1dc9166a304cd9c28d220d2d4d14f069983fa679cf1691ebef85b435383ef4c0

Sharing

Copy URL Twitter E-mail

General

Target

1dc9166a304cd9c28d220d2d4d14f069983fa679cf1691ebef85b435383ef4c0
Size

9.1MB
MD5

8236c938c6020eb0fb39e527a0a1fb81
SHA1

d371565ca12bd227b0c528cc96f12069a798aa3e
SHA256

1dc9166a304cd9c28d220d2d4d14f069983fa679cf1691ebef85b435383ef4c0
SHA512

3a23467933bc3d994cbdf83d962db6c3779570bb135e0fb538dfd21ef354dd2b5d18c1b059a74ade624ab7f4b0c872e6d79eda5768703a48dd50bc602644cdd9
SSDEEP

98304:938Doz3t/JpN+9BsUYMYagoBT0M4yeBqmgHox:pXzRM9hBT0byeBb6e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1dc9166a304cd9c28d220d2d4d14f069983fa679cf1691ebef85b435383ef4c0

Files

1dc9166a304cd9c28d220d2d4d14f069983fa679cf1691ebef85b435383ef4c0
.dll windows:5 windows x64 arch:x64

1a9df0f88075e9803c96836e7549a377

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\beta\symbols\MicroRhino\MicroRhino_Beta_x64.pdb

Imports

wininet

InternetGetLastResponseInfoA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoA
InternetSetFilePointer

imagehlp

SymInitialize
StackWalk64
SymGetModuleBase64
SymGetSymFromAddr64
SymFunctionTableAccess64
SymCleanup

kernel32

FindResourceW
GetModuleHandleA
GetProcAddress
DeleteFileA
MoveFileA
FormatMessageA
CreateEventA
SetEvent
ResetEvent
WaitForSingleObjectEx
CloseHandle
SwitchToThread
SetThreadPriority
ResumeThread
WaitForSingleObject
TerminateThread
GetCurrentProcess
GetCurrentThread
DuplicateHandle
SuspendThread
QueueUserAPC
TlsAlloc
TlsFree
CreateMutexA
ReleaseMutex
GetFullPathNameW
GetLogicalDriveStringsW
GetFileAttributesW
GetFileAttributesExW
SetFileAttributesW
CreateFileW
SetFileTime
RemoveDirectoryW
DeleteFileW
MoveFileW
CreateDirectoryW
CopyFileExW
GetTempFileNameW
GetFileSize
ReadFile
WriteFile
GetFileTime
FlushFileBuffers
SetFilePointer
GlobalAddAtomA
GlobalDeleteAtom
GlobalFindAtomA
GetModuleFileNameA
GetModuleFileNameW
GetTempFileNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
GetCurrentDirectoryA
GetSystemInfo
GlobalMemoryStatusEx
FreeResource
SizeofResource
WaitForMultipleObjectsEx
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
ExitProcess
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
LoadLibraryW
SetConsoleCtrlHandler
GetModuleHandleW
OutputDebugStringW
GetFileType
WriteConsoleW
GetStdHandle
FatalAppExitA
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetDateFormatA
GetTimeFormatA
GetFileAttributesA
ExitThread
CreateThread
GetTimeZoneInformation
GetCommandLineA
FlsSetValue
IsBadReadPtr
HeapValidate
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
FlsFree
SetLastError
SetHandleCount
GetStartupInfoW
HeapAlloc
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
LockResource
LoadResource
FindResourceA
SleepEx
Sleep
GetTickCount
GetCurrentProcessId
GlobalFree
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
TlsGetValue
TlsSetValue
MultiByteToWideChar
WideCharToMultiByte
GetVolumeInformationW
GetDriveTypeW
OutputDebugStringA
GetCurrentThreadId
FindClose
FindNextFileW
FindFirstFileW
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalSize
GetLongPathNameA
GetTempPathA
CompareStringW
GetLastError
HeapDestroy
HeapReAlloc
HeapQueryInformation
HeapFree
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetExitCodeProcess
CreateProcessA
SetStdHandle
CreateFileA
SetEnvironmentVariableA
SetEndOfFile
QueryPerformanceCounter
GetProcessHeap

user32

SetMenuItemInfoA
GetMenuItemInfoA
InsertMenuItemW
InsertMenuItemA
PostQuitMessage
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
PeekMessageA
MsgWaitForMultipleObjectsEx
SetDlgItemTextW
GetDlgItemTextW
DialogBoxParamA
EndDialog
SetDlgItemTextA
EnableWindow
GetDlgItemTextA
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
GetMenuItemCount
GetClassNameA
SendDlgItemMessageA
MessageBoxExA
FrameRect
FillRect
SetFocus
LoadImageA
GetGUIThreadInfo
GetWindowThreadProcessId
GetParent
GetForegroundWindow
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardSequenceNumber
KillTimer
DestroyWindow
DestroyMenu
LoadMenuA
GetSubMenu
CreatePopupMenu
TrackPopupMenuEx
GetDlgItem
CheckMenuItem
EnableMenuItem
EndPaint
TrackMouseEvent
PostMessageA
ReuseDDElParam
UnpackDDElParam
SendMessageA
SetWindowLongPtrA
SetTimer
GetDC
CreateWindowExA
UnregisterClassA
DefWindowProcA
GetWindowLongPtrA
GetClassLongA
RegisterClassExA
SetCapture
SetCursor
ReleaseCapture
GetCapture
GetWindowTextA
MoveWindow
ClientToScreen
GetClientRect
InvalidateRect
GetMessageTime
GetMessagePos
ScreenToClient
GetCursorPos
GetAsyncKeyState
GetSystemMetrics
GetWindowLongA
AdjustWindowRectEx
CharLowerBuffA
CharUpperBuffA
GetMenu
GetKeyState
GetFocus
SetForegroundWindow
IsWindowVisible
ShowWindow
SetWindowTextA
SendMessageCallbackA
ChangeClipboardChain
SetClipboardViewer
LoadStringW
LoadStringA
BeginPaint

gdi32

GetTextExtentPoint32A
GetTextMetricsA
SetTextColor
SetTextAlign
SetBkMode
GetCurrentPositionEx
GetWindowOrgEx
OffsetWindowOrgEx
RectVisible
GetClipBox
LineTo
GetClipRgn
IntersectClipRect
CreateDCA
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBSection
GetObjectA
GetDIBColorTable
MoveToEx
Polyline
CreateBrushIndirect
Polygon
Ellipse
CreatePen
SelectObject
CreateSolidBrush
ExtTextOutA
CreateFontIndirectA
DeleteObject
GdiFlush
CreateRectRgn
GetRandomRgn
BitBlt
SelectClipRgn
OffsetRgn

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteValueA

shell32

DragFinish
ShellExecuteExA
ShellExecuteExW
DragQueryFileW
DragAcceptFiles
SHGetFolderPathW

ole32

CoTaskMemFree
OleInitialize
DoDragDrop
ReleaseStgMedium
CoCreateInstance
CoInitialize
CoTaskMemAlloc

Exports

Exports

VSTPluginMain

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text3
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text2
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text1
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text0
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a9df0f88075e9803c96836e7549a377

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

imagehlp

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

text3 Size: 131KB - Virtual size: 131KB

text2 Size: 106KB - Virtual size: 105KB

text1 Size: 198KB - Virtual size: 198KB

text0 Size: 210KB - Virtual size: 210KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 76KB - Virtual size: 101KB

.pdata Size: 223KB - Virtual size: 223KB

text Size: 13KB - Virtual size: 12KB

data Size: 32KB - Virtual size: 32KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 4.3MB - Virtual size: 4.3MB

text3
Size: 131KB - Virtual size: 131KB

text2
Size: 106KB - Virtual size: 105KB

text1
Size: 198KB - Virtual size: 198KB

text0
Size: 210KB - Virtual size: 210KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 76KB - Virtual size: 101KB

.pdata
Size: 223KB - Virtual size: 223KB

text
Size: 13KB - Virtual size: 12KB

data
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 42KB - Virtual size: 42KB