hancitor | ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0

Sharing

Copy URL

Twitter E-mail

General

Target

ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0
Size

20KB
MD5

a2dd642315f3cc6b44241c31ec964ea3
SHA1

6a2426de100f63c884a54ed12013e3094e6fe10b
SHA256

ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0
SHA512

843e056ea08680540f2338c2c73e71777e9b395273bb56480f121d2074f1bb7957f798c198bd1840b2fc2b74a756a6c7be621ee545e2aab3f1212f176d7f5bae

Score

10^/10

2311_nsdir hancitor

Malware Config

Extracted

Family

hancitor

Botnet

2311_nsdir

http://templogio.com/9/forum.php

http://johommeract.ru/9/forum.php

http://amesibiquand.ru/9/forum.php

Signatures

Hancitor family
hancitor

Files

ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0
.dll windows x86

57265d838ef6737ecad7f941f2f02016

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA
InternetCrackUrlA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
InternetReadFile
InternetConnectA

iphlpapi

GetAdaptersAddresses

netapi32

DsEnumerateDomainTrustsA

ntdll

RtlDecompressBuffer

kernel32

K32GetProcessImageFileNameA
K32EnumProcesses
GetComputerNameA
HeapAlloc
HeapFree
GetProcessHeap
Sleep
lstrcpyA
GetVolumeInformationA
GetVersion
GetWindowsDirectoryA
lstrcatA
lstrlenA
GetEnvironmentVariableA
CreateFileA
WriteFile
GetTempPathA
GetTempFileNameA
CloseHandle
GetLastError
TerminateProcess
CreateThread
CreateRemoteThread
ResumeThread
CreateProcessA
GetProcessId
GetThreadContext
SetThreadContext
OpenProcess
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcmpiA

user32

wsprintfA

advapi32

CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
OpenProcessToken
CryptAcquireContextA
LookupAccountSidA
GetTokenInformation

Exports

Exports

GWCRALYCYIAUAFG

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

57265d838ef6737ecad7f941f2f02016

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

netapi32

ntdll

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 412B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 412B