hancitor | 5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb

General

Target

5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb
Size

33KB
MD5

bb57da88bd07053adc16c72d8b3a45c7
SHA1

8d7c5098da846735259a217cfeab87f229e325f6
SHA256

5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb
SHA512

3f59f55547ef64e6ed7f678d317392e90f04bc20cf48e07c05af3e776f71e6b005ffa89d2d3b65de0662ce74d5226e8eb1903ee074ac940b22e5dc9a6a0482de
SSDEEP

384:MqwRE7xFXAHCJH9ZL8K+nEJqst8v2g67Ff1GP2Bn6BjCWoluPgEhnIAEFauCxVi7:2sukEZMOv21GP29OjsmIANZ16

Score

10^/10

2205_674384 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

2205_674384

C2

http://kingusaref.com/4/forum.php

http://retnejustren.ru/4/forum.php

http://tansinmaked.ru/4/forum.php

Signatures

Hancitor family
hancitor

Files

5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb
.exe windows x86

50fb17c5268816d1185c96a2da92789e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle

iphlpapi

GetAdaptersAddresses

psapi

GetProcessImageFileNameA
EnumProcesses

ntdll

RtlDecompressBuffer

kernel32

GetComputerNameA
CreateFileA
GetTempFileNameA
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
GetVersion
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetVolumeInformationA
ExitProcess
Sleep
lstrcatA
GetModuleFileNameA
CreateProcessA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualFreeEx
OpenProcess
TerminateProcess
CreateThread
GetProcessId
GetLastError
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
WriteFile
CloseHandle
GetSystemInfo
lstrcmpiA
LoadLibraryA
GetModuleHandleA
GetEnvironmentVariableA
GetTempPathA

user32

wsprintfA

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidA
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

50fb17c5268816d1185c96a2da92789e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

psapi

ntdll

kernel32

user32

advapi32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 9KB