hancitor | 14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec | Triage

Submit
Reports

Overview

overview

Static

static

14edb72021...ec.dll

windows7_x64

14edb72021...ec.dll

windows10-2004_x64

Sharing

Static task

static1

0912_1237732 hancitor

Behavioral task

behavioral1

Sample

14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec.dll

Resource

win7-20220414-en

hancitor 0912_1237732 downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec.dll

Resource

win10v2004-20220414-en

hancitor 0912_1237732 downloader

windows10-2004_x64

0 signatures

0 seconds

General

Target

14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec
Size

32KB
MD5

3269403f22012392c84afd2893d9b2c3
SHA1

dbbaa659b2df403dd029555f9cfbac1dad255723
SHA256

14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec
SHA512

6a0981a9565d2e1a9ad6cc126f0e29557f2a2ee8cf48a079ab24dc38c94553f2e90851d5043cc2a9da6a6d4153327efba2a3c22552bd095521be6d7a2f66c60f
SSDEEP

768:IKsRswq8lczikS02wYHzOCveQuQFyao9:xDOMYHzOCveQup

Score

10^/10

0912_1237732 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

0912_1237732

C2

http://featicent.com/4/forum.php

http://whysturprom.ru/4/forum.php

http://usseleteria.ru/4/forum.php

Signatures

Hancitor family
hancitor

Files

14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec
.dll windows x86

559d7f683356c58f04f061849901282c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetEnvironmentVariableA
lstrcatA
CreateProcessA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetThreadContext
SetThreadContext
ResumeThread
CloseHandle

Exports

Exports

Start
Stop

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy