0f0f91e6302d77af18cfbbf4db66b97b9c1eace24fc34333e690aa950ab7e361

Sharing

Copy URL

Twitter E-mail

General

Target

0f0f91e6302d77af18cfbbf4db66b97b9c1eace24fc34333e690aa950ab7e361
Size

2.1MB
MD5

58800f03461d66bc2e0e32ae53ba9a61
SHA1

f56fde2e63e0dff2e334d7faaccda875ec0fce38
SHA256

0f0f91e6302d77af18cfbbf4db66b97b9c1eace24fc34333e690aa950ab7e361
SHA512

575ab4ba9b308f861b3101c8c377ce669d0c7f1279f9a94ff439340f47247b78d9a731ffb42851b6546a04df3a9fd2c14f6be495973a2b69d73c283eb7611fb1
SSDEEP

49152:lIf13jtcCgwkOHV2kGYzD2w6DRIAXQtzDtT7DC0k3:+V2kGqD2wl+QtPU0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f0f91e6302d77af18cfbbf4db66b97b9c1eace24fc34333e690aa950ab7e361

Files

0f0f91e6302d77af18cfbbf4db66b97b9c1eace24fc34333e690aa950ab7e361
.dll windows:5 windows x64 arch:x64

bc239276e35c05d0c95c7121176b473c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\RhinoProtect\Publish\OutPut\bin\Win32\Release\pdb\ProtectApi64.pdb

Imports

netapi32

NetApiBufferFree
NetLocalGroupGetMembers

kernel32

GetEnvironmentVariableW
GetLogicalDriveStringsW
GetPrivateProfileStringW
CreateMutexW
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
SetFileAttributesW
MultiByteToWideChar
RaiseException
DecodePointer
DeleteCriticalSection
LocalAlloc
LocalFree
ReadFile
WaitForSingleObject
QueryDosDeviceW
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
PeekNamedPipe
CreateFileW
GetExitCodeThread
Sleep
SetEvent
ResetEvent
GetOverlappedResult
IsBadReadPtr
WaitNamedPipeW
OpenMutexW
IsBadStringPtrW
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
GetExitCodeProcess
CloseHandle
GetLastError
CreateEventW
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
OpenProcess
EnterCriticalSection
CreateDirectoryW
GlobalMemoryStatusEx
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
FormatMessageW
WideCharToMultiByte
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
CreateProcessW
GetVersionExW
GlobalAlloc
GlobalFree
LockResource
GetSystemInfo
LoadResource
FindResourceW
lstrcmpiW
ExpandEnvironmentStringsW
LoadLibraryExW
SetFileTime
SetFilePointer
SetEndOfFile
GetFileSize
GetFileTime
GetACP
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
ResumeThread
FindNextFileW
FindClose
FileTimeToSystemTime
GetFullPathNameW
lstrlenW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
GetWindowsDirectoryW
MoveFileExW
CopyFileW
GetTempFileNameW
MoveFileW
ReleaseMutex
GetFileSizeEx
DeviceIoControl
GetLocalTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetStdHandle
GetFileType
RtlUnwindEx
RtlPcToFileHeader
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
HeapReAlloc
GetStringTypeW
HeapSize
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW

user32

wsprintfW
SetForegroundWindow
GetWindowLongW
IsWindowVisible
SendMessageW
ShowWindow
IsWindow

advapi32

QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
GetUserNameW

shell32

ShellExecuteExW
SHChangeNotify
SHGetMalloc
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgClose
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW

Exports

Exports

CreateObject
DestroyObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc239276e35c05d0c95c7121176b473c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

kernel32

user32

advapi32

shell32

ole32

version

crypt32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 518KB - Virtual size: 517KB

.data Size: 19KB - Virtual size: 29KB

.pdata Size: 59KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 518KB - Virtual size: 517KB

.data
Size: 19KB - Virtual size: 29KB

.pdata
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB