hancitor | aa84b4087bda1a4d583a99fc1617cd72b6bd66eed177bddcc3714291e3ee7c92

General

Target

aa84b4087bda1a4d583a99fc1617cd72b6bd66eed177bddcc3714291e3ee7c92
Size

24KB
MD5

bc3c8012669b371199719fb587897808
SHA1

c7ea1512f20610b525344d1bde6c3b97ee640526
SHA256

aa84b4087bda1a4d583a99fc1617cd72b6bd66eed177bddcc3714291e3ee7c92
SHA512

9365ad925aecd0927d17b4c2422a687dc089599afad6c667e91eca044d8b2da3c0496516be5172b39dc5ded7eb10721094296af8524adfb51e90a36c0eac8aea
SSDEEP

384:5BEXd415iwqtg02Sp9exvoP61NrVEGB8R2BCBY0a3qGc2OAu3vCVSkvUSCY1cBD:57ji9AklF20Y0a3qGiTfC0GUSCjD

Score

10^/10

11hjd03 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

11hjd03

C2

http://etsofevenghen.com/4/forum.php

http://hincasupheck.ru/4/forum.php

http://seromratbo.ru/4/forum.php

Signatures

Hancitor family
hancitor

Files

aa84b4087bda1a4d583a99fc1617cd72b6bd66eed177bddcc3714291e3ee7c92
.exe windows x86

4d104301e28b23afbf41d1118e25f2ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle

iphlpapi

GetAdaptersAddresses

psapi

GetProcessImageFileNameA
EnumProcesses

ntdll

RtlDecompressBuffer

kernel32

GetComputerNameA
CreateFileA
GetTempFileNameA
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
GetVersion
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetVolumeInformationA
ExitProcess
Sleep
GetProcAddress
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualFreeEx
OpenProcess
TerminateProcess
CreateThread
GetProcessId
GetLastError
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
WriteFile
CloseHandle
GetSystemInfo
lstrcmpiA
lstrcatA
LoadLibraryA
GetModuleHandleA
CreateProcessA
GetEnvironmentVariableA
GetTempPathA

user32

wsprintfA

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidA
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

4d104301e28b23afbf41d1118e25f2ab

Headers

File Characteristics

Imports

wininet

iphlpapi

psapi

ntdll

kernel32

user32

advapi32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 12KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 12KB