0b867443c8fd952f9b3520c5f86565b432f7103f468d4277996baeea2a0019c8

Sharing

Copy URL Twitter E-mail

General

Target

0b867443c8fd952f9b3520c5f86565b432f7103f468d4277996baeea2a0019c8
Size

156KB
MD5

f16342b5bfe4fb8374ae6b04800a06d6
SHA1

1100bd7b6f87c4d7b560f5d676b2b1828934191b
SHA256

0b867443c8fd952f9b3520c5f86565b432f7103f468d4277996baeea2a0019c8
SHA512

78b393275313bb223d41bdebcbc522137b203818c0d504520c31c38a4a55b2af1c86e8abff745c74f7e3431bb9bd2595ad317b382620814e58515c75a46dc892
SSDEEP

3072:kE0b5Z0VtFdWtBO8O3XDzl2O9caMFHt1BWg9RkkBz:Mbe8O3XMRZUmR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b867443c8fd952f9b3520c5f86565b432f7103f468d4277996baeea2a0019c8

Files

0b867443c8fd952f9b3520c5f86565b432f7103f468d4277996baeea2a0019c8
.dll windows:6 windows x64 arch:x64

59487201a8e186def74e23171b05df8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryServer-AutomationMessages.pdb

Imports

factoryserver-core

??1FLogCategoryBase@@QEAA@XZ
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
??0FName@@QEAA@PEB_WW4EFindName@@@Z

factoryserver-coreuobject

?RegisterCompiledInInfo@@YAXP6APEAVUPackage@@XZPEB_WAEAU?$TRegistrationInfo@VUPackage@@UFPackageReloadVersionInfo@@@@AEBUFPackageReloadVersionInfo@@@Z
?RegisterCompiledInInfo@@YAXPEB_WPEBUFClassRegisterCompiledInInfo@@_KPEBUFStructRegisterCompiledInInfo@@2PEBUFEnumRegisterCompiledInInfo@@2@Z
?Z_Construct_UScriptStruct_FAutomationExecutionEntry@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FGuid@@YAPEAVUScriptStruct@@XZ
?GetStaticStruct@@YAPEAVUScriptStruct@@P6APEAV1@XZPEAVUObject@@PEB_W@Z
?ConstructUPackage@UECodeGen_Private@@YAXAEAPEAVUPackage@@AEBUFPackageParams@1@@Z
?ConstructUScriptStruct@UECodeGen_Private@@YAXAEAPEAVUScriptStruct@@AEBUFStructParams@1@@Z

factoryserver-automationtest

?Z_Construct_UEnum_AutomationTest_EAutomationState@@YAPEAVUEnum@@XZ

vcruntime140

memset
__C_specific_handler
__current_exception
_purecall
__current_exception_context
__std_type_info_destroy_list
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
_register_onexit_function
_execute_onexit_table
_initterm_e
_initterm
_initialize_narrow_environment
_cexit

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
RtlCaptureContext
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

??$StaticStruct@UFAutomationScreenshotMetadata@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerFindWorkers@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerFindWorkersResponse@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerImageComparisonResults@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerNextNetworkCommandReply@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerPerformanceDataRequest@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerPerformanceDataResponse@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerPing@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerPong@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerRequestNextNetworkCommand@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerRequestTests@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerRequestTestsReplyComplete@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerResetTests@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerRunTests@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerRunTestsReply@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerScreenImage@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerSingleTestReply@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerStopTests@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerTelemetryData@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerTelemetryItem@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerTestDataRequest@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerTestDataResponse@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationWorkerWorkerOffline@@@@YAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationScreenshotMetadata@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerFindWorkers@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerFindWorkersResponse@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerImageComparisonResults@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerNextNetworkCommandReply@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerPerformanceDataRequest@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerPerformanceDataResponse@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerPing@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerPong@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerRequestNextNetworkCommand@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerRequestTests@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerRequestTestsReplyComplete@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerResetTests@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerRunTests@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerRunTestsReply@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerScreenImage@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerSingleTestReply@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerStopTests@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerTelemetryData@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerTelemetryItem@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerTestDataRequest@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerTestDataResponse@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationWorkerWorkerOffline@@SAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationScreenshotMetadata@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerFindWorkers@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerFindWorkersResponse@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerImageComparisonResults@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerNextNetworkCommandReply@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerPerformanceDataRequest@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerPerformanceDataResponse@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerPing@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerPong@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerRequestNextNetworkCommand@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerRequestTests@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerRequestTestsReplyComplete@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerResetTests@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerRunTests@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerRunTestsReply@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerScreenImage@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerSingleTestReply@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerStopTests@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerTelemetryData@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerTelemetryItem@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerTestDataRequest@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerTestDataResponse@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationWorkerWorkerOffline@@YAPEAVUScriptStruct@@XZ
InitializeModule

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59487201a8e186def74e23171b05df8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factoryserver-core

factoryserver-coreuobject

factoryserver-automationtest

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.uedbg Size: 2KB - Virtual size: 1KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 48KB

.uedbg
Size: 2KB - Virtual size: 1KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 2KB - Virtual size: 1KB