61bef109e9e8bc547521fe36c07994e4b1d10f0fb4bef27725b0093fd6b2913c

Sharing

Copy URL Twitter E-mail

General

Target

61bef109e9e8bc547521fe36c07994e4b1d10f0fb4bef27725b0093fd6b2913c
Size

1.8MB
MD5

d73f8b79602e829575aa4d60ffd02123
SHA1

7484d99f0bcaafd0d412bfb930409630c9402f7c
SHA256

61bef109e9e8bc547521fe36c07994e4b1d10f0fb4bef27725b0093fd6b2913c
SHA512

b41b791a90926180d2994b65cdd09d898715fe4a87d67ed0780bdefe39308c808994507ae61fb780b76fabd79079ffaf8a4c2fc23020ce9670a0cc004656dc9f
SSDEEP

24576:cnojWKhdrtWvTVzqHWggKGcueL2zpUWaksqjnhMgeiCl7G0nehbGZpbD:cojW2rtCWWgScuqEpVaADmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61bef109e9e8bc547521fe36c07994e4b1d10f0fb4bef27725b0093fd6b2913c

Files

61bef109e9e8bc547521fe36c07994e4b1d10f0fb4bef27725b0093fd6b2913c
.exe windows:6 windows x64 arch:x64

404c2f19807fb822766acae613a7e9ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\workspace\AC_MainSDK\ArmourySocketServer_develop\x64\Release\ArmourySocketServer.pdb

Imports

kernel32

WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
GetExitCodeProcess
SetLastError
GetLocaleInfoA
LocaleNameToLCID
SizeofResource
GetModuleFileNameW
MultiByteToWideChar
WaitForSingleObjectEx
RaiseException
LoadResource
FindResourceW
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
FindFirstFileA
OutputDebugStringA
FindNextFileA
FindClose
OutputDebugStringW
DeleteFileA
GetCurrentProcessId
GetFileAttributesW
LocalFree
SetWaitableTimer
TlsSetValue
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
GetModuleHandleA
CopyFileW
QueueUserAPC
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
SetFileTime
LocalFileTimeToFileTime
CreateFileA
FileTimeToLocalFileTime
DosDateTimeToFileTime
GetFileTime
FileTimeToDosDateTime
GetProcAddress
LoadLibraryW
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLocaleInfoEx
FormatMessageA
WritePrivateProfileStringW
TlsFree
CreateProcessW
ExitProcess
DeleteCriticalSection
CloseHandle
Process32FirstW
DeleteFileW
TlsAlloc
Process32NextW
GetLastError
Sleep
GetPrivateProfileStringW
CreateToolhelp32Snapshot
PostQueuedCompletionStatus
ResumeThread
CreateMutexA
InitializeCriticalSectionEx
LeaveCriticalSection
CreateJobObjectW
AssignProcessToJobObject
lstrlenW
EnterCriticalSection
SetInformationJobObject
TerminateThread

user32

RegisterPowerSettingNotification
KillTimer
SetTimer
RegisterClassExW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetMessageW
FindWindowW
PostMessageW
CharNextW
LoadStringW
RegisterDeviceNotificationW
DispatchMessageW
RegisterSuspendResumeNotification
TranslateAcceleratorW
TranslateMessage
ChangeWindowMessageFilterEx
LoadAcceleratorsW
PostQuitMessage
UnregisterDeviceNotification

advapi32

DeleteAce
FreeSid
BuildTrusteeWithSidW
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
NotifyServiceStatusChangeW
RegCreateKeyExW
OpenServiceW
RegEnumValueW
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
AllocateAndInitializeSid
EqualSid
GetAce

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateDirectoryExW
ShellExecuteW
SHGetKnownFolderPath
SHCreateItemFromParsingName

ole32

CoTaskMemRealloc
CLSIDFromProgID
CoTaskMemAlloc
PropVariantClear
CoInitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
VarUI4FromStr

libcrypto-1_1-x64

ERR_reason_error_string
CONF_modules_unload
BIO_ctrl
ERR_clear_error
BIO_free
BIO_write
BIO_ctrl_pending
BIO_new_bio_pair
ERR_get_error
BIO_read

libssl-1_1-x64

SSL_CTX_ctrl
SSL_get_shutdown
SSL_connect
SSL_CTX_set_default_passwd_cb
SSL_free
SSL_CTX_set_options
SSL_new
SSL_accept
SSL_read
SSL_CTX_use_certificate_chain_file
SSL_get_ex_data
SSL_set_ex_data
SSL_CTX_get_ex_data
SSL_CTX_get_default_passwd_cb_userdata
SSL_shutdown
SSL_CTX_set_ex_data
TLS_server_method
SSL_CTX_use_PrivateKey_file
SSL_CTX_new
SSL_get_error
SSL_write
SSL_CTX_free
SSL_CTX_set_default_passwd_cb_userdata
SSL_ctrl
SSL_set_bio

zlibwapi

ord63
ord62
ord79
ord89
ord72
ord77
ord83
ord84
ord110
ord68
ord88
ord64
ord66
ord82

shlwapi

PathIsDirectoryW

msvcp140

?toupper@?$ctype@D@std@@QEBADD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Query_perf_counter
?_Random_device@std@@YAIXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?classic@locale@std@@SAAEBV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
_Cnd_broadcast
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks
_Cnd_timedwait
_Mtx_current_owns
_Mtx_unlock
_Mtx_lock
?_Winerror_map@std@@YAHH@Z
_Stat
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Cnd_destroy_in_situ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Cnd_signal
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

ws2_32

__WSAFDIsSet
accept
bind
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
htons
htonl
getsockopt
WSARecv
WSAAddressToStringW
connect
ntohs
getsockname
getpeername
getaddrinfo
WSASocketW
WSASetLastError
listen
shutdown
ntohl
select
WSASend
closesocket
WSAIoctl

mswsock

AcceptEx
GetAcceptExSockaddrs

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDW

propsys

PropVariantToString
PSGetNameFromPropertyKey

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
strchr
wcsstr
strrchr
memcpy
memchr
__RTDynamicCast
__C_specific_handler
__std_type_info_compare
__current_exception
__current_exception_context
_CxxThrowException
memset
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

_stricmp
strcpy_s
towupper
strcat_s
wcsncmp
wcsncpy_s
tolower
wcscat_s
isspace
strncmp
strncpy_s
strtok_s
iswdigit
isdigit
isalpha
isalnum
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_set_app_type
_cexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_seh_filter_exe
strerror
_errno
_beginthreadex
terminate
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
_wfopen_s
_set_fmode
__stdio_common_vsscanf
fread
__acrt_iob_func
fflush
__p__commode
__stdio_common_vfwprintf
feof
fopen_s
__stdio_common_vsprintf_s
fgetc
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
fwrite
fseek
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
_get_stream_buffer_pointers
fclose
__stdio_common_vswprintf
fputc
ftell
__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtoll
strtod
wcstol
strtoull
strtol

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_recalloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass
_dsign

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_findclose
_access
_wrmdir
_wfindfirst64i32
_wfindnext64i32
_unlock_file
_waccess
_wchdir
_lock_file
_wremove
_chdir

api-ms-win-crt-time-l1-1-0

_mktime64
strftime
_localtime64_s
_time64
_gmtime64

Sections

.text
Size: 963KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

404c2f19807fb822766acae613a7e9ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

libcrypto-1_1-x64

libssl-1_1-x64

zlibwapi

shlwapi

msvcp140

ws2_32

mswsock

setupapi

propsys

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 963KB - Virtual size: 962KB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 42KB - Virtual size: 46KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 963KB - Virtual size: 962KB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 42KB - Virtual size: 46KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 572KB - Virtual size: 576KB