04c8de0ee652c46b7fbbdca51d360a10_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

04c8de0ee652c46b7fbbdca51d360a10_NEAS
Size

293KB
MD5

04c8de0ee652c46b7fbbdca51d360a10
SHA1

dd16e7aed07ecb29e55b2fbe6c10b0fbb4a485ce
SHA256

93d2f26cdb19aaae89da268e2dfc58d1338cfd29d21ea999f3d4294fc3fc950a
SHA512

dfee64491026f55100bfd714762dcd576ee9aae80a144e46477cd3c35f0f146beafd362a9bdc96e2b4d5af0797e3ecd81a1b75a9caedf443892174a320620b5b
SSDEEP

6144:ZRjow201RHLAEcMtYRRZdOpOa4kYOjTGdBaQRZUmR/:ZRjp20rHLAEPtAZdOpuqIJl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04c8de0ee652c46b7fbbdca51d360a10_NEAS

Files

04c8de0ee652c46b7fbbdca51d360a10_NEAS
.dll windows:6 windows x64 arch:x64

20d115fd6d69823ad3787c12d12801bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryServer-Voronoi.pdb

Imports

factoryserver-core

??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?HandleAtomicsFailure@FWindowsPlatformAtomics@@KAXPEB_WZZ
?BeginNamedEvent@FWindowsPlatformMisc@@SAXAEBUFColor@@PEBD@Z
?EndNamedEvent@FWindowsPlatformMisc@@SAXXZ
?NumberOfCoresIncludingHyperthreads@FWindowsPlatformMisc@@SAHXZ
?OutputEventType@FCpuProfilerTrace@@SAIPEBD0I@Z
?OutputBeginEvent@FCpuProfilerTrace@@SAXI@Z
?OutputBeginDynamicEvent@FCpuProfilerTrace@@SAXPEB_WPEBDI@Z
?OutputBeginDynamicEventWithId@FCpuProfilerTrace@@SAXVFName@@PEB_WPEBDI@Z
?OutputEndEvent@FCpuProfilerTrace@@SAXXZ
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?GetCurrentTag@FTaskTagScope@@SA?AW4ETaskTag@@XZ
?IsInActualRenderingThread@@YA_NXZ
?Get@FThreadSingletonInitializer@@SAPEAVFTlsAutoCleanup@@V?$TFunctionRef@$$A6APEAVFTlsAutoCleanup@@XZ@@AEAI@Z
?MemoryTrace_GetActiveTag@@YAHXZ
??0FMemScope@@QEAA@W4ELLMTag@@_N@Z
??1FMemScope@@QEAA@XZ
?Construct@FLowLevelMemTracker@@SAAEAV1@XZ
?OnLowLevelAlloc@FLowLevelMemTracker@@QEAAXW4ELLMTracker@@PEBX_KW4ELLMTag@@W4ELLMAllocType@@_N@Z
?OnLowLevelFree@FLowLevelMemTracker@@QEAAXW4ELLMTracker@@PEBXW4ELLMAllocType@@_N@Z
?GetActiveTagData@FLowLevelMemTracker@@QEAAPEBVFTagData@LLMPrivate@UE@@W4ELLMTracker@@W4ELLMTagSet@@@Z
?Init@FLLMScope@@IEAAXW4ELLMTag@@_NW4ELLMTagSet@@W4ELLMTracker@@1@Z
?Destruct@FLLMScope@@IEAAXXZ
?Get@FThreadStatsPool@@SAAEAU1@XZ
?GetFromPool@FThreadStatsPool@@QEAAPEAVFThreadStats@@XZ
?Flush@FThreadStats@@QEAAX_N0@Z
?FlushRawStats@FThreadStats@@QEAAX_N0@Z
?DoSetup@FThreadSafeStaticStatBase@@IEBAPEBUTStatIdData@@PEBDPEB_W001_N2W4Type@EStatDataType@@22W4EMemoryCounterRegion@FWindowsPlatformMemory@@@Z
??0FEventRef@@QEAA@W4EEventMode@@@Z
??1FEventRef@@QEAA@XZ
?SaveStack@FMetadataTrace@@SAIXZ
??1FMetadataRestoreScope@@QEAA@XZ
?RestoreInheritedContext@FInheritedContextBase@UE@@QEAA?AVFInheritedContextScope@2@XZ
?AnsiMalloc@@YAPEAX_KI@Z
?AnsiFree@@YAXPEAX@Z
?MemoryTrace_MarkAllocAsHeap@@YAX_KIW4EMemoryTraceHeapAllocationFlags@@@Z
?MemoryTrace_UnmarkAllocAsHeap@@YAX_KI@Z
?MemoryTrace_Alloc@@YAX_K0II@Z
?MemoryTrace_Free@@YAX_KI@Z
?FreeChunks@FMemStackBase@@AEAAXPEAUFTaggedMemory@1@@Z
?GetTlsSlot@?$TThreadSingleton@VFMemStack@@@@CAAEAIXZ
??0FMemStack@@QEAA@XZ
??1FMemStack@@UEAA@XZ
?OnInvalidConcurrentLinearArrayAllocatorNum@Private@Core@UE@@YAXH_K@Z
?GetActiveTask@FTask@LowLevelTasks@@SAPEBV12@XZ
?IsWorkerThread@FSchedulerTls@LowLevelTasks@@QEBA_NXZ
?LaunchInternal@FScheduler@LowLevelTasks@@AEAAXAEAVFTask@2@W4EQueuePreference@2@_N@Z
?GenerateTaskId@TaskTrace@@YA_KXZ
?Launched@TaskTrace@@YAX_KPEB_W_NW4Type@ENamedThreads@@0@Z
?Started@TaskTrace@@YAX_K@Z
?Completed@TaskTrace@@YAX_K@Z
?Destroyed@TaskTrace@@YAX_K@Z
?Get@FTaskGraphInterface@@SAAEAV1@XZ
?ShouldUseThreadingForPerformance@FApp@@SA_NXZ
?IsForkedMultithreadInstance@FForkProcessHelper@@SA_NXZ
?CpuChannel@@3AEAVFChannel@Trace@UE@@EA
?GCycleStatsShouldEmitNamedEvents@@3HA
?GShouldEmitVerboseNamedEvents@@3_NA
?SecondsPerCycle@FGenericPlatformTime@@1NA
?TrackerInstance@FLowLevelMemTracker@@0PEAV1@EA
?bIsDisabled@FLowLevelMemTracker@@2_NA
?TlsSlot@FThreadStats@@0IA
?bPrimaryEnable@FThreadStats@@0_NA
?bPrimaryDisableForever@FThreadStats@@0_NA
?bIsRawStatsActive@FThreadStats@@0_NA
?ZeroVector@?$TVector@N@Math@UE@@2U123@B
?Singleton@FScheduler@LowLevelTasks@@0V12@A
?StatPtr_STAT_ParallelFor@@3U?$FThreadSafeStaticStat@UFStat_STAT_ParallelFor@@@@A
?RenderThread_Local@FRenderThreadStatics@ENamedThreads@@0V?$TAtomic@W4Type@ENamedThreads@@@@A
?GParallelForBackgroundYieldingTimeoutMs@@3HA
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z

kernel32

QueryPerformanceCounter
TlsGetValue
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

msvcp140

?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memmove
_purecall
memset
__C_specific_handler
__std_type_info_destroy_list
__current_exception
memcpy
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

pow
_finite

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_initterm_e
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invoke_watson
_initterm
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

puts
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

free
malloc

Exports

Exports

??0FVoronoiDiagram@@QEAA@AEBV?$TArrayView@$$CBU?$TVector@N@Math@UE@@H@@AEBU?$TBox@N@Math@UE@@NN@Z
??0FVoronoiDiagram@@QEAA@AEBV?$TArrayView@$$CBU?$TVector@N@Math@UE@@H@@NN@Z
??0FVoronoiDiagram@@QEAA@HAEBU?$TBox@N@Math@UE@@N@Z
??1FVoronoiDiagram@@QEAA@XZ
?AddSites@FVoronoiDiagram@@QEAAXAEBV?$TArrayView@$$CBU?$TVector@N@Math@UE@@H@@N@Z
?ComputeAllCells@FVoronoiDiagram@@QEAAXAEAV?$TArray@UFVoronoiCellInfo@@V?$TSizedDefaultAllocator@$0CA@@@@@H@Z
?ComputeAllCellsSerial@FVoronoiDiagram@@QEAAXAEAV?$TArray@UFVoronoiCellInfo@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?ComputeAllNeighbors@FVoronoiDiagram@@QEAAXAEAV?$TArray@V?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@V?$TSizedDefaultAllocator@$0CA@@@@@_NH@Z
?ComputeCellEdges@FVoronoiDiagram@@QEAAXAEAV?$TArray@U?$TTuple@U?$TVector@N@Math@UE@@U123@@@V?$TSizedDefaultAllocator@$0CA@@@@@AEAV?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@H@Z
?ComputeCellEdgesSerial@FVoronoiDiagram@@QEAAXAEAV?$TArray@U?$TTuple@U?$TVector@N@Math@UE@@U123@@@V?$TSizedDefaultAllocator@$0CA@@@@@AEAV?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@@Z
?FindCell@FVoronoiDiagram@@QEBAHAEBU?$TVector@N@Math@UE@@AEAVFVoronoiComputeHelper@@AEAU234@@Z
?GetBounds@FVoronoiDiagram@@SA?AU?$TBox@N@Math@UE@@AEBV?$TArrayView@$$CBU?$TVector@N@Math@UE@@H@@N@Z
?GetComputeHelper@FVoronoiDiagram@@QEBA?AVFVoronoiComputeHelper@@XZ
?GetParallelBlockRanges@FVoronoiDiagram@@AEAA?AV?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@H@Z
?GetVoronoiEdges@@YA_NAEBV?$TArrayView@$$CBU?$TVector@N@Math@UE@@H@@AEBU?$TBox@N@Math@UE@@AEAV?$TArray@U?$TTuple@U?$TVector@N@Math@UE@@U123@@@V?$TSizedDefaultAllocator@$0CA@@@@@AEAV?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@N@Z
?Initialize@FVoronoiDiagram@@QEAAXAEBV?$TArrayView@$$CBU?$TVector@N@Math@UE@@H@@AEBU?$TBox@N@Math@UE@@NN@Z
?MinDefaultSitesPerThread@FVoronoiDiagram@@2HB
?VoronoiNeighbors@@YA_NAEBV?$TArrayView@$$CBU?$TVector@N@Math@UE@@H@@AEAV?$TArray@V?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@V?$TSizedDefaultAllocator@$0CA@@@@@_NN@Z
InitializeModule

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 1024B - Virtual size: 887B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20d115fd6d69823ad3787c12d12801bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factoryserver-core

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 176KB

.uedbg Size: 1024B - Virtual size: 887B

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 177KB - Virtual size: 176KB

.uedbg
Size: 1024B - Virtual size: 887B

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 276B