HikServer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

HikServer.exe
Size

364KB
MD5

66d89d8ce91acf09783759ca1538f034
SHA1

d252e9beb4359a9887562cdf5a0ae2d975e66b32
SHA256

16910963ddfd52f38c52e480b839f13910168484c2a5fb6e95740d49461c5d83
SHA512

5dbddf0e6d066b759707b4cc815aa6f2eb9f365735eeae4a192ae296553183d1653db1f15d1909f4126dadba2ed91ef0442ace25fcd61a1e464953aff6a102ff
SSDEEP

6144:yoFQ+KVdZy+wJ1fHC/XPbGpi0fXLqgsQFOCOmDq7UCQ1sd+ACQgB0YMQJtPvMoaZ:yo/GXwJ1fiPjGpiKpvMoa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HikServer.exe

Files

HikServer.exe
.exe windows x64

b805f6f13e5e2ba5aa417e3cd4730970

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100

ord5031
ord10859
ord10867
ord3934
ord7063
ord9145
ord10871
ord10840
ord11470
ord4895
ord8977
ord5871
ord876
ord9095
ord6580
ord11428
ord7190
ord814
ord1209
ord11197
ord5010
ord13745
ord859
ord11774
ord2024
ord2028
ord5554
ord1247
ord989
ord2345
ord12906
ord3305
ord2527
ord7562
ord3602
ord2683
ord7923
ord5236
ord5616
ord2022
ord12763
ord1461
ord856
ord10602
ord12974
ord2454
ord1244
ord7038
ord1272
ord6924
ord12098
ord4124
ord12503
ord3156
ord6929
ord990
ord3603
ord5321
ord12185
ord2354
ord7924
ord10841
ord5094
ord8000
ord5617
ord883
ord3270
ord11331
ord4689
ord4687
ord5586
ord405
ord12679
ord5035
ord305
ord2538
ord7571
ord4308
ord1458
ord1291
ord300
ord5002
ord4340
ord11125
ord266
ord265
ord12357
ord4186
ord5634
ord3605
ord7563
ord3346
ord2140
ord5543
ord7575
ord3697
ord7283
ord4347
ord306
ord3285
ord3155
ord3242
ord3990
ord6706
ord12756
ord12762
ord7576
ord12845
ord12758
ord12764
ord1948
ord310
ord6012
ord9701
ord3288
ord1426
ord2524
ord9171
ord7833
ord6423
ord10754
ord10054
ord3479
ord2878
ord2877
ord2659
ord5319
ord12181
ord2788
ord2785
ord403
ord954
ord12722
ord3362
ord12597
ord776
ord1188
ord9724
ord7057
ord2353
ord13684
ord13686
ord5890
ord340
ord11622
ord904
ord1457
ord878
ord1268
ord1872
ord3597
ord2653
ord13685
ord13683
ord13687
ord13670
ord13598
ord13599
ord7931
ord10712
ord3275
ord10577
ord12920
ord7766
ord10794
ord5973
ord9688
ord8047
ord2754
ord12284
ord10877
ord10875
ord1474
ord1481
ord1487
ord1485
ord1492
ord4218
ord4255
ord4226
ord4238
ord4234
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord12928
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord10747
ord3355
ord2852
ord2851
ord2753
ord10790
ord4458
ord4722
ord4892
ord8135
ord4700
ord4920
ord4461
ord4597
ord13107
ord13110
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord1274
ord6806
ord12927
ord11107
ord11106
ord2116
ord4445
ord6640
ord6641
ord6631
ord4595
ord7065
ord8982
ord8001
ord5562
ord369
ord316
ord1294
ord924
ord889
ord4555
ord13393
ord11410
ord7213
ord7286
ord1266
ord1895
ord902
ord3991
ord7534
ord7539
ord11147
ord1863
ord3254
ord4608
ord7918
ord2049

msvcr100

_strnicmp
_setmbcp
_stricmp
strftime
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
rand
srand
isalnum
isalpha
toupper
_ismbcspace
tolower
isspace
strchr
_mbsnbicmp
_mbspbrk
_mbschr
sprintf_s
_recalloc
_resetstkoflw
memcpy_s
free
malloc
_mbsstr
_mbsnbcpy_s
vsprintf
puts
atol
sscanf
memmove
strstr
sprintf
memcmp
printf
strncpy
memset
atoi
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
memcpy
_time64
__CxxFrameHandler3
memmove_s

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetLastError
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventA
IsDBCSLeadByte
lstrcmpiA
lstrlenA
SizeofResource
LoadResource
FindResourceA
LocalFree
GetLocalTime
CreateThread
Sleep
TerminateThread
GetExitCodeThread
CloseHandle
WaitForSingleObject
GetModuleHandleA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
RaiseException
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
CreateFileA
SetLocalTime
CreateDirectoryA
CreateMutexA
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
DecodePointer
EncodePointer
SetupComm
SetCommTimeouts
WaitCommEvent
ClearCommError
ReadFile
GetOverlappedResult
GetCommState
SetCommState
SetCommMask
EscapeCommFunction
PurgeComm
GetTickCount
FormatMessageA
LocalAlloc
GetCurrentThreadId
LoadLibraryExA

user32

GetMessageA
DispatchMessageA
PostThreadMessageA
CharNextA
RegisterWindowMessageA
FindWindowA
GetCursorPos
LoadIconA
GetSystemMetrics
LoadIconW
SetForegroundWindow
GetClientRect
IsIconic
AppendMenuA
CreatePopupMenu
DrawIcon
MessageBoxA
KillTimer
SetTimer
SendMessageA
EnableWindow

gdi32

GetTextExtentPoint32A

advapi32

RegEnumKeyExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceA
DeleteService
ControlService
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

ole32

StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid

oleaut32

VarUdateFromDate
VariantClear
VariantChangeType
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarUI4FromStr
SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

hikworkmodule

ord16
ord18
ord13
ord29
ord32
ord2
ord5
ord31
ord8
ord7
ord21
ord19
ord30
ord27
ord28
ord10
ord3
ord14
ord4
ord1
ord6
ord12
ord20

cltworkmodule

ord13
ord38
ord7
ord2
ord4
ord35
ord1

msvcp100

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_BADOFF@std@@3_JB
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z

ws2_32

__WSAFDIsSet
select
ioctlsocket
setsockopt
inet_ntoa
recv
connect
htons
inet_addr
socket
WSAGetLastError
send
getsockopt
htonl
gethostbyname
shutdown
closesocket
bind
listen
accept
WSAStartup

winmm

timeGetTime

hcnetsdk

NET_DVR_Init
NET_DVR_SetConnectTime
NET_DVR_SetReconnect
NET_DVR_RealPlay_V30
NET_DVR_SetRealDataCallBack
NET_DVR_SetStandardDataCallBack
NET_DVR_Cleanup
NET_DVR_StopRealPlay
NET_DVR_Logout_V30
NET_DVR_Login_V30
NET_DVR_SetDVRConfig
NET_DVR_MakeKeyFrame
NET_DVR_MakeKeyFrameSub

dhnetsdk

ord2
ord133
ord157
ord127
ord1
ord63
ord54
ord6
ord46
ord89
ord5
ord20
ord88
ord44

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b805f6f13e5e2ba5aa417e3cd4730970

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

hikworkmodule

cltworkmodule

msvcp100

ws2_32

winmm

hcnetsdk

dhnetsdk

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 3KB