0577329103308f3b09228f25987cc00ba14beb3e147a4561b47b5d1bbc53f921

Sharing

Copy URL Twitter E-mail

General

Target

0577329103308f3b09228f25987cc00ba14beb3e147a4561b47b5d1bbc53f921
Size

929KB
MD5

16f7ce483df592705137725be366dc9d
SHA1

4a4d4c859b600708ed209bcebdc9960c823afe48
SHA256

0577329103308f3b09228f25987cc00ba14beb3e147a4561b47b5d1bbc53f921
SHA512

437ef118fa9d0d6f6a8d1052d7a9c30ed431f46687c69e08ea0c2b0cf991eba431866538fb7a536e71f4afbf420dde2c6084a43690510f589b8f09f6d5920308
SSDEEP

24576:qFJgJda6n8XPXirr7hrqSfMo5qfLnYTlhlQ+ohGk5KgiZ:qP6nofirrNrq5TYTbllocLgiZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0577329103308f3b09228f25987cc00ba14beb3e147a4561b47b5d1bbc53f921

Files

0577329103308f3b09228f25987cc00ba14beb3e147a4561b47b5d1bbc53f921
.dll windows:5 windows x86 arch:x86

dacddb0d8e84a9c35a03a3659f34e002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\RhinoProtect\Publish\OutPut\Bin\Win32\release\pdb\SdRTProtectUICtrl.pdb

Imports

basicbusinessconfigcenter

?UnInitilize@RCCloudDataUser@DM@RC@@QAEXXZ
?Initialize@RCCloudDataUser@DM@RC@@QAE_NPAVIConfigDataNotify@23@@Z
??1RCCloudDataUser@DM@RC@@QAE@XZ
??0RCCloudDataUser@DM@RC@@QAE@W4RCConfigCenterCategory@12@@Z
?GetBoolValue@RCConfigUser@DM@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AA_N@Z
?UnInitilize@RCConfigUser@DM@RC@@QAEXXZ
?Initialize@RCConfigUser@DM@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6AXABURCNotifytHeadData@23@PB_WPAX@Z3@Z
??1RCConfigUser@DM@RC@@QAE@XZ
??0RCConfigUser@DM@RC@@QAE@W4RCConfigCenterCategory@12@@Z
?RegisterCloudData@RCCloudDataUser@DM@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z

kernel32

GetProcAddress
GetModuleHandleExW
CreateMutexW
ReleaseMutex
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetLastError
FileTimeToSystemTime
LoadLibraryW
FreeLibrary
CreateFileMappingW
QueryDosDeviceW
GetModuleFileNameW
GetEnvironmentVariableW
GetLogicalDriveStringsW
VirtualQuery
WriteFile
CreateFileW
HeapAlloc
InterlockedDecrement
InterlockedIncrement
ReadFile
TryEnterCriticalSection
EnterCriticalSection
CreateNamedPipeW
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
DisconnectNamedPipe
PostQueuedCompletionStatus
Sleep
GetModuleHandleA
IsBadReadPtr
CreateIoCompletionPort
ConnectNamedPipe
SetFilePointer
SetEndOfFile
DeleteFileW
GetFileSize
SetEvent
InterlockedExchange
SetLastError
InterlockedExchangeAdd
WaitForSingleObject
GlobalMemoryStatusEx
GetModuleHandleW
ExpandEnvironmentStringsW
GetVersionExW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
LocalFree
GetFileAttributesW
LoadResource
GetSystemInfo
LockResource
ResetEvent
CreateEventW
ResumeThread
WideCharToMultiByte
MultiByteToWideChar
GetACP
OpenProcess
WaitForMultipleObjects
GetTickCount
GetProcessHeap
HeapFree
LoadLibraryA
FindResourceW
lstrcmpiW
DeleteCriticalSection
GetFileAttributesExW
DeviceIoControl
GetFileSizeEx
FormatMessageW
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringW
SetFileAttributesW
GetTempPathW
FindFirstFileW
lstrlenW
GetCurrentDirectoryW
GetLongPathNameW
GetFullPathNameW
CreateDirectoryW
LoadLibraryExW
FindClose
FindNextFileW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GetFileTime
SetFileTime

user32

GetDesktopWindow
GetClassNameW
GetForegroundWindow
WindowFromPoint
GetSystemMetrics
GetWindowRect
GetWindowThreadProcessId
wsprintfW
IsWindow
GetShellWindow
GetParent

advapi32

RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFolderPathW

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_unlock
_Thrd_join
_Cnd_init
_Mtx_destroy
_Thrd_id
_Thrd_start
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

wcsrchr
__std_type_info_name
__RTDynamicCast
__CxxFrameHandler3
wcsstr
__std_exception_destroy
__std_exception_copy
strstr
memcpy
memset
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
memmove
memchr
_purecall
wcschr

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
_localtime64

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_initterm_e
_beginthreadex
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
ftell
__stdio_common_vswscanf
_wfopen_s
fclose
fseek
rewind
fwrite
fread
__stdio_common_vsprintf
__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi
atoi

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-string-l1-1-0

wcsncpy
tolower
_wcsicmp
_wcsnicmp
towlower
towupper
strpbrk
_stricmp

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

_except1
_dtest
modf

Exports

Exports

??0IConfigDataNotify@DM@RC@@QAE@$$QAV012@@Z
??0IConfigDataNotify@DM@RC@@QAE@ABV012@@Z
??0IConfigDataNotify@DM@RC@@QAE@XZ
??4IConfigDataNotify@DM@RC@@QAEAAV012@$$QAV012@@Z
??4IConfigDataNotify@DM@RC@@QAEAAV012@ABV012@@Z
??4RCCloudDataUser@DM@RC@@QAEAAV012@ABV012@@Z
??4RCConfigUser@DM@RC@@QAEAAV012@ABV012@@Z
??_7IConfigDataNotify@DM@RC@@6B@
??_FRCCloudDataUser@DM@RC@@QAEXXZ
??_FRCConfigUser@DM@RC@@QAEXXZ
?NotifyCloudValue@IConfigDataNotify@DM@RC@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?__autoclassinit2@RCCloudDataUser@DM@RC@@QAEXI@Z
?__autoclassinit2@RCConfigUser@DM@RC@@QAEXI@Z
GetPopupsMutexInstance
RCVBusGetModuleCount
RCVBusQueryModule
RCVBusReleaseModule

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dacddb0d8e84a9c35a03a3659f34e002

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

basicbusinessconfigcenter

kernel32

user32

advapi32

shell32

msvcp140

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 728KB - Virtual size: 728KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 728KB - Virtual size: 728KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB