Horion_JC[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Horion_JC.dll
Size

2.3MB
MD5

8baf759e78d0c62f86cce47cf429e928
SHA1

3f460729ef07b1562de228d6788640303ba6c6f8
SHA256

e5e7fdfe3af86e00f2a61e8daa6799e35124f70aa55b85e576b3e06ac4fec16a
SHA512

95e3a0a9f0e93cd19de6586b0c31369a122667d36101a4582d7393a683904f0c97b0d55547941ccf5fea8b213a4d786cda33c4bc62b651c5c834cf9efb3bc571
SSDEEP

49152:VKT+LTyWugx6mqMEL9ADcHelCMMsm/T0oh0ipG3ZTVqp2q1C0Xqoz7hviZkZsWf/:JXpvCMw/KspHQqhDuVS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Horion_JC.dll

Files

Horion_JC.dll
.dll windows:6 windows x64

65c2701560bbeedccb64e93be5877356

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
FindResourceA
LoadResource
LockResource
SizeofResource
Sleep
FreeLibraryAndExitThread
CreateThread
ExitThread
DisableThreadLibraryCalls
VirtualProtect
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
K32GetModuleInformation
GetCurrentProcess
HeapCreate
HeapFree
HeapDestroy
OpenThread
ResumeThread
CloseHandle
HeapReAlloc
HeapAlloc
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
Thread32Next
GetLastError
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetProcAddress
VirtualFree
GetSystemInfo
VirtualQuery
VirtualAlloc
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
SetLastError
TlsAlloc
RtlUnwindEx
LoadLibraryW
FormatMessageW
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetEndOfFile
SetStdHandle
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStdHandle
GetModuleFileNameW
ExitProcess
SetFilePointerEx
GetFileType
ReadConsoleW
GetConsoleMode
ReadFile
GetModuleHandleExW
RtlUnwind
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue

user32

OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData

ole32

CoCreateGuid

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetLocaleInfoEx
LCMapStringEx
GetCPInfo

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
ResetEvent
TryAcquireSRWLockExclusive
CreateEventW
SetEvent
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringEx
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

oleaut32

SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65c2701560bbeedccb64e93be5877356

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-2

api-ms-win-core-file-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 410KB - Virtual size: 409KB

.data Size: 20KB - Virtual size: 47KB

.pdata Size: 45KB - Virtual size: 45KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 601KB - Virtual size: 600KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 410KB - Virtual size: 409KB

.data
Size: 20KB - Virtual size: 47KB

.pdata
Size: 45KB - Virtual size: 45KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 601KB - Virtual size: 600KB

.reloc
Size: 12KB - Virtual size: 12KB