eab756c6dcc4b37f31d6fc18de51761c7c60e4c408dacb8e78e3cc230442224f

Sharing

Copy URL Twitter E-mail

General

Target

eab756c6dcc4b37f31d6fc18de51761c7c60e4c408dacb8e78e3cc230442224f
Size

231KB
MD5

183283be99a6d4933b406f38a26b601f
SHA1

01e35a152e40b8355e4be33b2aa9ef7c3208fc96
SHA256

eab756c6dcc4b37f31d6fc18de51761c7c60e4c408dacb8e78e3cc230442224f
SHA512

eb71aa1a31519b4979d6aee3acdd134318efd1108c3ba678b4c77e24a474c84fed2620e5c92a40dbe1aaca64ae85637ca6bf62622c075b50b08dfff215a2de7c
SSDEEP

3072:RuxHJcbgQ6JaBHKYP3XPQza9wRyHTDkezv+PgG7vTk3qbFbnlv48H8O9caMFHt1X:Ru52KYP3XPSarWjNcRZUmR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eab756c6dcc4b37f31d6fc18de51761c7c60e4c408dacb8e78e3cc230442224f

Files

eab756c6dcc4b37f31d6fc18de51761c7c60e4c408dacb8e78e3cc230442224f
.dll windows:6 windows x64 arch:x64

1119b31386e1eb067e22d326dd2ce9f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryServer-HTTPServer.pdb

Imports

factoryserver-core

??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?bIsDisabled@FLowLevelMemTracker@@2_NA
?AddError@FAutomationTestBase@@UEAAXAEBVFString@@H@Z
?AddErrorIfFalse@FAutomationTestBase@@UEAA_N_NAEBVFString@@H@Z
?AddErrorS@FAutomationTestBase@@UEAAXAEBVFString@@0H@Z
?AddWarningS@FAutomationTestBase@@UEAAXAEBVFString@@0H@Z
?AddWarning@FAutomationTestBase@@UEAAXAEBVFString@@H@Z
?AddInfo@FAutomationTestBase@@UEAAXAEBVFString@@H_N@Z
?AddEvent@FAutomationTestBase@@UEAAXAEBUFAutomationEvent@@H_N@Z
?AddAnalyticsItem@FAutomationTestBase@@UEAAXAEBVFString@@@Z
?AddTelemetryData@FAutomationTestBase@@UEAAXAEBV?$TMap@VFString@@NVFDefaultSetAllocator@@U?$TDefaultMapHashableKeyFuncs@VFString@@N$0A@@@@@AEBVFString@@@Z
?AddTelemetryData@FAutomationTestBase@@UEAAXAEBVFString@@N0@Z
?SetTelemetryStorage@FAutomationTestBase@@UEAAXAEBVFString@@@Z
?bSuppressLogWarnings@FAutomationTestBase@@2_NA
?bSuppressLogErrors@FAutomationTestBase@@2_NA
?bElevateLogWarningsToErrors@FAutomationTestBase@@2_NA
?SuppressedLogCategories@FAutomationTestBase@@2V?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@A
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?GetConvertedLength@Private@Core@UE@@YAHPEBW4UTF8CHAR@FGenericPlatformTypes@@PEB_WH@Z
?GetConvertedLength@Private@Core@UE@@YAHPEB_WPEBW4UTF8CHAR@FGenericPlatformTypes@@H@Z
?Convert@Private@Core@UE@@YAPEAW4UTF8CHAR@FGenericPlatformTypes@@PEAW445@HPEB_WH@Z
?Convert@Private@Core@UE@@YAPEA_WPEA_WHPEBW4UTF8CHAR@FGenericPlatformTypes@@H@Z
?HandleAtomicsFailure@FWindowsPlatformAtomics@@KAXPEB_WZZ
?BeginNamedEvent@FWindowsPlatformMisc@@SAXAEBUFColor@@PEBD@Z
?EndNamedEvent@FWindowsPlatformMisc@@SAXXZ
?OutputBeginDynamicEventWithId@FCpuProfilerTrace@@SAXVFName@@PEB_WPEBDI@Z
?OutputEndEvent@FCpuProfilerTrace@@SAXXZ
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
??0FString@@QEAA@PEBD@Z
??0FString@@QEAA@PEB_W@Z
??0FString@@QEAA@HPEB_W@Z
??4FString@@QEAAAEAV0@PEB_W@Z
?AssignRange@FString@@AEAAXPEB_WH@Z
?Empty@FString@@QEAAXXZ
?AppendChars@FString@@QEAAXPEB_WH@Z
?AppendChar@FString@@QEAAAEAV1@_W@Z
?RemoveAt@FString@@QEAAXHH_N@Z
?RemoveFromEnd@FString@@QEAA_NPEB_WHW4Type@ESearchCase@@@Z
?RightChop@FString@@QEGBA?AV1@H@Z
?Mid@FString@@QEGBA?AV1@HH@Z
?ToLower@FString@@QEHAA?AV1@XZ
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?StartsWith@FString@@QEBA_NPEB_WHW4Type@ESearchCase@@@Z
?EndsWith@FString@@QEBA_NPEB_WHW4Type@ESearchCase@@@Z
?TrimStartAndEndInline@FString@@QEAAXXZ
?TrimStartAndEnd@FString@@QEGBA?AV1@XZ
?TrimStartAndEnd@FString@@QEHAA?AV1@XZ
?ParseIntoArray@FString@@QEBAHAEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@PEB_W_N@Z
?ParseIntoArrayWS@FString@@QEBAHAEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@PEB_W_N@Z
?ParseIntoArrayLines@FString@@QEBAHAEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@_N@Z
?ReplaceInline@FString@@QEAAHPEB_W0W4Type@ESearchCase@@@Z
?ReplaceCharWithEscapedCharInline@FString@@QEAAXPEBV?$TArray@_WV?$TSizedDefaultAllocator@$0CA@@@@@@Z
?AppendInt@FString@@QEAAXH@Z
?FromValidEName@FNameEntryId@@CA?AU1@W4EName@@@Z
??0FName@@QEAA@PEBDW4EFindName@@@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?Value@FParse@@SA_NPEB_W0AEAI@Z
?Value@FParse@@SA_NPEB_W0AEAH@Z
?Value@FParse@@SA_NPEB_W0AEAVFString@@_NPEAPEB_W@Z
?Bool@FParse@@SA_NPEB_W0AEA_N@Z
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?IsInGameThread@@YA_NXZ
?GenerateNewID@FDelegateHandle@@CA_KXZ
??0FMemScope@@QEAA@W4ELLMTag@@_N@Z
??0FMemScope@@QEAA@AEBVFName@@_N@Z
??1FMemScope@@QEAA@XZ
?Init@FLLMScope@@IEAAXVFName@@_NW4ELLMTagSet@@W4ELLMTracker@@1@Z
?Init@FLLMScope@@IEAAXW4ELLMTag@@_NW4ELLMTagSet@@W4ELLMTracker@@1@Z
?Destruct@FLLMScope@@IEAAXXZ
?Get@FThreadStatsPool@@SAAEAU1@XZ
?GetFromPool@FThreadStatsPool@@QEAAPEAVFThreadStats@@XZ
?Flush@FThreadStats@@QEAAX_N0@Z
?FlushRawStats@FThreadStats@@QEAAX_N0@Z
?DoSetup@FThreadSafeStaticStatBase@@IEBAPEBUTStatIdData@@PEBDPEB_W001_N2W4Type@EStatDataType@@22W4EMemoryCounterRegion@FWindowsPlatformMemory@@@Z
?GetCoreTicker@FTSTicker@@SAAEAV1@XZ
??0FTSTickerObjectBase@@QEAA@MAEAVFTSTicker@@@Z
??1FTSTickerObjectBase@@UEAA@XZ
?Clear@FAutomationTestExecutionInfo@@QEAAXXZ
?Get@FAutomationTestFramework@@SAAEAV1@XZ
?RegisterAutomationTest@FAutomationTestFramework@@QEAA_NAEBVFString@@PEAVFAutomationTestBase@@@Z
?UnregisterAutomationTest@FAutomationTestFramework@@QEAA_NAEBVFString@@@Z
?AddExpectedError@FAutomationTestBase@@QEAAXVFString@@W4MatchType@EAutomationExpectedMessageFlags@@H@Z
?TestFalse@FAutomationTestBase@@QEAA_NPEB_W_N@Z
?TestTrue@FAutomationTestBase@@QEAA_NPEB_W_N@Z
?GetString@FConfigCacheIni@@QEAA_NPEB_W0AEAVFString@@AEBV2@@Z
?GetInt@FConfigCacheIni@@QEAA_NPEB_W0AEAHAEBVFString@@@Z
?GetFloat@FConfigCacheIni@@QEAA_NPEB_W0AEAMAEBVFString@@@Z
?GetBool@FConfigCacheIni@@QEAA_NPEB_W0AEA_NAEBVFString@@@Z
?GetArray@FConfigCacheIni@@QEAAHPEB_W0AEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@AEBVFString@@@Z
?Get@FModuleManager@@SAAEAV1@XZ
?LoadModuleChecked@FModuleManager@@QEAAAEAVIModuleInterface@@VFName@@@Z
?SerializeRecord@FOutputDevice@@UEAAXAEBVFLogRecord@UE@@@Z
?CpuChannel@@3AEAVFChannel@Trace@UE@@EA
?CRCTable_DEPRECATED@FCrc@@2PAIA
?GConfig@@3PEAVFConfigCacheIni@@EA
?GIsRequestingExit@@3_NA
?GEngineIni@@3VFString@@A
?GCycleStatsShouldEmitNamedEvents@@3HA
?GShouldEmitVerboseNamedEvents@@3_NA
?TlsSlot@FThreadStats@@0IA
?bPrimaryEnable@FThreadStats@@0_NA
?bPrimaryDisableForever@FThreadStats@@0_NA
?bIsRawStatsActive@FThreadStats@@0_NA

factoryserver-http

?UrlDecode@FGenericPlatformHttp@@SA?AVFString@@V?$TStringView@_W@@@Z

factoryserver-sockets

?CreateUniqueSocket@ISocketSubsystem@@QEAA?AV?$TUniquePtr@VFSocket@@VFSocketDeleter@@@@AEBVFName@@AEBVFString@@_N@Z
?GetSocketError@ISocketSubsystem@@QEAAPEB_WW4ESocketErrors@@@Z
?Get@ISocketSubsystem@@SAPEAV1@AEBVFName@@@Z

kernel32

InitializeCriticalSection
SetCriticalSectionSpinCount
DeleteCriticalSection
QueryPerformanceCounter
TlsGetValue
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
InitializeSListHead
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

vcruntime140

memcpy
memmove
memset
__C_specific_handler
__std_type_info_destroy_list
_purecall
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
_initterm_e
_initterm
_cexit
_seh_filter_dll
_register_onexit_function

Exports

Exports

??0FHttpPath@@QEAA@VFString@@@Z
??0FHttpPath@@QEAA@XZ
?Create@FHttpServerResponse@@SA?AV?$TUniquePtr@UFHttpServerResponse@@U?$TDefaultDelete@UFHttpServerResponse@@@@@@$$QEAV?$TArray@EV?$TSizedDefaultAllocator@$0CA@@@@@VFString@@@Z
?Create@FHttpServerResponse@@SA?AV?$TUniquePtr@UFHttpServerResponse@@U?$TDefaultDelete@UFHttpServerResponse@@@@@@AEBV?$TArrayView@EH@@VFString@@@Z
?Create@FHttpServerResponse@@SA?AV?$TUniquePtr@UFHttpServerResponse@@U?$TDefaultDelete@UFHttpServerResponse@@@@@@AEBVFString@@V3@@Z
?Error@FHttpServerResponse@@SA?AV?$TUniquePtr@UFHttpServerResponse@@U?$TDefaultDelete@UFHttpServerResponse@@@@@@W4EHttpServerResponseCodes@@AEBVFString@@1@Z
?Get@FHttpServerModule@@SAAEAV1@XZ
?GetHttpRouter@FHttpServerModule@@QEAA?AV?$TSharedPtr@VIHttpRouter@@$00@@I_N@Z
?GetPath@FHttpPath@@QEBAAEBVFString@@XZ
?HasPendingListeners@FHttpServerModule@@QEBA_NXZ
?IsAvailable@FHttpServerModule@@SA_NXZ
?IsRoot@FHttpPath@@QEBA_NXZ
?IsValidPath@FHttpPath@@QEBA_NXZ
?MakeRelative@FHttpPath@@QEAAXAEBVFString@@@Z
?Ok@FHttpServerResponse@@SA?AV?$TUniquePtr@UFHttpServerResponse@@U?$TDefaultDelete@UFHttpServerResponse@@@@@@XZ
?ParsePathTokens@FHttpPath@@QEBAIAEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?SetPath@FHttpPath@@QEAAXVFString@@@Z
?StartAllListeners@FHttpServerModule@@QEAAXXZ
?StopAllListeners@FHttpServerModule@@QEAAXXZ
InitializeModule

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1119b31386e1eb067e22d326dd2ce9f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factoryserver-core

factoryserver-http

factoryserver-sockets

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 119KB

.uedbg Size: 1KB - Virtual size: 1KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 1024B - Virtual size: 772B

.text
Size: 119KB - Virtual size: 119KB

.uedbg
Size: 1KB - Virtual size: 1KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 1024B - Virtual size: 772B