H1TM4N antivirus[.]zip

Resubmissions

01/02/2023, 10:27

230201-mhhmvach27 8

01/02/2023, 10:24

230201-mfrgzaef91 8

Sharing

Copy URL Twitter E-mail

General

Target

H1TM4N antivirus.zip
Size

13.6MB
MD5

a42678caa5590471ed3190cfebcbda4e
SHA1

458abe8d6d4fa365857cd69733fbe7e44907c486
SHA256

0018ac91e617f1de60854f31b5e03b0a2d60c9a7935bae27ce507ac82b4e1c1c
SHA512

2823139ae9c481af8e782bc4935dde9d1154da7b41c7df89051354a6a84553878316291c2952b2f73af84588a6787311ef174b72eaa981a8b146d8b3425d5e88
SSDEEP

393216:30k0LUNDEi8xsdlgtbOmFem4FKyX4TUHSYpuLF9DTW7rtENvwV2g:CW58YOtBIm4gTl+uLjDsYvwV2g

Score

N/A

Malware Config

Signatures

Files

H1TM4N antivirus.zip
.zip
H1TM4N antivirus/Artista Pirata - Recursos para Diseño gráfico y fotografía.url
.url
H1TM4N antivirus/INSTRAGRAM.url
.url
H1TM4N antivirus/Síguenos en Facebook.url
.url
H1TM4N antivirus/hitman 32 Bits.exe
.exe windows x86

e0dd807d25a5ce15a98a2186e8189d41

Code Sign

21:ee:dd:b6:e3:d7:f7:ae:49:70:36:88:d6:c9:5b:fb
Certificate

Issuer

CN=HitmanPro 3.8

Not Before

31/12/2017, 23:00

Not After

31/12/2039, 23:00

Subject

CN=HitmanPro 3.8

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:58:6f:e6:6d:a8:91:44:e0:25:28:29:02:c3:21:d5:3d:9c:96:c6
Signer

Actual PE Digest

77:58:6f:e6:6d:a8:91:44:e0:25:28:29:02:c3:21:d5:3d:9c:96:c6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HitmanPro 3.8

03/12/2019, 18:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetLastError
WaitForMultipleObjects
CreateEventW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
SignalObjectAndWait
TerminateThread
Sleep
VirtualAlloc
VirtualFree
OpenProcess
VirtualQueryEx
WaitForSingleObjectEx
CreateWaitableTimerW
SetWaitableTimer
GetVersion
LocalAlloc
LocalFree
GetProcAddress
GlobalMemoryStatus
FreeLibrary
Heap32ListNext
Heap32Next
QueryPerformanceCounter
Heap32First
Heap32ListFirst
GetTickCount
GetSystemTimeAsFileTime
Thread32First
Thread32Next
VirtualUnlock
LoadLibraryA
Process32FirstW
VirtualLock
Module32FirstW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
Module32NextW
GetCurrentProcessId
QueryPerformanceFrequency
SetThreadPriority
GetCurrentThread
LocalFileTimeToFileTime
FileTimeToSystemTime
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileW
DeviceIoControl
GetFileInformationByHandle
GetModuleHandleA
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
SystemTimeToFileTime
CompareFileTime
GetLocalTime
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
OutputDebugStringW
WriteFile
ReadFile
PeekNamedPipe
WaitNamedPipeW
GetCalendarInfoW
SetLastError
InterlockedCompareExchange
GetFileSizeEx
FormatMessageW
FileTimeToLocalFileTime
GetLocaleInfoW
TryEnterCriticalSection
InterlockedIncrement
GetTempPathW
RemoveDirectoryW
FindFirstFileW
FindClose
FindNextFileW
GetFileAttributesW
GetCurrentProcess
RegisterWaitForSingleObject
InterlockedExchange
UnregisterWaitEx
FlushFileBuffers
DisconnectNamedPipe
GetOverlappedResult
InterlockedDecrement
GetComputerNameW
GetFileAttributesExW
GetFileTime
SetFileTime
VerifyVersionInfoW
VerSetConditionMask
ResumeThread
GetCommandLineW
CreateProcessW
ConvertDefaultLocale
GetLogicalDriveStringsW
QueryDosDeviceW
SetThreadAffinityMask
DeleteFileW
GetModuleFileNameW
SetErrorMode
GetStdHandle
GetDriveTypeW
GetVolumeInformationW
GetFileSize
SetFileAttributesW
CopyFileW
TerminateProcess
GetNumberFormatW
GetVersionExW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetProcessTimes
LoadLibraryW
GlobalAlloc
OpenEventW
AllocConsole
LoadLibraryExW
MultiByteToWideChar
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
OpenThread
SuspendThread
GetThreadContext
SetThreadContext
SearchPathW
GetSystemDirectoryA
LoadLibraryExA
DuplicateHandle
CreateSemaphoreW
ReleaseSemaphore
GetEnvironmentVariableW
WideCharToMultiByte
GetSystemTime
GetExitCodeProcess
CreateHardLinkW
GetVolumeInformationA
ExpandEnvironmentStringsW
SetHandleInformation
CreateNamedPipeW
ConnectNamedPipe
GetThreadPriority
GetLongPathNameW
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
RaiseException
MoveFileW
GetCurrentDirectoryW
GetCurrentDirectoryA
GlobalFree
SetEndOfFile
SetFilePointerEx
FormatMessageA
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
UnlockFile
LockFile
UnlockFileEx
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
ExitProcess
SetNamedPipeHandleState
UnhandledExceptionFilter
IsDebuggerPresent
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetStartupInfoW
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringA
lstrlenA

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
H1TM4N antivirus/hitman 64 Bits.exe
.exe windows x64

56ba0ac689587fa38a8c95ee361835e9

Code Sign

21:ee:dd:b6:e3:d7:f7:ae:49:70:36:88:d6:c9:5b:fb
Certificate

Issuer

CN=HitmanPro 3.8

Not Before

31/12/2017, 23:00

Not After

31/12/2039, 23:00

Subject

CN=HitmanPro 3.8

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8a:23:81:05:23:ec:0b:0e:fb:de:eb:a5:d2:e7:68:56:e3:8b:56:a6
Signer

Actual PE Digest

8a:23:81:05:23:ec:0b:0e:fb:de:eb:a5:d2:e7:68:56:e3:8b:56:a6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HitmanPro 3.8

03/12/2019, 16:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleW
GetLastError
WaitForMultipleObjects
CreateEventW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
SignalObjectAndWait
TerminateThread
Sleep
VirtualAlloc
VirtualFree
OpenProcess
VirtualQueryEx
WaitForSingleObjectEx
CreateWaitableTimerW
SetWaitableTimer
GetVersion
LocalAlloc
LocalFree
GetProcAddress
GlobalMemoryStatus
FreeLibrary
Heap32ListNext
Heap32Next
QueryPerformanceCounter
Heap32First
Heap32ListFirst
GetTickCount
GetSystemTimeAsFileTime
Thread32First
Thread32Next
VirtualUnlock
LoadLibraryA
Process32FirstW
VirtualLock
Module32FirstW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
Module32NextW
GetCurrentProcessId
QueryPerformanceFrequency
SetThreadPriority
GetCurrentThread
LocalFileTimeToFileTime
FileTimeToSystemTime
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileW
DeviceIoControl
GetFileInformationByHandle
GetModuleHandleA
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
SystemTimeToFileTime
CompareFileTime
GetLocalTime
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
OutputDebugStringW
WriteFile
ReadFile
PeekNamedPipe
WaitNamedPipeW
GetCalendarInfoW
SetLastError
GetFileSizeEx
FormatMessageW
FileTimeToLocalFileTime
GetLocaleInfoW
TryEnterCriticalSection
GetTempPathW
RemoveDirectoryW
FindFirstFileW
FindClose
FindNextFileW
GetFileAttributesW
GetCurrentProcess
RegisterWaitForSingleObject
UnregisterWaitEx
FlushFileBuffers
DisconnectNamedPipe
GetOverlappedResult
GetComputerNameW
GetFileAttributesExW
GetFileTime
SetFileTime
VerifyVersionInfoW
VerSetConditionMask
ResumeThread
GetCommandLineW
CreateProcessW
ConvertDefaultLocale
GetLogicalDriveStringsW
QueryDosDeviceW
SetThreadAffinityMask
DeleteFileW
GetModuleFileNameW
SetErrorMode
GetStdHandle
GetDriveTypeW
GetVolumeInformationW
GetFileSize
SetFileAttributesW
CopyFileW
TerminateProcess
GetNumberFormatW
GetVersionExW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetProcessTimes
LoadLibraryW
GlobalAlloc
OpenEventW
AllocConsole
LoadLibraryExW
MultiByteToWideChar
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
OpenThread
SuspendThread
GetThreadContext
SetThreadContext
SearchPathW
GetSystemDirectoryA
LoadLibraryExA
DuplicateHandle
CreateSemaphoreW
ReleaseSemaphore
GetEnvironmentVariableW
WideCharToMultiByte
GetSystemWow64DirectoryW
GetSystemTime
GetExitCodeProcess
CreateHardLinkW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetVolumeInformationA
ExpandEnvironmentStringsW
SetHandleInformation
CreateNamedPipeW
ConnectNamedPipe
GetThreadPriority
GetLongPathNameW
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
MoveFileW
GetCurrentDirectoryW
GetCurrentDirectoryA
GlobalFree
SetEndOfFile
SetFilePointerEx
FormatMessageA
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
UnlockFile
LockFile
UnlockFileEx
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
ExitProcess
SetNamedPipeHandleState
GetStringTypeW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetACP
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetFileType
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
lstrlenA

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

e0dd807d25a5ce15a98a2186e8189d41

Code Sign

21:ee:dd:b6:e3:d7:f7:ae:49:70:36:88:d6:c9:5b:fbCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

77:58:6f:e6:6d:a8:91:44:e0:25:28:29:02:c3:21:d5:3d:9c:96:c6Signer

Signature Validations

Verification

03/12/2019, 18:07 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 640KB - Virtual size: 640KB

.data Size: 62KB - Virtual size: 80KB

.rsrc Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 168KB - Virtual size: 168KB

56ba0ac689587fa38a8c95ee361835e9

Code Sign

21:ee:dd:b6:e3:d7:f7:ae:49:70:36:88:d6:c9:5b:fbCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

8a:23:81:05:23:ec:0b:0e:fb:de:eb:a5:d2:e7:68:56:e3:8b:56:a6Signer

Signature Validations

Verification

03/12/2019, 16:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 80KB - Virtual size: 102KB

.pdata Size: 117KB - Virtual size: 116KB

.rsrc Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 20KB - Virtual size: 19KB

21:ee:dd:b6:e3:d7:f7:ae:49:70:36:88:d6:c9:5b:fb
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

77:58:6f:e6:6d:a8:91:44:e0:25:28:29:02:c3:21:d5:3d:9c:96:c6
Signer

03/12/2019, 18:07
Valid: false

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 640KB - Virtual size: 640KB

.data
Size: 62KB - Virtual size: 80KB

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 168KB - Virtual size: 168KB

21:ee:dd:b6:e3:d7:f7:ae:49:70:36:88:d6:c9:5b:fb
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

8a:23:81:05:23:ec:0b:0e:fb:de:eb:a5:d2:e7:68:56:e3:8b:56:a6
Signer

03/12/2019, 16:57
Valid: false

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 80KB - Virtual size: 102KB

.pdata
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 20KB - Virtual size: 19KB