46f09e2ade8d1f844dc22eb9417e136ee58c4e181ca5e7e00f8e78fb4145eb91

Sharing

Copy URL Twitter E-mail

General

Target

46f09e2ade8d1f844dc22eb9417e136ee58c4e181ca5e7e00f8e78fb4145eb91
Size

123KB
MD5

7bd457a94f6c483864cb282b39d2be29
SHA1

d41887dbf0c195cc010df891c6f2f55d46dc60c3
SHA256

46f09e2ade8d1f844dc22eb9417e136ee58c4e181ca5e7e00f8e78fb4145eb91
SHA512

2a1df4cfc6c56fa0ff561da7e192f0ace7c485d60013ab41a3afc53a9c54d570c6bd858548c048f2c099df2e9d126e80580ae9fe1ffecee4d9d8d0d358cb414f
SSDEEP

3072:xpfgDfeNJlXQ6rmN2jTGerYO9caMFHt1BWg9RkkBz:xVyfOjTGTRZUmR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46f09e2ade8d1f844dc22eb9417e136ee58c4e181ca5e7e00f8e78fb4145eb91

Files

46f09e2ade8d1f844dc22eb9417e136ee58c4e181ca5e7e00f8e78fb4145eb91
.dll windows:6 windows x64 arch:x64

b8d83e74eb3f686f6509f4add571df81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryServer-AutomationTest.pdb

Imports

factoryserver-core

??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?OnInvalidSetNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
??0FString@@QEAA@PEBD@Z
??0FString@@QEAA@PEB_W@Z
??4FString@@QEAAAEAV0@PEB_W@Z
?ConcatFF@FString@@CA?AV1@AEBV1@0@Z
?ConcatFF@FString@@CA?AV1@$$QEAV1@AEBV1@@Z
?ConcatFC@FString@@CA?AV1@$$QEAV1@PEB_W@Z
?Mid@FString@@QEGBA?AV1@HH@Z
?ToLower@FString@@QEGBA?AV1@XZ
?ToLower@FString@@QEHAA?AV1@XZ
?StartsWith@FString@@QEBA_NPEB_WHW4Type@ESearchCase@@@Z
?TrimStartAndEnd@FString@@QEGBA?AV1@XZ
?TrimStartAndEnd@FString@@QEHAA?AV1@XZ
?Replace@FString@@QEGBA?AV1@PEB_W0W4Type@ESearchCase@@@Z
?Replace@FString@@QEHAA?AV1@PEB_W0W4Type@ESearchCase@@@Z
?FromValidEName@FNameEntryId@@CA?AU1@W4EName@@@Z
?GetTypeHash@@YAIUFNameEntryId@@@Z
?ToString@FName@@QEBA?AVFString@@XZ
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ

factoryserver-coreuobject

?GetTransientPackage@@YAPEAVUPackage@@XZ
?StaticAllocateObject@@YAPEAVUObject@@PEBVUClass@@PEAV1@VFName@@W4EObjectFlags@@W4EInternalObjectFlags@@_NPEA_NPEAVUPackage@@@Z
?ConstructUEnum@UECodeGen_Private@@YAXAEAPEAVUEnum@@AEBUFEnumParams@1@@Z
?ConstructUScriptStruct@UECodeGen_Private@@YAXAEAPEAVUScriptStruct@@AEBUFStructParams@1@@Z
?ConstructUPackage@UECodeGen_Private@@YAXAEAPEAVUPackage@@AEBUFPackageParams@1@@Z
?ConstructUClass@UECodeGen_Private@@YAXAEAPEAVUClass@@AEBUFClassParams@1@@Z
??1UObjectBase@@UEAA@XZ
?GetStaticStruct@@YAPEAVUScriptStruct@@P6APEAV1@XZPEAVUObject@@PEB_W@Z
?GetStaticEnum@@YAPEAVUEnum@@P6APEAV1@XZPEAVUObject@@PEB_W@Z
?RegisterCompiledInInfo@@YAXP6APEAVUPackage@@XZPEB_WAEAU?$TRegistrationInfo@VUPackage@@UFPackageReloadVersionInfo@@@@AEBUFPackageReloadVersionInfo@@@Z
?RegisterCompiledInInfo@@YAXPEB_WPEBUFClassRegisterCompiledInInfo@@_KPEBUFStructRegisterCompiledInInfo@@2PEBUFEnumRegisterCompiledInInfo@@2@Z
?GetFullName@UObjectBaseUtility@@QEBA?AVFString@@PEBVUObject@@W4EObjectFullNameFlags@@@Z
?GetPrivateStaticClass@UObject@@CAPEAVUClass@@XZ
??0UObject@@QEAA@XZ
??0UObject@@QEAA@AEAVFVTableHelper@@@Z
?PostInitProperties@UObject@@UEAAXXZ
?AddReferencedObjects@UObject@@SAXPEAV1@AEAVFReferenceCollector@@@Z
?TryUpdateDefaultConfigFile@UObject@@QEAA_NAEBVFString@@_N@Z
?CallFunctionByNameWithArguments@UObject@@QEAA_NPEB_WAEAVFOutputDevice@@PEAV1@_N@Z
?InternalCreateDefaultObjectWrapper@UClass@@AEBAXXZ
?GetPrivateStaticClassBody@@YAXPEB_W0AEAPEAVUClass@@P6AXXZIIW4EClassFlags@@W4EClassCastFlags@@0P6AXAEBVFObjectInitializer@@@ZP6APEAVUObject@@AEAVFVTableHelper@@@Z$$QEAUFUObjectCppClassStaticFunctions@@P6APEAV1@XZP6APEAV1@XZ@Z
?Z_Construct_UClass_UObject@@YAPEAVUClass@@XZ
?CheckDefaultSubobjectsInternal@UObject@@MEBA_NXZ
?ProcessEvent@UObject@@UEAAXPEAVUFunction@@PEAX@Z
?BuildSubobjectMapping@UObject@@UEBAXPEAV1@AEAV?$TMap@PEAVUObject@@PEAV1@VFDefaultSetAllocator@@U?$TDefaultMapHashableKeyFuncs@PEAVUObject@@PEAV1@$0A@@@@@@Z
?PreDestroyFromReplication@UObject@@UEAAXXZ
?PostNetReceive@UObject@@UEAAXXZ
?PreNetReceive@UObject@@UEAAXXZ
?IsSupportedForNetworking@UObject@@UEBA_NXZ
?IsFullNameStableForNetworking@UObject@@UEBA_NXZ
?IsNameStableForNetworking@UObject@@UEBA_NXZ
?RegisterReplicationFragments@UObject@@UEAAXAEAVFFragmentRegistrationContext@Net@UE@@W4EFragmentRegistrationFlags@34@@Z
?GetReplicatedCustomConditionState@UObject@@UEBAXAEAVFCustomPropertyConditionState@@@Z
?GetLifetimeReplicatedProps@UObject@@UEBAXAEAV?$TArray@VFLifetimeProperty@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?TagSubobjects@UObject@@UEAAXW4EObjectFlags@@@Z
?IsSafeForRootSet@UObject@@UEBA_NXZ
?IsLocalizedResource@UObject@@UEBA_NXZ
?GetPrimaryAssetId@UObject@@UEBA?AUFPrimaryAssetId@@XZ
?IsAsset@UObject@@UEBA_NXZ
?GetAssetRegistryTags@UObject@@UEBAXAEAV?$TArray@UFAssetRegistryTag@UObject@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?GetResourceSizeEx@UObject@@UEAAXAEAUFResourceSizeEx@@@Z
?GetWorld@UObject@@UEBAPEAVUWorld@@XZ
?Rename@UObject@@UEAA_NPEB_WPEAV1@I@Z
?GetPreloadDependencies@UObject@@UEAAXAEAV?$TArray@PEAVUObject@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?IsDestructionThreadSafe@UObject@@UEBA_NXZ
?NeedsLoadForTargetPlatform@UObject@@UEBA_NPEBVITargetPlatform@@@Z
?NeedsLoadForServer@UObject@@UEBA_NXZ
?NeedsLoadForClient@UObject@@UEBA_NXZ
?Serialize@UObject@@UEAAXAEAVFArchive@@@Z
?Serialize@UObject@@UEAAXVFStructuredArchiveRecord@@@Z
?FinishDestroy@UObject@@UEAAXXZ
?BeginDestroy@UObject@@UEAAXXZ
?PostLoadSubobjects@UObject@@UEAAXPEAUFObjectInstancingGraph@@@Z
?PostLoad@UObject@@UEAAXXZ
?PreSave@UObject@@UEAAXPEBVITargetPlatform@@@Z
?PreSave@UObject@@UEAAXVFObjectPreSaveContext@@@Z
?PostSaveRoot@UObject@@UEAAX_N@Z
?PostSaveRoot@UObject@@UEAAXVFObjectPostSaveRootContext@@@Z
?PreSaveRoot@UObject@@UEAA_NPEB_W@Z
?PreSaveRoot@UObject@@UEAAXVFObjectPreSaveRootContext@@@Z
?PostReinitProperties@UObject@@UEAAXXZ
?CreateCluster@UObjectBaseUtility@@UEAAXXZ
?CanBeInCluster@UObjectBaseUtility@@UEBA_NXZ
?GetFNameForStatID@UObjectBase@@UEBA?AVFName@@XZ
?DeferredRegister@UObjectBase@@MEAAXPEAVUClass@@PEB_W1@Z

vcruntime140

memcpy
memmove
memset
_purecall
__C_specific_handler
__current_exception_context
__current_exception
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

logf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_configure_narrow_argv
_initterm
_seh_filter_dll
terminate

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

Exports

Exports

??$StaticClass@VUAutomationTestExcludelist@@@@YAPEAVUClass@@XZ
??$StaticEnum@W4EAutomationState@@@@YAPEAVUEnum@@XZ
??$StaticEnum@W4ETEST_RHI_FeatureLevel_Options@@@@YAPEAVUEnum@@XZ
??$StaticEnum@W4ETEST_RHI_Options@@@@YAPEAVUEnum@@XZ
??$StaticStruct@UFAutomationTestExcludeOptions@@@@YAPEAVUScriptStruct@@XZ
??$StaticStruct@UFAutomationTestExcludelistEntry@@@@YAPEAVUScriptStruct@@XZ
??0UAutomationTestExcludelist@@QEAA@AEAVFVTableHelper@@@Z
??1UAutomationTestExcludelist@@UEAA@XZ
?AddToExcludeTest@UAutomationTestExcludelist@@QEAAXAEBVFString@@AEBUFAutomationTestExcludelistEntry@@@Z
?Get@UAutomationTestExcludelist@@SAPEAV1@XZ
?GetExcludeTestEntry@UAutomationTestExcludelist@@QEAAPEAUFAutomationTestExcludelistEntry@@AEBVFString@@AEBV?$TSet@VFName@@U?$DefaultKeyFuncs@VFName@@$0A@@@VFDefaultSetAllocator@@@@@Z
?GetFullTestName@UAutomationTestExcludelist@@AEAA?AVFString@@AEBUFAutomationTestExcludelistEntry@@@Z
?GetPrivateStaticClass@UAutomationTestExcludelist@@CAPEAVUClass@@XZ
?IsTestExcluded@UAutomationTestExcludelist@@QEAA_NAEBVFString@@AEBV?$TSet@VFName@@U?$DefaultKeyFuncs@VFName@@$0A@@@VFDefaultSetAllocator@@@@PEAVFName@@PEA_N@Z
?LogAutomationTest@@3UFLogCategoryLogAutomationTest@@A
?OverrideConfigSection@UAutomationTestExcludelist@@UEAAXAEAVFString@@@Z
?PostInitProperties@UAutomationTestExcludelist@@MEAAXXZ
?RemoveFromExcludeTest@UAutomationTestExcludelist@@QEAAXAEBVFString@@@Z
?SaveConfig@UAutomationTestExcludelist@@QEAAXXZ
?StaticStruct@FAutomationTestExcludeOptions@@SAPEAVUScriptStruct@@XZ
?StaticStruct@FAutomationTestExcludelistEntry@@SAPEAVUScriptStruct@@XZ
?Z_Construct_UClass_UAutomationTestExcludelist@@YAPEAVUClass@@XZ
?Z_Construct_UClass_UAutomationTestExcludelist_NoRegister@@YAPEAVUClass@@XZ
?Z_Construct_UEnum_AutomationTest_EAutomationState@@YAPEAVUEnum@@XZ
?Z_Construct_UEnum_AutomationTest_ETEST_RHI_FeatureLevel_Options@@YAPEAVUEnum@@XZ
?Z_Construct_UEnum_AutomationTest_ETEST_RHI_Options@@YAPEAVUEnum@@XZ
?Z_Construct_UScriptStruct_FAutomationTestExcludeOptions@@YAPEAVUScriptStruct@@XZ
?Z_Construct_UScriptStruct_FAutomationTestExcludelistEntry@@YAPEAVUScriptStruct@@XZ
InitializeModule

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 512B - Virtual size: 327B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8d83e74eb3f686f6509f4add571df81

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factoryserver-core

factoryserver-coreuobject

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.uedbg Size: 512B - Virtual size: 327B

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 1024B - Virtual size: 620B

.text
Size: 33KB - Virtual size: 33KB

.uedbg
Size: 512B - Virtual size: 327B

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 1024B - Virtual size: 620B