hkcmd[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

hkcmd.exe
Size

176KB
MD5

ff59da6015ea812aa8e8dd7b61ef733e
SHA1

30ca0b460a87a136ee29f2c5f1f2d4132a3058ba
SHA256

6bcf1541235953258143a8598e4f2cfa774e5843de14458c4f86a7d8159bbd9c
SHA512

d86d5741257327b4fcb76d79a77cf175ae0efc50a568194255d76f15dcf1232d4c70a9d564ab2991c93b48fbdc7abe489cac852a5bd2138f9545e75b177f2e01
SSDEEP

3072:03oxHRSxcE/YxNnjKBaXGhPYlas9RyOhoVVR/gvtt:fMcTxxjxOAl1PhoXCvL

Score

N/A

Malware Config

Signatures

Files

hkcmd.exe
.exe windows x86

cff960a930710df9ad19783f7d2e4ed3

Code Sign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16-02-2006 18:01

Not After

19-02-2016 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:9b:73:e1:00:01:00:00:90:80
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

06-08-2012 17:06

Not After

15-05-2015 19:35

Subject

CN=Intel Corporation - Software and Firmware Products,OU=Intel Architecture Group,O=Intel Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15-05-2009 19:25

Not After

15-05-2015 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:6d:2e:21:61:1a:2d:e2:1a:aa:e4:37:ad:19:59:61:2f:17:d7:9b
Signer

Actual PE Digest

a0:6d:2e:21:61:1a:2d:e2:1a:aa:e4:37:ad:19:59:61:2f:17:d7:9b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation - Software and Firmware Products,OU=Intel Architecture Group,O=Intel Corporation

09-04-2014 20:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hccutils

LoadICON
InitializeKeyHook
FindResources
LoadSTRINGFromHKCU
LoadSTRING

kernel32

GetProcAddress
GetModuleHandleA
CreateProcessA
FreeLibrary
LoadLibraryA
GetVersionExA
CloseHandle
GetLastError
InterlockedDecrement
SearchPathA
CompareFileTime
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcmpiA
InterlockedIncrement
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetWindowsDirectoryA
Sleep
CreateMutexA
GetCurrentThreadId
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCurrentProcessId
SetLastError
SetFilePointer
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
WriteFile
HeapCreate
HeapReAlloc
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
LCMapStringW
TlsFree
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
LocalFree
TerminateProcess
UnhandledExceptionFilter
GetLocaleInfoA
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
IsDebuggerPresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
SetUnhandledExceptionFilter

user32

PostThreadMessageA
SendMessageA
UnregisterClassA
wsprintfA
CharNextW
GetCursorPos
EnumDisplaySettingsA
IsWindow
CallWindowProcA
GetWindowLongA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
LoadKeyboardLayoutA
ActivateKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
GetKeyboardLayout
GetKeyboardLayoutList
LoadCursorA
GetClassInfoExA
SetWindowLongA
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA
PeekMessageA
SetWindowTextA
CreateDialogParamA
ShowWindow
PostQuitMessage
DefWindowProcA
DestroyWindow
GetDlgItem
GetDesktopWindow
GetWindowRect
CharNextA

advapi32

RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA

ole32

CoCreateInstance
CoRevokeClassObject
CoTaskMemRealloc
CoSuspendClassObjects
CoTaskMemAlloc
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitialize

oleaut32

LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
VariantClear
SysStringLen

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cff960a930710df9ad19783f7d2e4ed3

Code Sign

05:b0:ffCertificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:0b:dc:8f:00:00:00:00:00:1aCertificate

Key Usages

2f:9b:73:e1:00:01:00:00:90:80Certificate

Extended Key Usages

Key Usages

61:1e:80:b7:00:00:00:00:00:07Certificate

Key Usages

a0:6d:2e:21:61:1a:2d:e2:1a:aa:e4:37:ad:19:59:61:2f:17:d7:9bSigner

Signature Validations

Verification

09-04-2014 20:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

hccutils

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 19KB - Virtual size: 26KB

.rsrc Size: 3KB - Virtual size: 3KB

05:b0:ff
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

2f:9b:73:e1:00:01:00:00:90:80
Certificate

61:1e:80:b7:00:00:00:00:00:07
Certificate

a0:6d:2e:21:61:1a:2d:e2:1a:aa:e4:37:ad:19:59:61:2f:17:d7:9b
Signer

09-04-2014 20:54
Valid: false

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 19KB - Virtual size: 26KB

.rsrc
Size: 3KB - Virtual size: 3KB