Rhino 8 KG[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Rhino 8 KG.exe
Size

177KB
MD5

5fd19eca22fdaf2595e012e3c09ad827
SHA1

bdb5554b034efc1a611fd73f03ba35bba91a32b5
SHA256

45163ab3ca05acd12109a48b979b47d352a45cd60249db14f9da282adf0d45d3
SHA512

7353b3f6815c772994e260a6d7b5b92dc2b43ce362f06e91034c0dabcaabfbc9477f5ac64f01e75c51cba0dfbf338c048a9f76b5fe4c96e83ffea6432fc0f674
SSDEEP

3072:MHZZDLd34bKNe3qqHgoSSpOE8TxBoq6jlgXXsaXaxFF:MHDd3GQqBAPVBoBlcKF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rhino 8 KG.exe

Files

Rhino 8 KG.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\foreignerxx.foreignerxx-PC\source\repos\Rhino 7\Rhino 7\obj\Debug\Rhino 8.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ