General

Malware Config

Signatures

Files

• 723dd2b49785562fe5c1d15b953c595ee41005080b74866c91f1f6e324e49748

  .exe windows:6 windows x64 arch:x64

  ee7a997d5c75d721529a340a30a61c17

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  armourycrate.toolkit

  ?g_threadOwners@@3PEAV?$unordered_map@KV?$stack@U_ThreadOwner@@V?$deque@U_ThreadOwner@@V?$allocator@U_ThreadOwner@@@std@@@std@@@std@@U?$hash@K@2@U?$equal_to@K@2@V?$allocator@U?$pair@$$CBKV?$stack@U_ThreadOwner@@V?$deque@U_ThreadOwner@@V?$allocator@U_ThreadOwner@@@std@@@std@@@std@@@std@@@2@@std@@EA

  ?g_pLogCrashParam@@3PEAXEA

  ?g_cswThreadOwners@@3PEAVCCriticalSectionWrapper@@EA

  ?LogCrash@@YAXW4_CrashType@@PEAU_EXCEPTION_POINTERS@@@Z

  ?SetThreadCrashHandlers@@YAXAEBU_GUID@@PEB_W1@Z

  ?g_fnLogCrash@@3P6AXPEAXKPEAU_EXCEPTION_POINTERS@@AEBU_GUID@@PEB_W3@ZEA

  ws2_32

  WSACleanup

  WSAGetLastError

  closesocket

  WSAStartup

  select

  WSASocketW

  __WSAFDIsSet

  recv

  send

  setsockopt

  htonl

  htons

  bind

  getsockname

  ntohs

  listen

  accept

  WSASetLastError

  kernel32

  DeleteTimerQueueEx

  GetCurrentProcessId

  CreateTimerQueueTimer

  DeleteTimerQueueTimer

  SetConsoleCtrlHandler

  GetCommandLineW

  GetTickCount

  GetProcessHeap

  HeapFree

  OpenMutexW

  CreateMutexW

  RemoveDirectoryW

  GetExitCodeThread

  AttachConsole

  GetSystemDirectoryW

  CreatePipe

  PeekNamedPipe

  GetEnvironmentVariableW

  GetFileSizeEx

  DeleteFileW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  MultiByteToWideChar

  GetProcessId

  TerminateThread

  LoadLibraryExW

  AddDllDirectory

  FindClose

  FindNextFileW

  AllocConsole

  FindFirstFileW

  Sleep

  FreeLibrary

  GetModuleHandleW

  CreateProcessW

  VerSetConditionMask

  WTSGetActiveConsoleSessionId

  CreateTimerQueue

  GetProcAddress

  Process32FirstW

  OutputDebugStringW

  Process32NextW

  CreateToolhelp32Snapshot

  OpenProcess

  InitializeCriticalSectionEx

  TerminateProcess

  GetCurrentProcess

  CreateDirectoryW

  LocalFree

  GetFileAttributesW

  LocalAlloc

  FlushFileBuffers

  WaitNamedPipeW

  WriteFile

  SetLastError

  ResetEvent

  WaitForMultipleObjects

  GetLastError

  DeleteCriticalSection

  GetCurrentThreadId

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  TryEnterCriticalSection

  SetUnhandledExceptionFilter

  OpenThread

  CreateThread

  SetEvent

  CreateEventW

  WaitForSingleObject

  CloseHandle

  ReadFile

  GetFileSize

  CreateFileW

  GetStartupInfoW

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  OutputDebugStringA

  LoadLibraryW

  GetFirmwareEnvironmentVariableW

  lstrcmpA

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  SystemTimeToFileTime

  GetModuleFileNameW

  GetExitCodeProcess

  VerifyVersionInfoW

  HeapAlloc

  user32

  UnregisterDeviceNotification

  RegisterPowerSettingNotification

  UnregisterPowerSettingNotification

  RegisterDeviceNotificationW

  GetUserObjectInformationW

  DefWindowProcW

  DispatchMessageW

  GetProcessWindowStation

  CloseWindow

  RegisterClassW

  CreateWindowExW

  GetMessageW

  TranslateMessage

  advapi32

  CloseEventLog

  NotifyChangeEventLog

  ReadEventLogW

  GetOldestEventLogRecord

  GetNumberOfEventLogRecords

  RegNotifyChangeKeyValue

  RegDeleteKeyExW

  RegEnumKeyW

  DeleteService

  QueryServiceStatus

  StartServiceW

  CreateServiceW

  ChangeServiceConfig2W

  OpenSCManagerW

  CloseServiceHandle

  QueryServiceStatusEx

  ControlService

  OpenServiceW

  EnumDependentServicesW

  DeregisterEventSource

  ReportEventW

  RegisterEventSourceW

  SetServiceStatus

  RegisterServiceCtrlHandlerExW

  StartServiceCtrlDispatcherW

  RegEnumKeyExW

  RegFlushKey

  RegGetValueW

  RegSetKeyValueW

  RegDeleteKeyValueW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  RegCloseKey

  OpenEventLogW

  RegCreateKeyExW

  ConvertStringSidToSidW

  RegSetValueExW

  OpenProcessToken

  InitializeAcl

  RegOpenKeyExW

  CreateProcessAsUserW

  RegDeleteValueW

  GetLengthSid

  DuplicateTokenEx

  AddAccessAllowedAce

  RegQueryValueExW

  GetTokenInformation

  SetSecurityDescriptorDacl

  GetAce

  EqualSid

  AllocateAndInitializeSid

  SetEntriesInAclW

  AreAllAccessesGranted

  SetNamedSecurityInfoW

  GetNamedSecurityInfoW

  DeleteAce

  FreeSid

  InitializeSecurityDescriptor

  MapGenericMask

  BuildTrusteeWithSidW

  shell32

  SHGetSpecialFolderPathW

  CommandLineToArgvW

  SHGetFolderPathW

  SHFileOperationW

  ole32

  CoSetProxyBlanket

  CoInitializeSecurity

  CoInitializeEx

  CLSIDFromString

  CoCreateInstance

  CoUninitialize

  oleaut32

  VariantInit

  SysFreeString

  SysAllocString

  VariantClear

  msvcp140

  _Xtime_get_ticks

  ??Bid@locale@std@@QEAA_KXZ

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

  ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

  ?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

  ?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ

  ?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ

  ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

  ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Xlength_error@std@@YAXPEBD@Z

  ?_Xbad_function_call@std@@YAXXZ

  ?_Xout_of_range@std@@YAXPEBD@Z

  _Query_perf_frequency

  ?_Xbad_alloc@std@@YAXXZ

  _Query_perf_counter

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  ?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ

  ?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

  ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

  ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

  ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

  ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ

  ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ

  ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z

  ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z

  ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z

  ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ

  ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z

  ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ??1_Lockit@std@@QEAA@XZ

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?_Syserror_map@std@@YAPEBDH@Z

  ?_Winerror_message@std@@YAKKPEADK@Z

  ?_Winerror_map@std@@YAHH@Z

  _Remove_dir

  _Unlink

  _Stat

  _Lstat

  _Open_dir

  _Close_dir

  ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

  ?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z

  shlwapi

  PathFileExistsW

  PathAppendW

  PathIsDirectoryW

  SHDeleteKeyW

  wtsapi32

  WTSQuerySessionInformationW

  WTSFreeMemory

  WTSQueryUserToken

  WTSEnumerateSessionsW

  userenv

  DestroyEnvironmentBlock

  CreateEnvironmentBlock

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  wintrust

  WTHelperGetProvCertFromChain

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  WinVerifyTrust

  crypt32

  CryptQueryObject

  CertFreeCertificateContext

  CryptMsgClose

  CryptDecodeObject

  CertCloseStore

  CertFindCertificateInStore

  CertGetNameStringW

  CryptMsgGetParam

  api-ms-win-core-path-l1-1-0

  PathCchRemoveFileSpec

  PathCchAppend

  vcruntime140

  _local_unwind

  memset

  __CxxFrameHandler3

  __std_terminate

  _set_purecall_handler

  __std_exception_destroy

  __std_exception_copy

  wcsrchr

  __std_type_info_compare

  __C_specific_handler

  _CxxThrowException

  memcmp

  memcpy

  memmove

  api-ms-win-crt-runtime-l1-1-0

  _initialize_onexit_table

  _crt_atexit

  _cexit

  _seh_filter_exe

  _set_app_type

  signal

  _configure_wide_argv

  _initialize_wide_environment

  _get_wide_winmain_command_line

  _initterm

  _initterm_e

  exit

  _exit

  _set_abort_behavior

  _c_exit

  _register_thread_local_exe_atexit_callback

  _invalid_parameter_noinfo_noreturn

  _invalid_parameter_noinfo

  _errno

  _set_new_handler

  terminate

  _set_invalid_parameter_handler

  _register_onexit_function

  api-ms-win-crt-stdio-l1-1-0

  fgetc

  __stdio_common_vsscanf

  setvbuf

  fgetwc

  fputwc

  __stdio_common_vsnwprintf_s

  ungetc

  ungetwc

  __p__commode

  _set_fmode

  _wfsopen

  __acrt_iob_func

  _wfopen_s

  __stdio_common_vswprintf

  fclose

  fwrite

  fgetpos

  _fseeki64

  fsetpos

  fflush

  __stdio_common_vswprintf_s

  __stdio_common_vfwprintf

  api-ms-win-crt-heap-l1-1-0

  malloc

  _set_new_mode

  free

  _callnewh

  realloc

  api-ms-win-crt-string-l1-1-0

  _wcsnicmp

  wcsncat_s

  _wcsicmp

  wcscpy_s

  towlower

  wcsnlen

  _stricmp

  strnlen

  strncpy_s

  wcsncpy_s

  tolower

  wcscat_s

  wcstok_s

  api-ms-win-crt-locale-l1-1-0

  setlocale

  _configthreadlocale

  api-ms-win-crt-time-l1-1-0

  _localtime64_s

  _time64

  wcsftime

  api-ms-win-crt-convert-l1-1-0

  _wtoi

  wcstoul

  mbstowcs_s

  api-ms-win-crt-filesystem-l1-1-0

  _unlock_file

  _wstat64i32

  _lock_file

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  Sections

  .text

  Size: 202KB - Virtual size: 202KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 93KB - Virtual size: 92KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 69KB - Virtual size: 69KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1.2MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE