1597b7955faabe0a983672cf6e333f3a092ce5ff7d9bfb395ebd7ce16a403f88

Sharing

Copy URL Twitter E-mail

General

Target

1597b7955faabe0a983672cf6e333f3a092ce5ff7d9bfb395ebd7ce16a403f88
Size

1.5MB
MD5

02fce6bd1d870c3b336b59e74d256dd7
SHA1

66ec4f937a9b9b140aaefe425dfa567cdf06b485
SHA256

1597b7955faabe0a983672cf6e333f3a092ce5ff7d9bfb395ebd7ce16a403f88
SHA512

6c3dcec8cdb8c302c0359ce917f4efd31decb11a84cde6d3e1dc7e72cd3eee21ca690e8574f6adff4c03720ed8e9bfc1f608d96524162794b839ac9d83ffe301
SSDEEP

24576:dYIQAqnVQas7JEHzGiF5mCqXlVWI1WdsD:dYIpqnVQ/OHzGmrq1VEd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1597b7955faabe0a983672cf6e333f3a092ce5ff7d9bfb395ebd7ce16a403f88

Files

1597b7955faabe0a983672cf6e333f3a092ce5ff7d9bfb395ebd7ce16a403f88
.exe windows:6 windows x64 arch:x64

2467a7f859a12fc152b544aae8596d62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SourceCode\GC3.Service\production_V5.1.4.1\GamingCenter.Service\ServiceSDK\Release\ArmouryCrate.Service.pdb

Imports

ws2_32

listen
accept
WSASetLastError
WSAGetLastError
getsockname
__WSAFDIsSet
recv
WSAStartup
WSACleanup
ntohs
bind
htons
htonl
select
setsockopt
WSASocketW
send
closesocket

kernel32

FindFirstFileW
FindNextFileW
FindClose
AddDllDirectory
LoadLibraryExW
TerminateThread
GetExitCodeThread
GetProcessId
DeleteTimerQueueEx
GetCurrentProcessId
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetConsoleCtrlHandler
GetCommandLineW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
OpenMutexW
CreateMutexW
RemoveDirectoryW
GetFileAttributesW
AllocConsole
AttachConsole
GetSystemDirectoryW
CreatePipe
PeekNamedPipe
GetEnvironmentVariableW
GetFileSizeEx
GetSystemTimeAsFileTime
DeleteFileW
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringA
LoadLibraryW
lstrcmpA
SystemTimeToFileTime
Sleep
FreeLibrary
CreateTimerQueue
GetModuleFileNameW
GetExitCodeProcess
VerifyVersionInfoW
GetModuleHandleW
CreateProcessW
VerSetConditionMask
WTSGetActiveConsoleSessionId
LocalFree
GetProcAddress
Process32FirstW
OutputDebugStringW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
LocalAlloc
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
CreateDirectoryW
FlushFileBuffers
WaitNamedPipeW
WriteFile
SetLastError
ResetEvent
WaitForMultipleObjects
GetLastError
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
SetUnhandledExceptionFilter
OpenThread
CreateThread
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
ReadFile
GetFileSize
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryPerformanceCounter

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW
CloseWindow
RegisterClassW
CreateWindowExW
UnregisterPowerSettingNotification
GetUserObjectInformationW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
RegisterPowerSettingNotification
GetProcessWindowStation

advapi32

ChangeServiceConfig2W
CloseEventLog
NotifyChangeEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
GetTokenInformation
RegQueryValueExW
AddAccessAllowedAce
DuplicateTokenEx
GetLengthSid
CreateProcessAsUserW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
FreeSid
RegNotifyChangeKeyValue
SetFileSecurityW
RegDeleteKeyExW
RegEnumKeyW
DeleteService
QueryServiceStatus
StartServiceW
CreateServiceW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatusEx
ControlService
OpenServiceW
EnumDependentServicesW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegFlushKey
RegGetValueW
RegDeleteValueW
RegSetKeyValueW
RegDeleteKeyValueW
SetSecurityDescriptorDacl
RegCloseKey
AllocateAndInitializeSid
SetEntriesInAclW
RegCreateKeyExW
ConvertStringSidToSidW
RegEnumKeyExW
RegSetValueExW
OpenEventLogW

shell32

SHFileOperationW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

msvcp140

?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Query_perf_counter
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0_Lockit@std@@QEAA@H@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??Bid@locale@std@@QEAA_KXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

shlwapi

PathIsDirectoryW
PathFileExistsW
PathAppendW
SHDeleteKeyW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringW
CryptMsgClose
CertFindCertificateInStore
CryptDecodeObject

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

vcruntime140

_local_unwind
__CxxFrameHandler3
__std_terminate
_set_purecall_handler
__std_exception_destroy
__std_exception_copy
wcsrchr
__C_specific_handler
_CxxThrowException
memcmp
memcpy
memmove
memset
set_unexpected

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
__pxcptinfoptrs
_seh_filter_exe
_set_app_type
set_terminate
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_set_abort_behavior
terminate
_invalid_parameter_noinfo
signal
_set_new_handler
_crt_atexit
_set_invalid_parameter_handler
_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsscanf
__p__commode
fflush
_set_fmode
_wfsopen
_wfopen_s
__stdio_common_vswprintf
fclose
fwrite
fgetpos
_fseeki64
fsetpos
ungetwc
ungetc
fputwc
fgetwc
fgetc
__stdio_common_vsnwprintf_s
setvbuf
__stdio_common_vswprintf_s
__acrt_iob_func
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-string-l1-1-0

_stricmp
strnlen
strncpy_s
wcsncpy_s
wcsncat_s
wcscpy_s
wcsnlen
_wcsnicmp
tolower
towlower
wcstok_s
wcscat_s
_wcsicmp

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
wcsftime

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

SetThreadOwnersInstances

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2467a7f859a12fc152b544aae8596d62

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

wtsapi32

userenv

version

wintrust

crypt32

api-ms-win-core-path-l1-1-0

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB