General

Malware Config

Signatures

Files

• 71b811be041931f3e50e031e290d56e8d95ed178be65665d71e7c927561f6c58

  .exe windows:6 windows x64 arch:x64

  b016673bb5fa1ac3ced123d213927f68

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  armourycrate.toolkit

  ?g_threadOwners@@3PEAV?$unordered_map@KV?$stack@U_ThreadOwner@@V?$deque@U_ThreadOwner@@V?$allocator@U_ThreadOwner@@@std@@@std@@@std@@U?$hash@K@2@U?$equal_to@K@2@V?$allocator@U?$pair@$$CBKV?$stack@U_ThreadOwner@@V?$deque@U_ThreadOwner@@V?$allocator@U_ThreadOwner@@@std@@@std@@@std@@@std@@@2@@std@@EA

  ?g_pLogCrashParam@@3PEAXEA

  ?g_cswThreadOwners@@3PEAVCCriticalSectionWrapper@@EA

  ?LogCrash@@YAXW4_CrashType@@PEAU_EXCEPTION_POINTERS@@@Z

  ?SetThreadCrashHandlers@@YAXAEBU_GUID@@PEB_W1@Z

  ?g_fnLogCrash@@3P6AXPEAXKPEAU_EXCEPTION_POINTERS@@AEBU_GUID@@PEB_W3@ZEA

  kernel32

  GetProcAddress

  GetModuleHandleW

  GetModuleFileNameW

  OpenEventW

  FreeLibrary

  AddDllDirectory

  LoadLibraryExW

  Sleep

  TerminateThread

  FlushFileBuffers

  CreateFileW

  DeleteFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileSizeEx

  GetCurrentProcessId

  GetFileAttributesW

  OutputDebugStringW

  InitializeSListHead

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  WaitForSingleObject

  CreateEventW

  SetEvent

  CloseHandle

  InitializeCriticalSectionEx

  TerminateProcess

  GetCurrentProcess

  CreateDirectoryW

  ResetEvent

  ConnectNamedPipe

  VerifyVersionInfoW

  VerSetConditionMask

  LocalFree

  GetOverlappedResult

  GetLastError

  DisconnectNamedPipe

  LocalAlloc

  WaitForMultipleObjects

  CreateNamedPipeW

  WriteFile

  ReadFile

  DeleteCriticalSection

  GetCurrentThreadId

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  SetUnhandledExceptionFilter

  OpenThread

  CreateThread

  GetEnvironmentVariableW

  user32

  GetMessageW

  TranslateMessage

  RegisterPowerSettingNotification

  UnregisterDeviceNotification

  RegisterDeviceNotificationW

  UnregisterPowerSettingNotification

  PostMessageW

  DispatchMessageW

  PostQuitMessage

  ChangeWindowMessageFilterEx

  DefWindowProcW

  RegisterClassExW

  CreateWindowExW

  advapi32

  RegCreateKeyExW

  GetLengthSid

  InitializeAcl

  InitializeSecurityDescriptor

  FreeSid

  ConvertStringSidToSidW

  BuildTrusteeWithSidW

  SetNamedSecurityInfoW

  GetNamedSecurityInfoW

  MapGenericMask

  GetAce

  EqualSid

  AreAllAccessesGranted

  RegNotifyChangeKeyValue

  RegCloseKey

  AddAccessAllowedAce

  RegQueryValueExW

  SetSecurityDescriptorDacl

  AllocateAndInitializeSid

  SetEntriesInAclW

  shell32

  SHGetFolderPathW

  oleaut32

  VariantClear

  msvcp140

  _Xtime_get_ticks

  ??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z

  ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

  ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

  ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

  ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

  ?uncaught_exception@std@@YA_NXZ

  ?_Xlength_error@std@@YAXPEBD@Z

  _Query_perf_frequency

  _Query_perf_counter

  ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

  ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

  ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

  ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

  ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

  ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

  ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ

  ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ

  ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z

  ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z

  ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z

  ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ

  ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z

  ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  shlwapi

  PathFileExistsW

  PathIsDirectoryW

  wtsapi32

  WTSUnRegisterSessionNotification

  WTSRegisterSessionNotification

  wintrust

  WTHelperGetProvSignerFromChain

  WTHelperGetProvCertFromChain

  WTHelperProvDataFromStateData

  WinVerifyTrust

  crypt32

  CertGetNameStringW

  powrprof

  PowerRegisterForEffectivePowerModeNotifications

  PowerRegisterSuspendResumeNotification

  PowerUnregisterSuspendResumeNotification

  PowerUnregisterFromEffectivePowerModeNotifications

  vcruntime140

  __C_specific_handler

  __std_exception_copy

  __std_exception_destroy

  __CxxFrameHandler3

  _set_purecall_handler

  __std_terminate

  _purecall

  wcsrchr

  _CxxThrowException

  memcpy

  memmove

  memset

  api-ms-win-crt-runtime-l1-1-0

  terminate

  _set_invalid_parameter_handler

  _set_new_handler

  _invalid_parameter_noinfo

  _register_thread_local_exe_atexit_callback

  _c_exit

  _invalid_parameter_noinfo_noreturn

  _set_abort_behavior

  _errno

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  _cexit

  _seh_filter_exe

  _set_app_type

  signal

  _configure_wide_argv

  _initialize_wide_environment

  _get_initial_wide_environment

  _initterm

  _initterm_e

  exit

  _exit

  __p___wargv

  __p___argc

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  free

  _set_new_mode

  malloc

  api-ms-win-crt-stdio-l1-1-0

  fflush

  fclose

  __stdio_common_vswprintf

  _wfsopen

  __p__commode

  __stdio_common_vfwprintf

  __stdio_common_vswprintf_s

  _set_fmode

  __acrt_iob_func

  api-ms-win-crt-string-l1-1-0

  wcsnlen

  wcsncat_s

  tolower

  wcstok_s

  wcscat_s

  _wcsicmp

  _wcsnicmp

  wcscpy_s

  api-ms-win-crt-time-l1-1-0

  _localtime64_s

  wcsftime

  _time64

  api-ms-win-crt-convert-l1-1-0

  wcstoul

  api-ms-win-crt-filesystem-l1-1-0

  _wstat64i32

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  Sections

  .text

  Size: 94KB - Virtual size: 94KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 41KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 69KB - Virtual size: 69KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1.2MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE