lobshot | HVNC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

HVNC.exe
Size

96KB
MD5

9315eb6ecab91d17c13e8e12c850fd1a
SHA1

412eed3de0dd1714b4b27d77dec8d653e6d604cf
SHA256

15ec54cd2b2605ec8395645fe545204a89ddfe6fef656c98c0578006184d0228
SHA512

c41bd3d7df65388927c5d8a46bcaa5d329741c9e690ef26e3a2a03021949a67ddda01c8f50d78b5faff8c0911ffaae33d3cf891de4b8b28360e3c3726827a216
SSDEEP

1536:QX1tIEY/6mS2I4bD7jrFgkfTeXslrYNJJpnPEqQFXB00Gdhp4VjlK+I/QX205eBj:QX1tIM2IOXjdfTeXsirnPgu4PK+Iocc

Score

10^/10

lobshot

Malware Config

Signatures

Detects Lobshot family 1 IoCs

resource	yara_rule
sample	family_lobshot

Lobshot family
lobshot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HVNC.exe

Files

HVNC.exe
.exe windows x86

df7f84766f035b1f4f0e18503ee99aa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoCreateInstance
OleInitialize

kernel32

lstrcpyA
GetLocalTime
LocalFree
LoadLibraryA
lstrcmpiA
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
AssignProcessToJobObject
TerminateProcess
CreateJobObjectW
GetPrivateProfileSectionNamesW
ResumeThread
OpenProcess
GetPrivateProfileStringW
Sleep
GetCurrentProcessId
CreateProcessW
lstrcpyW
CreateProcessA
TerminateJobObject
GetTickCount
GetCurrentProcess
lstrcmpA
SetFileAttributesW
CreateFileMappingA
MoveFileExW
GetProcAddress
lstrcmpiW
GetCommandLineA
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
CreateToolhelp32Snapshot
Process32NextW
LocalAlloc
Process32FirstW
GetWindowsDirectoryW
MoveFileW
GetCommandLineW
GetVersionExW
ExitThread
WaitForMultipleObjects
DeleteCriticalSection
GetModuleFileNameW
Process32First
lstrcpynW
GetEnvironmentVariableW
ProcessIdToSessionId
Process32Next
WTSGetActiveConsoleSessionId
lstrcpynA
lstrcmpW
SetFilePointer
CreateThread
CloseHandle
DeleteFileW
InitializeCriticalSection
GlobalAlloc
lstrcatW
GetLastError
FormatMessageW
GetModuleHandleA
lstrcatA
GetFileAttributesW
CreateFileW
lstrlenA
GetTempPathW
VirtualAlloc
WriteFile
lstrlenW
VirtualFree
ReadFile
LeaveCriticalSection
OutputDebugStringA
ExpandEnvironmentStringsW
EnterCriticalSection
GlobalUnlock
FormatMessageA
GetCurrentThreadId
GetTempFileNameW
CopyFileW
GetFileSize
TerminateThread
GlobalLock
ExitProcess

user32

GetWindowPlacement
WindowFromPoint
ScreenToClient
SendMessageTimeoutA
SendMessageTimeoutW
GetWindowRect
PostMessageW
GetKeyboardLayoutList
GetProcessWindowStation
GetDesktopWindow
GetUserObjectInformationW
EnumDisplayDevicesW
GetThreadDesktop
GetSystemMetrics
MonitorFromWindow
ToAscii
SetForegroundWindow
PtInRect
MenuItemFromPoint
HiliteMenuItem
ActivateKeyboardLayout
PrintWindow
CreateDesktopA
GetClassNameW
BringWindowToTop
GetTopWindow
OpenDesktopA
VkKeyScanExA
GetKeyboardState
GetMenuItemCount
SetActiveWindow
GetDC
GetMenu
GetWindow
IsWindow
GetKeyboardLayout
MoveWindow
SetFocus
LoadKeyboardLayoutA
SystemParametersInfoA
GetParent
GetMessageW
DispatchMessageA
IsWindowVisible
SendMessageW
SetThreadDesktop
ShowWindow
GetWindowLongA
TranslateMessage
GetWindowTextW
OemToCharA
GetDlgItem
SetWinEventHook
CharLowerA
UnhookWinEvent
wsprintfA
GetWindowThreadProcessId
PostMessageA
FindWindowExA
EnumDesktopWindows
SetWindowPos
GetClassNameA
MessageBoxA
FindWindowA
OpenClipboard
wvsprintfW
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
wvsprintfA

gdi32

SelectObject
CreateCompatibleBitmap
DeleteDC
CreatePen
Rectangle
GetDIBits
BitBlt
DeleteObject
CreateSolidBrush
CreateCompatibleDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
RegSetValueExA
RegQueryValueA
RegSetValueA
RegEnumKeyA
RegDeleteValueA
RegSetValueExW
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df7f84766f035b1f4f0e18503ee99aa0

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 5KB