hi[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

hi.exe
Size

174KB
MD5

c087bcf39d1e7bb8798f9858172764fb
SHA1

e745d070eaf8e73a2df6dd10758607502c1c0ed2
SHA256

d346470b859ff41769689c46f0a3901547b2d5cf1c6ad980c25de20761695333
SHA512

b5b47c82031a10f9aefcbf375273d10a4db09e0583d5978710ac5a56d79cb3a8410b3f31849f63d2bdb4297527dd72be28f93c6c9025315b1538b263b2e5ba5b
SSDEEP

3072:Ws8yNhDx6brZ7VLEh7EI9Gl6OP0/s0v4r9qOn04V5CggI:9FQf7A7E3l6Os/6rg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hi.exe

Files

hi.exe
.exe windows x64

5f0e9aebe878d5591006510885f538da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

QuerySecurityContextToken
AcceptSecurityContext
AcquireCredentialsHandleW

kernel32

HeapReAlloc
Sleep
WTSGetActiveConsoleSessionId
GetLastError
GetCurrentProcess
CreateThread
CloseHandle
CreateFileW
WriteConsoleW
HeapSize
SetFilePointerEx
GetFileSizeEx
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetProcAddress
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetFileType

advapi32

GetTokenInformation
CreateProcessAsUserW
CreateProcessWithTokenW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
CopySid
GetLengthSid

ole32

CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetInstanceFromIStorage
CoTaskMemAlloc
CoInitialize

ws2_32

shutdown
recv
send
closesocket
connect
WSAGetLastError
bind
WSACleanup
getaddrinfo
WSAStartup
accept
select
setsockopt
listen
__WSAFDIsSet
freeaddrinfo
socket

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f0e9aebe878d5591006510885f538da

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ole32

ws2_32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB