2RuleSynth[.]vst3

Resubmissions

16/03/2023, 02:59

230316-dgvrcagf48 1

16/03/2023, 02:56

230316-dfhemaah8y 1

Sharing

Copy URL

Twitter E-mail

General

Target

2RuleSynth.vst3
Size

6.0MB
MD5

34e9a8383e42e5f071b33ea35e175d10
SHA1

26978f5e561512a3ed0985124f4d47c773a33c65
SHA256

43d5590ced77ae7fd851095a0e49ce3f46f2286a71e65efcdd4398662c4ed593
SHA512

773c9210b80e4514f33472420c68c714d5c5759feeb1d74d125f8d57fc79d75bc8a62c15922c6a1c7d6a56f38756f6cc4ff0d55099ccb368acd4a9069c940bf7
SSDEEP

196608:wbWwyKZba/jhx5B2Bh/BUBvrL8s89CpE:864ba/By

Score

1^/10

Malware Config

Signatures

Files

2RuleSynth.vst3
.dll windows x64

2af29ac1ba8e5df78c6c162e25ac83ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesExW
OutputDebugStringW
SetEvent
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
LocalFree
ReplaceFileW
ExitProcess
GetModuleHandleW
FreeLibrary
CopyFileW
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FormatMessageW
GetDriveTypeW
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
GetThreadPriority
ResetEvent
GetPriorityClass
UnmapViewOfFile
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetLastError
Sleep
CreateEventW
GetLogicalDriveStringsW
GetModuleHandleA
GetSystemDirectoryW
ReleaseMutex
GetFileAttributesW
CreateFileW
TryEnterCriticalSection
WaitForSingleObject
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
SetThreadPriority
DisconnectNamedPipe
WaitForMultipleObjects
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
SetPriorityClass
FindFirstFileW
CancelIo
GetVolumeInformationW
ReadFile
SetThreadAffinityMask
CreateDirectoryW
IsDebuggerPresent
WideCharToMultiByte
DeleteCriticalSection
MultiByteToWideChar
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MoveFileW

user32

AttachThreadInput
GetWindowThreadProcessId
PostMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
PeekMessageW
EnumWindows
SetFocus
CallWindowProcW
MoveWindow
GetWindowLongW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
GetWindowRect
IsWindowVisible
SetWindowPos
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
IsWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
MapWindowPoints
TrackMouseEvent
GetForegroundWindow
GetMessageTime
TranslateMessage
BringWindowToTop
GetClipboardData
LoadIconW
LoadCursorW
DestroyCaret
SetCapture
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
GetClientRect
UpdateLayeredWindow
DrawIconEx
ShowCaret
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
InvalidateRect
GetAncestor
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
GetMessageW
DefWindowProcW
SendMessageTimeoutW
GetFocus
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
UnregisterClassW
GetWindowLongPtrW
RegisterClassExW
GetWindowTextW
GetDC
ReleaseDC
SetLayeredWindowAttributes

gdi32

RestoreDC
ExcludeClipRect
GetObjectW
GetRegionData
CreateRectRgn
CreateBitmap
StretchDIBits
CreateDIBSection
SaveDC
CombineRgn
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
CreateRectRgnIndirect
GetOutlineTextMetricsW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

AccessCheck
GetNamedSecurityInfoW
OpenProcessToken
DuplicateToken
MapGenericMask

shell32

SHGetKnownFolderPath
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractAssociatedIconW
ShellExecuteW
Shell_NotifyIconW
SHGetMalloc
SHCreateShellItem
DragQueryFileW
SHGetSpecialFolderPathW
SHParseDisplayName

ole32

OleUninitialize
OleInitialize
CoTaskMemAlloc
CoInitialize
DoDragDrop
RegisterDragDrop
CoInitializeEx
RevokeDragDrop
CoCreateInstance
CoTaskMemFree
OleSetContainedObject
CoCreateGuid
OleCreate
PropVariantClear
CoUninitialize

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SysAllocString
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayPutElement

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Xtime_get_ticks
_Query_perf_counter
_Cnd_wait
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
_Cnd_init_in_situ
_Mtx_current_owns
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

wininet

InternetReadFile
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
HttpSendRequestExW
HttpEndRequestW
InternetCrackUrlW
InternetSetFilePointer
HttpQueryInfoW
InternetOpenW
InternetWriteFile
FtpOpenFileW

ws2_32

setsockopt
ioctlsocket
sendto
freeaddrinfo
htons
__WSAFDIsSet
accept
bind
closesocket
select
getaddrinfo
htonl
getsockopt
WSAStartup
inet_addr
send
inet_ntoa
recv

shlwapi

PathStripToRootW

winmm

timeKillEvent
timeGetTime
timeBeginPeriod
midiInMessage
midiInUnprepareHeader
midiInOpen
midiOutGetDevCapsW
midiOutPrepareHeader
midiOutOpen
midiInReset
midiInPrepareHeader
midiOutUnprepareHeader
midiInGetDevCapsW
midiInStart
midiInClose
midiInAddBuffer
midiOutMessage
midiInGetNumDevs
midiOutShortMsg
midiOutGetNumDevs
midiOutLongMsg
midiOutClose
midiInStop

imm32

ImmAssociateContextEx
ImmSetCandidateWindow
ImmAssociateContext
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmNotifyIME

dxgi

CreateDXGIFactory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memcmp
__RTDynamicCast
__intrinsic_setjmp
memcpy
memmove
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
__std_type_info_compare
longjmp
__RTtypeid
strchr
__std_type_info_destroy_list
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-stdio-l1-1-0

fclose
ftell
__acrt_iob_func
__stdio_common_vswscanf
__stdio_common_vswprintf
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
fwrite
fflush
__stdio_common_vfprintf
__stdio_common_vsprintf_s
freopen_s
fseek
_fileno

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
free
calloc

api-ms-win-crt-string-l1-1-0

strncmp
iswalpha
strcmp
towupper
iswspace
iswalnum
iswdigit
towlower
iswlower
iswupper

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_endthreadex
_fpreset
_initterm_e
_initterm
exit
_cexit
_crt_atexit
_errno
_execute_onexit_table
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_beginthreadex

api-ms-win-crt-math-l1-1-0

log10f
log
fmod
floorf
floor
expf
exp
log2f
cosf
cos
ceilf
ceil
atanf
logf
pow
fmax
atan2
fmin
acos
_hypotf
_hypot
_fdclass
powf
_finite
log2
sqrt
sin
sinf
sqrtf
tan
_copysign
tanf
atan2f
ldexp
frexp
tanhf
fmodf
truncf

api-ms-win-crt-time-l1-1-0

_localtime64_s
_ftime64_s
wcsftime

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
strtod
_strtod_l

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

ExitDll
GetPluginFactory
InitDll

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2af29ac1ba8e5df78c6c162e25ac83ee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp140

wininet

ws2_32

shlwapi

winmm

imm32

dxgi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 104KB - Virtual size: 121KB

.pdata Size: 162KB - Virtual size: 162KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 104KB - Virtual size: 121KB

.pdata
Size: 162KB - Virtual size: 162KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 47KB