hancitor | aad17da13584a8a65474857a7512ad0f8aaa45812f01181d1b73cf44b3d6839d

General

Target

aad17da13584a8a65474857a7512ad0f8aaa45812f01181d1b73cf44b3d6839d
Size

25KB
MD5

f79fd035c10a115c3a7a9414d6ccf042
SHA1

c18d8cf557003d2b15f6b586b8ccf270f26a81fa
SHA256

aad17da13584a8a65474857a7512ad0f8aaa45812f01181d1b73cf44b3d6839d
SHA512

16b21a270f0a3c7a20d41961cae63bbab8b94892018fcf68600244bad57c50f596085359fbdcc6058b4776858ce0b0ab9a33743d381deda42209664abb4147c7
SSDEEP

384:MqiRE7xFXAHCJH9ZL8K+nEJqst8v2g67FoG1GP2Bn6BjCWoluPgEhnIAEFauCxV8:EsukEZMOvTG1GP29OjsmIANZ1

Score

10^/10

2205_674384 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

2205_674384

C2

http://kingusaref.com/4/forum.php

http://retnejustren.ru/4/forum.php

http://tansinmaked.ru/4/forum.php

Signatures

Hancitor family
hancitor

Files

aad17da13584a8a65474857a7512ad0f8aaa45812f01181d1b73cf44b3d6839d
.exe windows x86

50fb17c5268816d1185c96a2da92789e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle

iphlpapi

GetAdaptersAddresses

psapi

GetProcessImageFileNameA
EnumProcesses

ntdll

RtlDecompressBuffer

kernel32

GetComputerNameA
CreateFileA
GetTempFileNameA
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
GetVersion
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetVolumeInformationA
ExitProcess
Sleep
lstrcatA
GetModuleFileNameA
CreateProcessA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualFreeEx
OpenProcess
TerminateProcess
CreateThread
GetProcessId
GetLastError
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
WriteFile
CloseHandle
GetSystemInfo
lstrcmpiA
LoadLibraryA
GetModuleHandleA
GetEnvironmentVariableA
GetTempPathA

user32

wsprintfA

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidA
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

50fb17c5268816d1185c96a2da92789e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

psapi

ntdll

kernel32

user32

advapi32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 9KB