hancitor | 08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60

Sharing

Copy URL

Twitter E-mail

General

Target

08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60
Size

25KB
MD5

f6b537bbe30240c5c9442dada66abb66
SHA1

c8246c32810e12f96eddab16ad5b7be34b0bffa8
SHA256

08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60
SHA512

13e6a0b8434744c3a8a3b79a56585862a74d2e7bb4fe0ed857fe37ecad53efe69a64bbf3d8f7a7c211fb18522677403311bcffeca763d8875037531bf0197461
SSDEEP

384:7aEcfgChsRCppm6ba2z+uVetR7DDBuBziBH4v5S029CBYGB+J6fRroCYdg0AGaBg:7KsRswq8lczikS02wYG9RUCYdj79

Score

10^/10

0411_2348732 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

0411_2348732

http://froloccenatr.com/4/forum.php

http://magnowin.ru/4/forum.php

http://imajobalgun.ru/4/forum.php

Signatures

Hancitor family
hancitor

Files

08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60
.exe windows x86

61994e37ff5c591f92cfcfebd25838de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle

iphlpapi

GetAdaptersAddresses

psapi

GetProcessImageFileNameA
EnumProcesses

ntdll

RtlDecompressBuffer

kernel32

GetComputerNameA
CreateFileA
GetTempFileNameA
HeapAlloc
HeapFree
GetProcessHeap
GetVersion
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetVolumeInformationA
ExitProcess
Sleep
GetProcAddress
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualFreeEx
OpenProcess
TerminateProcess
CreateThread
GetProcessId
GetLastError
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
WriteFile
CloseHandle
GetSystemInfo
lstrcmpiA
lstrcatA
LoadLibraryA
GetModuleHandleA
CreateProcessA
GetEnvironmentVariableA
GetTempPathA

user32

wsprintfA

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidA
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

61994e37ff5c591f92cfcfebd25838de

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

psapi

ntdll

kernel32

user32

advapi32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 528B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 528B