stkhcl32[.]dll[.]7z

Resubmissions

02-03-2023 14:13

230302-rje1kadc45 7

02-03-2023 14:12

02-03-2023 14:11

02-03-2023 14:10

02-03-2023 14:08

Sharing

Copy URL

Twitter E-mail

General

Target

stkhcl32.dll.7z
Size

8.4MB
MD5

903a766301bd69840c8ab4312dd0272e
SHA1

c2ce6978015676ca4534f27735ccc73f5d0506c9
SHA256

ab70d29d52622c352ad8f36a6fc58a7c0a28d01c9ce25c5e3c97991be9c1cbe4
SHA512

de35dfceabf6a7ddda6cd9c1051edb799fce8b3d7d53fbafebc764c77eb8b575939e784cebf556dc9fb83164cbb1df2a26f25b864b589ce83726b990fcab6b31
SSDEEP

196608:/nSpkvZlBEqXI+4HL2+13dEXYIhnA0PbpBiIajhNA:fqkyRreYCVg/

Score

1^/10

Malware Config

Signatures

Files

stkhcl32.dll.7z
.7z

Password: infected
stkhcl32.dll
.dll windows x64

Password: infected

b9e3758ac686941eb9a83660334bf205

Code Sign

0b:b7:17:ac:21:60:17:22:8b:5a:50:af:26:aa:7a:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-01-2020 00:00

Not After

10-02-2021 12:00

Subject

SERIALNUMBER=1147746831220,CN=LLC \"Stakhanovets\",O=LLC \"Stakhanovets\",L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:61:1f:a3:ae:3f:fc:50:74:5c:9b:0c:42:17:93:bc:46:bd:08:94:71:bd:15:ec:bc:20:90:e0:f8:e9:c0:49
Signer

Actual PE Digest

9e:61:1f:a3:ae:3f:fc:50:74:5c:9b:0c:42:17:93:bc:46:bd:08:94:71:bd:15:ec:bc:20:90:e0:f8:e9:c0:49

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=1147746831220,CN=LLC \"Stakhanovets\",O=LLC \"Stakhanovets\",L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

03-04-2020 12:57
Valid: true

Chain 1

SERIALNUMBER=1147746831220,CN=LLC \"Stakhanovets\",O=LLC \"Stakhanovets\",L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileA
TerminateProcess
GetCurrentThreadId
lstrcatA
SetErrorMode
SetProcessShutdownParameters
ExitProcess
OpenMutexA
FreeLibraryAndExitThread
GetComputerNameExA
MoveFileExA
GetLocalTime
SetSystemTime
ExitThread
ExpandEnvironmentStringsA
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
TryEnterCriticalSection
ResumeThread
ResetEvent
MoveFileA
LoadLibraryExA
GetShortPathNameW
CreateProcessW
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
WaitNamedPipeA
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
WriteFile
SetFileTime
LocalFileTimeToFileTime
FindClose
FindFirstFileA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
lstrcpynW
FindFirstFileW
FindNextFileW
lstrcatW
WaitForMultipleObjects
WTSGetActiveConsoleSessionId
GlobalSize
AreFileApisANSI
GetFileAttributesW
CopyFileExW
SetLastError
MoveFileWithProgressW
GetFullPathNameW
GetModuleFileNameW
GetTempPathW
GetACP
CreateDirectoryW
GetSystemTimes
GetSystemInfo
LocalFree
WideCharToMultiByte
GlobalAlloc
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
CancelIo
GetFileAttributesA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
SetFileAttributesA
RemoveDirectoryA
GetComputerNameA
LockResource
SizeofResource
LoadResource
FindResourceA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryA
GetExitCodeProcess
FindNextFileA
GetModuleFileNameA
LocalAlloc
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
VirtualAllocEx
GetProcessTimes
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSetInformation
GetModuleHandleW
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetStdHandle
GetCommandLineA
FlsSetValue
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileMappingA
CreateMutexW
FormatMessageA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetVersionExW
HeapCreate
HeapDestroy
HeapSize
HeapValidate
HeapCompact
LoadLibraryW
LockFile
LockFileEx
SetEndOfFile
UnlockFile
UnlockFileEx
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
FlushViewOfFile
ReleaseMutex
CreateProcessA
VirtualProtect
GetDriveTypeA
lstrcpyA
GetCurrentThread
CreateMutexA
CreateFileA
DeviceIoControl
GetLastError
FlushFileBuffers
CreateFileW
GetFileSizeEx
SetFilePointer
ReadFile
LoadLibraryA
WriteProcessMemory
Sleep
FlushInstructionCache
ReadProcessMemory
OpenProcess
GetModuleHandleA
GetProcAddress
ProcessIdToSessionId
GetLogicalDrives
QueryDosDeviceW
GetLongPathNameW
DuplicateHandle
lstrcmpW
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
UnmapViewOfFile
CreateEventA
CreateThread
TerminateThread
WaitForSingleObject
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalFree
GlobalGetAtomNameA
GlobalAddAtomA
GlobalDeleteAtom
GetVersionExA
lstrcmpA
lstrcmpiA
lstrcpynA
OpenEventA
SetEvent
CloseHandle
lstrcpyW
lstrlenW
lstrlenA
lstrcmpiW
GetSystemTimeAsFileTime
DeleteFileW
InitializeCriticalSection
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
IsBadWritePtr
GetTempPathA

user32

LockWorkStation
EnumWindows
SetWindowsHookExA
CallNextHookEx
SystemParametersInfoA
MonitorFromPoint
GetMonitorInfoA
CopyRect
IntersectRect
GetDC
PeekMessageW
DrawTextA
SetRect
GetSystemMetrics
SendNotifyMessageA
FreeDDElParam
LoadIconA
SetTimer
CopyIcon
GetClassLongPtrA
GetWindowTextLengthW
UnpackDDElParam
PostMessageA
InSendMessage
GetWindowThreadProcessId
GetForegroundWindow
IsWindowVisible
IsWindow
MessageBoxW
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
FillRect
SetCursor
LoadCursorA
UpdateWindow
EnableWindow
EndDialog
GetDlgItemTextA
SetForegroundWindow
SendDlgItemMessageA
SetFocus
GetDlgItem
SetDlgItemTextA
DialogBoxParamW
ReleaseDC
LoadImageA
DrawIconEx
GetClipboardSequenceNumber
GetClipboardData
IsClipboardFormatAvailable
UnregisterClassA
CharLowerW
wsprintfW
SendMessageTimeoutA
ToUnicodeEx
GetKeyboardLayout
GetWindowLongA
SetDlgItemTextW
GetClassNameA
IsIconic
PostThreadMessageA
GetWindowRect
CloseDesktop
SetThreadDesktop
OpenDesktopA
GetWindow
GetParent
FindWindowExA
DestroyIcon
RegisterWindowMessageA
GetAncestor
GetGUIThreadInfo
GetDesktopWindow
WindowFromPoint
InternalGetWindowText
CloseClipboard
OpenClipboard
GetIconInfo
DrawTextW
ShowWindow
CreateDialogParamW
GetWindowTextLengthA
SetClipboardData
SetProcessWindowStation
OpenWindowStationA
CloseWindowStation
GetProcessWindowStation
OpenInputDesktop
SetPropA
RemovePropA
DefWindowProcW
IsWindowUnicode
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
EmptyClipboard
CharUpperA
FindWindowA
GetPropA
GetCursorPos
SetWindowPos
SetWindowLongA
UnhookWindowsHookEx
GetUserObjectInformationA
RegisterHotKey
GetKeyState
GetAsyncKeyState
GetThreadDesktop
DispatchMessageW
IsDialogMessageA
IsDialogMessageW
UnregisterHotKey
CountClipboardFormats

gdi32

GdiSetBatchLimit
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateFontA
StretchBlt
SetBrushOrgEx
SetStretchBltMode
GetObjectA
GetBitmapBits
SelectObject
SetTextColor
CreateDIBitmap
DeleteObject
SetBkMode

shlwapi

StrRChrA
PathFindExtensionA
StrCSpnW
StrToIntA
StrChrW
PathAppendW
PathFindExtensionW
StrCmpNIA
StrToIntW
PathMatchSpecW
StrCmpIW
UrlGetPartW
StrStrW
StrStrA
PathRemoveFileSpecW
StrStrIA
PathRemoveFileSpecA
StrChrA
UrlGetPartA
StrCmpW
StrTrimW
PathUnExpandEnvStringsA
StrCmpNA
StrToInt64ExA
PathMatchSpecA
StrTrimA
StrStrIW
PathAppendA
PathFindFileNameA
PathFindFileNameW
StrCmpNIW
PathAddBackslashW
StrChrIW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
CommandLineToArgvW
SHCreateDirectoryExW
SHCreateDirectoryExA
ord680
ShellExecuteA
DoEnvironmentSubstA
DragQueryFileW
SHGetPathFromIDListW
DoEnvironmentSubstW
Shell_NotifyIconW
Shell_NotifyIconA

advapi32

CreateProcessAsUserA
OpenProcessToken
StartServiceCtrlDispatcherA
SetTokenInformation
DuplicateTokenEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenThreadToken
RegEnumKeyExA
RegDeleteValueA
RegQueryValueExW
RegCreateKeyExA
CreateServiceW
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
CloseServiceHandle
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CreateServiceA
DeleteService
StartServiceA
ChangeServiceConfigA
SetServiceStatus
RegisterServiceCtrlHandlerExA
RevertToSelf
ImpersonateLoggedOnUser
LogonUserA
InitiateSystemShutdownExW
ConvertSidToStringSidA
GetTokenInformation
AdjustTokenPrivileges

wtsapi32

WTSFreeMemory
WTSDisconnectSession
WTSQuerySessionInformationA
WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateProcessesA

psapi

EnumProcessModules
GetModuleFileNameExA
GetModuleInformation
GetMappedFileNameW

ws2_32

inet_addr
WSACleanup
ntohs
htonl
select
recv
send
WSAGetLastError
socket
connect
shutdown
closesocket
WSAStartup
gethostbyname
gethostname
getaddrinfo
freeaddrinfo
getnameinfo
recvfrom
ioctlsocket
htons
bind
getsockname
ntohl

iphlpapi

GetBestInterfaceEx

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winspool.drv

FindClosePrinterChangeNotification
SetPrinterA
GetPrinterA
OpenPrinterA
EnumPrintersA
SetJobA
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
OpenPrinterW
ClosePrinter

ole32

WriteClassStg
StgCreateStorageEx
CoInitializeEx
ReleaseStgMedium
RevokeDragDrop
CoSetProxyBlanket
CoInitialize
CoUninitialize
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantClear

comdlg32

GetOpenFileNameW

netapi32

NetGetJoinInformation
NetWkstaGetInfo
NetApiBufferFree

winhttp

WinHttpOpen
WinHttpConnect
WinHttpQueryHeaders
WinHttpSetOption
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpReadData
WinHttpOpenRequest

crypt32

CryptBinaryToStringA

userenv

ExpandEnvironmentStringsForUserA
ExpandEnvironmentStringsForUserW

setupapi

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

Exports

Exports

CtrlDispatcher
Inject
Install
Log
MAPIProcess
Quit
ServiceMain
SessionThread
Setup

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21.7MB - Virtual size: 21.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b9e3758ac686941eb9a83660334bf205

Code Sign

0b:b7:17:ac:21:60:17:22:8b:5a:50:af:26:aa:7a:44Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

9e:61:1f:a3:ae:3f:fc:50:74:5c:9b:0c:42:17:93:bc:46:bd:08:94:71:bd:15:ec:bc:20:90:e0:f8:e9:c0:49Signer

Signature Validations

Verification

03-04-2020 12:57 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

shell32

advapi32

wtsapi32

psapi

ws2_32

iphlpapi

version

winspool.drv

ole32

oleaut32

comdlg32

netapi32

winhttp

crypt32

userenv

setupapi

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 4.9MB - Virtual size: 4.9MB

.pdata Size: 114KB - Virtual size: 114KB

.rsrc Size: 21.7MB - Virtual size: 21.7MB

.reloc Size: 75KB - Virtual size: 74KB

0b:b7:17:ac:21:60:17:22:8b:5a:50:af:26:aa:7a:44
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

9e:61:1f:a3:ae:3f:fc:50:74:5c:9b:0c:42:17:93:bc:46:bd:08:94:71:bd:15:ec:bc:20:90:e0:f8:e9:c0:49
Signer

03-04-2020 12:57
Valid: true

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 4.9MB - Virtual size: 4.9MB

.pdata
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 21.7MB - Virtual size: 21.7MB

.reloc
Size: 75KB - Virtual size: 74KB