H_Hayat_x64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

H_Hayat_x64.dll
Size

111KB
MD5

1f39f078d03461a104336c68c8927505
SHA1

d54117a64c1d69399c2b978804971b2819ffeb8e
SHA256

5ed02b75802ee6bba47dd1c0064732329f98c0a3dce76ae4317bf398d5122f44
SHA512

f94797dbebbaa73310253ae3e573c6aa06717a9f832281363f6ac5dce47c2a6311eeb83bcf98db85f0c7205f6039196f575f61a9d6a3ed7ddba48bc2f5f1b725
SSDEEP

3072:Z0MRxLQXSljMSGVUjSFgWvNdta5PCpBXgiMtISY1ViH4X:BkSlITUjSFg/Pgp1XX

Score

1^/10

Malware Config

Signatures

Files

H_Hayat_x64.dll
.dll regsvr32 windows x64

d3263b02fe99795119d40e7c19b6c67d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

14/02/2019, 00:00

Not After

15/05/2020, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d3:ad:2c:4b:ab:97:a8:53:fd:42:1f:72:9c:dd:b2:10:46:35:8d:2e:f9:82:4e:75:b5:4a:c9:8f:7f:f1:a1:23
Signer

Actual PE Digest

d3:ad:2c:4b:ab:97:a8:53:fd:42:1f:72:9c:dd:b2:10:46:35:8d:2e:f9:82:4e:75:b5:4a:c9:8f:7f:f1:a1:23

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

02/01/2020, 01:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

IsWindow
InsertMenuW
GetMenuInfo
SetMenuInfo
SetMenuItemInfoW
SetForegroundWindow
MessageBoxW
ReleaseDC
LoadImageW
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdeClientTransaction
SendMessageW
GetDC
DdeGetLastError
DdeFreeStringHandle
DdeCreateStringHandleW
wsprintfW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

DragQueryFileW

ole32

ReleaseStgMedium

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
GetObjectW
CreateCompatibleDC

gdiplus

GdipBitmapLockBits
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode

kernel32

GetStringTypeW
GetFileType
GetStdHandle
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringW
SetFilePointerEx
CreateFileW
WriteConsoleW
GetProcessHeap
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetLastError
GetModuleFileNameW
LocalFree
FormatMessageW
lstrcpyW
lstrcatW
lstrlenW
CloseHandle
Sleep
CreateProcessW
GetVersionExW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
lstrcpynA
lstrcpynW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FindNextFileW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3263b02fe99795119d40e7c19b6c67d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6Certificate

Extended Key Usages

Key Usages

d3:ad:2c:4b:ab:97:a8:53:fd:42:1f:72:9c:dd:b2:10:46:35:8d:2e:f9:82:4e:75:b5:4a:c9:8f:7f:f1:a1:23Signer

Signature Validations

Verification

02/01/2020, 01:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

shell32

ole32

gdi32

gdiplus

kernel32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6
Certificate

d3:ad:2c:4b:ab:97:a8:53:fd:42:1f:72:9c:dd:b2:10:46:35:8d:2e:f9:82:4e:75:b5:4a:c9:8f:7f:f1:a1:23
Signer

02/01/2020, 01:21
Valid: false

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB