Horion[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Horion.dll
Size

2.0MB
MD5

36e6d6dafc9e5c225832c685cd515753
SHA1

8a0081bcbf53d1dd3bf6b978054dcb3b91840973
SHA256

d7338df672b54994242b5cbd061676b670f87913d1a44f4da1db110a52776e47
SHA512

691e8cd9fc8494e41b144248c04650875a9f6ddd91c6efb3ba22257ecacc30065943f605784be68889dc2e9660f3a6fcbe80a29de3d331da6905b5b9640860a7
SSDEEP

49152:w4TFyvLGu8VGcXfk97JXNNGkaduHFwebI0C1ROgbviZkZsWfOql:ZuQo5GkpwebjeDuVS

Score

N/A

Malware Config

Signatures

Files

Horion.dll
.dll windows x64

2f20995ae1afa52fbd3d1ee57382f31b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
FindResourceA
LoadResource
LockResource
SizeofResource
Sleep
FreeLibraryAndExitThread
CreateThread
ExitThread
DisableThreadLibraryCalls
VirtualProtect
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
MultiByteToWideChar
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
K32GetModuleInformation
GetCurrentProcess
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
SetLastError
TlsAlloc
TlsGetValue
LoadLibraryW
FormatMessageW
RtlUnwind
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
OutputDebugStringW
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
ExitProcess
ReadConsoleW
GetConsoleMode
ReadFile
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
RtlUnwindEx

user32

OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData

ole32

CoCreateGuid

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TryEnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-localization-l1-2-0

GetCPInfo
LCMapStringEx
FormatMessageA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
ResumeThread
SuspendThread
OpenThread

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
CreateDirectoryW
CreateFileW

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

CompareStringEx
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsSetValue
FlsFree
FlsAlloc

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
GetThreadContext
SetThreadContext
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapDestroy
HeapCreate
HeapReAlloc

api-ms-win-core-toolhelp-l1-1-0

Thread32First
CreateToolhelp32Snapshot
Thread32Next

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualQuery
VirtualAlloc

oleaut32

SysStringLen
SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f20995ae1afa52fbd3d1ee57382f31b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-2

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-memory-l1-1-0

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 273KB - Virtual size: 272KB

.data Size: 8KB - Virtual size: 44KB

.pdata Size: 39KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 601KB - Virtual size: 600KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 273KB - Virtual size: 272KB

.data
Size: 8KB - Virtual size: 44KB

.pdata
Size: 39KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 601KB - Virtual size: 600KB

.reloc
Size: 12KB - Virtual size: 11KB