hil[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hil.exe
Size

189KB
MD5

380eedc23a77f7dd44c6d6003d779ba4
SHA1

7dd0a6262b21e32bf4261f46a57e36eacbd135b3
SHA256

39f6042c46f86c871c548941eeeb54a5656d4d990c0c58b456384fd16ab38061
SHA512

59f07f3dbd15ee61b2f661e096f7c2e925c408ff488ece9eda4b34bbe80a2bda002619737013a91cab36b19a9a5538927f3461189778294b63440ff32ec0ed03
SSDEEP

3072:+Kc+bi2z23TfIw24z7V7oeN23H5F8n/jXIoYxVYxMqqDa/JhDayqy:K+OywLNBn8YaqqDGJNtV

Score

1^/10

Malware Config

Signatures

Files

hil.exe
.exe windows x86

422b6d41326410e82898241b42637093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

kernel32

InterlockedDecrement
InterlockedIncrement
GetProcessHeap
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
HeapAlloc
HeapFree
LocalAlloc
LocalSize
LocalFree
SystemTimeToFileTime
GetLastError
HeapCreate
GetLocalTime
FileTimeToDosDateTime
HeapDestroy
FileTimeToSystemTime
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
GetCurrentThreadId
OutputDebugStringA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
ExitThread
CreateThread
GetCommandLineA
ExitProcess
ReadFile
GetStartupInfoA
CreateProcessA
DeleteFileA
CreateDirectoryA
FormatMessageA
SetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
GetVersionExA
GetVersion
GlobalMemoryStatus
GetTickCount
GetFileSize
FindFirstFileA
FindNextFileA
FindClose
WaitForSingleObject
ReleaseMutex
GetFileTime
CopyFileA
CopyFileW
MoveFileA
MoveFileW
GetFullPathNameA
GetLongPathNameA
GetFullPathNameW
GetFileAttributesW
GetLongPathNameW
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcessId
SetEvent
ResetEvent
CreateMutexA
CreateEventA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventA
OpenMutexA
OpenFileMappingA
DeleteFileW
RemoveDirectoryA
VirtualAlloc
VirtualFree
WaitForMultipleObjects
VirtualQuery
ReleaseSemaphore
Sleep
CancelIo
GetFileAttributesA
CopyFileExA
CopyFileExW
CreateDirectoryW
CreateFileMappingW
DuplicateHandle
FindFirstFileW
FindNextFileW
GetFileAttributesExA
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
GetOverlappedResult
MoveFileExA
MoveFileExW
MoveFileWithProgressA
MoveFileWithProgressW
ReadFileEx
ReplaceFileA
ReplaceFileW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
WriteFileEx
CreateSemaphoreA
SuspendThread
GetTempPathA
GetEnvironmentVariableA
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

memset
calloc
free
memcpy

user32

SetWindowPos
SystemParametersInfoA
GetWindowRect
RegisterWindowMessageA
PostMessageA
EndDialog
DialogBoxParamA
GetDlgItemTextA
SendMessageA
GetDlgItem
MessageBoxA
SetWindowTextA

shell32

SHGetPathFromIDList
SHBrowseForFolder

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

422b6d41326410e82898241b42637093

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

shell32

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 22KB - Virtual size: 34KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 22KB - Virtual size: 34KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 5KB