tyFlow_licenseServer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

tyFlow_licenseServer.exe
Size

8.6MB
MD5

e3936f1368da6b33a3c29aadb060516d
SHA1

147605fc478bcb537f2ee8751d8f2bff287f4dc9
SHA256

960b9578622018b25414fd5a15e093d24d1efc711d9a3bf5a129ace56082722f
SHA512

d5b90f25857861f68c59865376b4d583bf54fa425cfb1e0cb663ca0130ffc24fea50c05b37abd826a30f1c0447d5408237092db91ada47807d1a08e779f98dea
SSDEEP

98304:il63baYDMnc/Yn4Du40MecrvaHXgh0EFMwH:ilMDMnc/Yn4Dv0Mecrvaw0E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tyFlow_licenseServer.exe

Files

tyFlow_licenseServer.exe
.exe windows:6 windows x64 arch:x64

2632fc5983f085d4f8175564f654fa45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

g:\junk\tyFlow_licenseServer.pdb

Imports

ws2_32

WSASocketW
WSASend
WSARecv
WSAStringToAddressW
getsockopt
htonl
WSAGetLastError
WSASetLastError
WSACleanup
send
WSACloseEvent
WSACreateEvent
WSAStartup
shutdown
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
recv
connect
socket
WSAIoctl
inet_pton
__WSAFDIsSet
accept
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
WSAPoll
WSAAddressToStringW
getsockname
getpeername
ioctlsocket
closesocket
bind
getnameinfo
inet_addr
htons
listen
ntohl
ntohs
select
inet_ntoa
setsockopt

wldap32

ord216
ord73
ord208
ord41
ord117
ord26
ord14
ord127
ord167
ord46
ord142
ord79
ord133
ord147
ord301
ord27
ord145

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

kernel32

ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetQueuedCompletionStatusEx
GetHandleInformation
TryEnterCriticalSection
GetCurrentThreadId
IsDebuggerPresent
SetHandleInformation
LoadLibraryA
InitializeCriticalSection
GetTickCount64
GetModuleHandleA
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
QueryPerformanceCounter
LoadLibraryW
FreeLibrary
SetFileCompletionNotificationModes
AcquireSRWLockShared
CreateFileW
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
AcquireSRWLockExclusive
VerSetConditionMask
CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
GetFileSize
GetFileSizeEx
ReadFile
OutputDebugStringW
CloseHandle
RaiseException
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
SleepEx
CreateMutexW
CreateEventW
SetWaitableTimer
Sleep
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
GetCurrentProcessId
CreateThread
GetCurrentThread
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GlobalMemoryStatusEx
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
FormatMessageA
FormatMessageW
VerifyVersionInfoW
GetActiveProcessorGroupCount
GetMaximumProcessorCount
MultiByteToWideChar
WideCharToMultiByte
GetConsoleWindow
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryW
InitializeSListHead

user32

DisableProcessWindowsGhosting
RegisterWindowMessageW
LoadImageW
LoadCursorW
GetParent
GetCursorPos
SetCursor
MessageBoxW
MessageBoxA
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
SetWindowTextW
SetWindowTextA
RedrawWindow
SetForegroundWindow
TrackPopupMenu
InsertMenuW
CheckMenuItem
CreatePopupMenu
GetMenu
GetSystemMetrics
EnableWindow
GetAsyncKeyState
SetFocus
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
MoveWindow
ShowWindow
DestroyWindow
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage

advapi32

CryptDestroyKey
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
SetEntriesInAclW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash

shell32

SHGetKnownFolderPath
Shell_NotifyIconW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

msvcp140

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?exceptions@ios_base@std@@QEAAXH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?toupper@?$ctype@D@std@@QEBADD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Cnd_timedwait
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?classic@locale@std@@SAAEBV12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_register_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_join
_Thrd_yield
_Thrd_hardware_concurrency
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast

dwmapi

DwmSetWindowAttribute

iphlpapi

GetAdaptersAddresses
if_indextoname

mswsock

GetAcceptExSockaddrs
AcceptEx

mpr

WNetGetUniversalNameW

vcruntime140

__current_exception
__CxxFrameHandler3
__current_exception_context
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memmove
memset
_purecall
__std_terminate
__std_type_info_compare
__C_specific_handler
__RTDynamicCast
memchr
memcmp
strchr
strrchr
wcschr
strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_initterm_e
terminate
signal
_beginthreadex
_initterm
_get_initial_wide_environment
_configure_wide_argv
_exit
__p___argc
__p___wargv
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_c_exit
_cexit
__sys_errlist
__sys_nerr
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
abort
exit
_register_thread_local_exe_atexit_callback
strerror
_getpid
_errno

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
free
calloc
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

_wcsdup
strpbrk
strncmp
isupper
isalpha
wcspbrk
isxdigit
_strdup
strnlen
wcsncpy
strspn
wcsncmp
isdigit
isalnum
toupper
tolower
_wcsicmp
strcspn
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-convert-l1-1-0

wcstombs
wcstombs_s
strtoull
strtoul
atoi
strtoll
strtod
strtol

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-time-l1-1-0

_ctime64_s
_time64
_gmtime64
_gmtime64_s
strftime
_localtime64_s

api-ms-win-crt-stdio-l1-1-0

_lseeki64
fgetc
fgets
_close
_write
__stdio_common_vfprintf
_read
__p__commode
_wtmpnam_s
_wopen
_wfopen
__stdio_common_vswprintf_s
_get_stream_buffer_pointers
ftell
fseek
feof
fclose
fflush
__stdio_common_vsscanf
fputs
__acrt_iob_func
fgetpos
_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vsprintf
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc

api-ms-win-crt-filesystem-l1-1-0

_unlink
_wstat64
_rmdir
_stat64i32
_waccess
_wmkdir
_lock_file
_unlock_file
_fstat64

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceilf
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2632fc5983f085d4f8175564f654fa45

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

crypt32

kernel32

user32

advapi32

shell32

ole32

msvcp140

dwmapi

iphlpapi

mswsock

mpr

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 24KB - Virtual size: 224KB

.pdata Size: 117KB - Virtual size: 116KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 24KB - Virtual size: 224KB

.pdata
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 7KB