hachimi[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hachimi.rar
Size

4.1MB
MD5

ca6fe17f0bf52575968d7f95cab3d352
SHA1

e5ca2647a7c362f8aede914486cc5beb965d4d33
SHA256

c09d091ce39eb991bda9a5542f26d2af5a806f3f898efcc8317d8b83ed0952de
SHA512

f7df38103c29bec6008c816bbbc11cc0dbe972774138ccc9977f60eccd8ea7f95156e2abe0dcb1e9fd52960f612bc58c2341c8c518c2733367103cd0a45f44aa
SSDEEP

98304:8FMsG5sHIS04GE5VnEW/kQS+w8MWx1vXYpTgKIqBy35O0ylnw:KDG5G3JZ/O+e0XYZgKlCjj

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hachimi/0A7A4E99.exe
unpack001/hachimi/A875EA/__MACOSX/.DOC/MACGSD23E23.dll
unpack001/hachimi/B10D0F91.exe

Files

hachimi.rar
.rar
hachimi/06A0A928.exe
.exe windows x64

26c04f4ea37918786e3240bed8ba05e2

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:cb:50:cf:9b:60:54:d9:d4:f0:a2:9b:b3:95:96:ee
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

15/01/2019, 00:00

Not After

15/04/2022, 23:59

Subject

CN=COOCON Co.\,LTD.,OU=IT Team,O=COOCON Co.\,LTD.,L=Yeongdeungpo-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:14:fa:6c:b3:3e:fb:f0:f1:46:11:57:de:e2:ed:52:7a:68:75:30
Signer

Actual PE Digest

c8:14:fa:6c:b3:3e:fb:f0:f1:46:11:57:de:e2:ed:52:7a:68:75:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameA

kernel32

CloseHandle
CompareStringW
CreateFileA
CreateFileW
CreateProcessA
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 48B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hachimi/0A7A4E99.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 11.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hachimi/A875EA/__MACOSX/.DOC/1.bat
hachimi/A875EA/__MACOSX/.DOC/1.vbs
.vbs
hachimi/A875EA/__MACOSX/.DOC/MACGSD23E23.dll
.dll windows x64

fe190f320bc46d0c28302dcaae8eb7d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CompareStringW
CreateFileW
CreateToolhelp32Snapshot
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FlushInstructionCache
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadContext
GetTimeFormatW
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapWalk
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OpenThread
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadContext
SetUnhandledExceptionFilter
SleepEx
SuspendThread
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW

advapi32

RegGetValueA

amsi

AmsiScanBuffer

Exports

Exports

ABrjYpGXFHw
AQmgv
BgDZQRShd
CdhzujQiyX
DAVPPOHGF
DaOn
EBBWXfS
EdNLt
HkDtbkr
IAM
JJqdcd
JUwsR
JhIAIDISE
JlAGyxpIdW
JlusriFmE
KXWtwPTl
Kbai
KpdhNv
LJXNjsdpGDE
NIJzO
PFPnHj
PUV
PpHNCtR
PrnfIvFLn
QKxhVWYB
QfrvDSIpuHI
SXxVeavAPkm
Sllgjjc
TJMI
TeUMd
VvstGwyozC
XGGGAHmq
XIHNOUc
XrVZ
aHAekmmcUy
aUxzlS
bVhrJ
beFvRdK
cHPjqiUtmJ
cRmB
cfSkRTTMwC
dRoNyiP
diubT
eVycmHlWxEJ
ejDWMSmQQu
fEgguKdWFdk
fhPyb
fqMJT
geUtj
gpk
gwHnbUeLa
hPCqCVh
hqd
iHZN
icbZ
jbq
kVcKO
ksEqiHiyZOW
lwPOg
mQsZ
nbTsBXn
nvEtUUTMsve
pattFgLfFsi
pmrzE
puMg
pvEaOrGaqM
qJdTxpw
qOJ
qyOlCD
rRYsStugiK
rvs
sQiqEJNe
sWaqNIZCV
tHGNrNoSx
uYnmIbAy
ufbZXI
wbcOR
xDzYQVksDJy
yVulKURdH
yXkXQXrey
yfNfclAccth
zfYNlNkvasz

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 12B

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hachimi/A875EA/__MACOSX/.DOC/献血登记表.docx
.docx office2007
hachimi/A875EA/献血登记表.docx.lnk
.lnk
hachimi/B10D0F91.exe
.exe windows x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 821KB - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26c04f4ea37918786e3240bed8ba05e2

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

50:cb:50:cf:9b:60:54:d9:d4:f0:a2:9b:b3:95:96:eeCertificate

Extended Key Usages

Key Usages

c8:14:fa:6c:b3:3e:fb:f0:f1:46:11:57:de:e2:ed:52:7a:68:75:30Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 933KB - Virtual size: 933KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 40B

.gehcont Size: 512B - Virtual size: 52B

.voltbl Size: 512B - Virtual size: 48B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 2KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 11.0MB

Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 179KB - Virtual size: 180KB

fe190f320bc46d0c28302dcaae8eb7d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

amsi

Exports

Exports

Sections

.text Size: 367KB - Virtual size: 367KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 10KB - Virtual size: 16KB

.pdata Size: 20KB - Virtual size: 20KB

.00cfg Size: 512B - Virtual size: 40B

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.gehcont Size: 512B - Virtual size: 56B

.voltbl Size: 512B - Virtual size: 12B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 232B

.reloc Size: 4KB - Virtual size: 4KB

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 821KB - Virtual size: 821KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 98KB - Virtual size: 455KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 98KB - Virtual size: 98KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

50:cb:50:cf:9b:60:54:d9:d4:f0:a2:9b:b3:95:96:ee
Certificate

c8:14:fa:6c:b3:3e:fb:f0:f1:46:11:57:de:e2:ed:52:7a:68:75:30
Signer

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 933KB - Virtual size: 933KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 52B

.voltbl
Size: 512B - Virtual size: 48B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 179KB - Virtual size: 180KB

.text
Size: 367KB - Virtual size: 367KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 10KB - Virtual size: 16KB

.pdata
Size: 20KB - Virtual size: 20KB

.00cfg
Size: 512B - Virtual size: 40B

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.gehcont
Size: 512B - Virtual size: 56B

.voltbl
Size: 512B - Virtual size: 12B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 232B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 821KB - Virtual size: 821KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 98KB - Virtual size: 455KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 98KB - Virtual size: 98KB