
inet_ntoa
connect
recv
WSAGetLastError
shutdown
getservbyname
WSAIoctl
getservbyport
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt
send
sendto
recvfrom
inet_pton
freeaddrinfo
getaddrinfo
WSAStartup
listen
WSACleanup
htonl
accept
select
__WSAFDIsSet
gethostbyaddr

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertGetCertificateContextProperty

wldap32

ord143
ord79
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord30
ord200
ord301
ord35
ord46

steam_api64

SteamAPI_RegisterCallback
SteamRemoteStorage
SteamUserStats
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamMatchmaking
SteamNetworking
SteamAPI_UnregisterCallback
SteamFriends
SteamGameServer_RunCallbacks
SteamAPI_RunCallbacks
SteamAPI_Init
SteamAPI_Shutdown
SteamApps
SteamUtils
SteamUser

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

kernel32

ConvertFiberToThread
LoadLibraryExA
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleExW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
InitializeCriticalSectionAndSpinCount
ConvertThreadToFiberEx
RemoveDirectoryW
GetFileSizeEx
FindNextFileW
SystemTimeToFileTime
GetSystemTime
CreateFiberEx
GetProcessAffinityMask
GetCurrentProcess
SetThreadAffinityMask
GetThreadPriority
GetCurrentThread
InitializeCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcessId
LoadLibraryW
GetFileInformationByHandleEx
SetFilePointerEx
CopyFileW
GetUserDefaultLocaleName
GetTickCount
GetCommandLineW
GetPrivateProfileIntW
GetPrivateProfileStringW
DeleteFiber
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
CloseHandle
GetLastError
CreateMutexW
lstrcatW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
FlushFileBuffers
GetFileAttributesA
GetFileAttributesW
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
MoveFileA
MoveFileW
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
WaitForSingleObject
ResumeThread
GetExitCodeThread
Sleep
RaiseException
SetEvent
ResetEvent
CreateEventA
CreateMutexA
ReleaseMutex
ExitThread
IsProcessorFeaturePresent
CreateEventExA
OpenThread
LoadLibraryA
GetProcAddress
FreeLibrary
WaitForMultipleObjects
OpenFile
GetCurrentThreadId
GlobalMemoryStatusEx
LocaleNameToLCID
WritePrivateProfileStringW
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
FindFirstFileW
FindClose
FindFirstFileA
GetDiskFreeSpaceExW
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
GetModuleHandleA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
GetModuleHandleW
GetACP
SwitchToFiber

user32

GetRawInputData
ScreenToClient
GetCursorPos
ShowWindow
GetUserObjectInformationW
GetProcessWindowStation
ShowCursor
CharLowerBuffA
SetRect
ClipCursor
ClientToScreen
GetClientRect
LoadImageW
LoadIconW
SetClassLongW
SetWindowLongW
SetCursor
SetWindowTextW
DestroyWindow
CreateWindowExW
RegisterClassExW
GetActiveWindow
EnumDisplaySettingsW
EndPaint
BeginPaint
UnregisterClassW
DefWindowProcW
PeekMessageW
PostQuitMessage
LoadStringW
MessageBoxW
GetKeyNameTextW
GetSystemMetrics
SendMessageW
SetForegroundWindow
SetFocus
DispatchMessageW
TranslateMessage
wsprintfW
RegisterRawInputDevices
GetRawInputDeviceInfoW
MapVirtualKeyW
GetKeyState
AdjustWindowRect
LoadCursorW
SetWindowLongPtrW
SetWindowPos
ChangeDisplaySettingsW

advapi32

RegisterEventSourceW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
CryptDestroyHash
CryptHashData
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegEnumKeyA
DeregisterEventSource
CryptEnumProvidersW
ReportEventW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoInitialize
CLSIDFromString

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xbad_alloc@std@@YAXXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_start
_Thrd_detach
_Mtx_init
_Mtx_destroy
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init
_Cnd_destroy
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_timedwait
_Cnd_broadcast
_Cnd_signal
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

wininet

InternetGetConnectedState
InternetCheckConnectionW

bcrypt

BCryptGenRandom

dinput8

DirectInput8Create

vcruntime140

__intrinsic_setjmp
__std_exception_destroy
__std_exception_copy
memcmp
_purecall
__std_terminate
__C_specific_handler
strrchr
longjmp
_CxxThrowException
wcsstr
strchr
memchr
strstr
memmove
memcpy
memset
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

cos
fmodf
fmod
tan
exp
log10f
ceil
atan2f
expf
powf
sqrtf
atan
atanf
acos
sqrt
logf
__setusermatherr
floorf
sinf
asin
roundf
cosf
atan2
fabs
asinf
log
_isnan
_finite
acosf
modf
floor
ldexp
log10
sinh
tanh
ceilf
frexp
tanf
sin
pow
cosh

api-ms-win-crt-string-l1-1-0

strncmp
strspn
strncpy_s
toupper
tolower
wcsnlen
strcat_s
wcscmp
_strdup
wcscpy_s
strncat_s
strpbrk
ispunct
_strnicmp
strcpy_s
isupper
wcslen
strlen
strcoll
strncat
strcspn
iscntrl
isalnum
isspace
isdigit
isalpha
strncpy
strcmp
islower
isxdigit
_stricmp

api-ms-win-crt-stdio-l1-1-0

_ftelli64
tmpfile
_popen
_pclose
__acrt_iob_func
ferror
fopen
fwrite
__stdio_common_vsprintf_s
fclose
__stdio_common_vfprintf
feof
freopen
getc
__stdio_common_vsprintf
ungetc
fread
tmpnam
__stdio_common_vswprintf
fgets
fopen_s
__stdio_common_vsscanf
fputs
_close
_write
_read
__p__commode
_set_fmode
__stdio_common_vswscanf
__stdio_common_vsnprintf_s
_fseeki64
fseek
ftell
fflush
fputc
_open
_lseeki64
setvbuf
_wfopen
setbuf
clearerr
_fileno
_setmode
__stdio_common_vfscanf

api-ms-win-crt-time-l1-1-0

_mktime64
_difftime64
_gmtime64_s
_localtime64
_time64
_gmtime64
strftime
clock

api-ms-win-crt-convert-l1-1-0

strtol
mbstowcs
atof
atoi
atol
_itow_s
strtoll
_wtoi64
wcstombs_s
_strtoui64
strtod
strtoul
wcstombs

api-ms-win-crt-runtime-l1-1-0

system
_errno
strerror
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_wide_winmain_command_line
abort
_configure_wide_argv
_set_app_type
_cexit
_invalid_parameter_noinfo_noreturn
_crt_atexit
__sys_nerr
_invalid_parameter_noinfo
_initialize_wide_environment
_register_onexit_function
_initialize_onexit_table
exit
_getpid
raise
_exit
_beginthreadex
strerror_s
signal
_controlfp_s
_wassert
_c_exit
_seh_filter_exe
terminate

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
_aligned_free
free
realloc
_aligned_malloc

api-ms-win-crt-locale-l1-1-0

localeconv
_create_locale
_configthreadlocale
___mb_cur_max_func
setlocale

api-ms-win-crt-utility-l1-1-0

qsort
bsearch_s
srand
rand

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_stat64i32
rename
remove
_stat64
_unlink
_fstat64
_splitpath_s
_access

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk

api-ms-win-crt-environment-l1-1-0

getenv

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompileFromFile
D3DCompile
D3DReflect

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmGetOpenStatus
ImmGetContext
ImmReleaseContext
ImmCreateContext
ImmDestroyContext

xinput9_1_0

XInputGetState
XInputSetState

gdi32

GetStockObject

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 390KB - Virtual size: 17.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 873KB - Virtual size: 873KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

001ee159fb49e55b18b0fa2d49fda017

Headers

DLL Characteristics

File Characteristics

Imports

eossdk-win64-shipping

ws2_32

crypt32

wldap32

steam_api64

winmm

kernel32

user32

advapi32

ole32

msvcp140

wininet

bcrypt

dinput8

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-environment-l1-1-0

d3d11

d3dcompiler_47

imm32

xinput9_1_0

gdi32

oleaut32

Sections

.text Size: 12.5MB - Virtual size: 12.5MB

.rdata Size: 5.4MB - Virtual size: 5.4MB

.data Size: 390KB - Virtual size: 17.6MB

.pdata Size: 873KB - Virtual size: 873KB

.msvcjmc Size: 10KB - Virtual size: 10KB

_RDATA Size: 8KB - Virtual size: 7KB

.rsrc Size: 406KB - Virtual size: 405KB

.reloc Size: 357KB - Virtual size: 357KB

.text
Size: 12.5MB - Virtual size: 12.5MB

.rdata
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 390KB - Virtual size: 17.6MB

.pdata
Size: 873KB - Virtual size: 873KB

.msvcjmc
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 406KB - Virtual size: 405KB

.reloc
Size: 357KB - Virtual size: 357KB