hancitor | hacintor

Sharing

Copy URL

Twitter E-mail

General

Target

hacintor
Size

51KB
MD5

bf50249bc945da25c2f364c216a759e0
SHA1

7df0d15ed36707f2b4979646447c63fd932f4cb1
SHA256

990a4cd6dd9575cbd2122f560ff68420c1c9dbfde3c9d6a5181b0f54a7e497cd
SHA512

6dada5295c135f0446409c4a8acbd9bbae316b38d03ba9c6b5accc348b3e62951f63ec059e2dd40cce3f0d0fbcdd1da63e680671f7664a3b1d43088e911ace49
SSDEEP

384:6AYci7KqOESXvZioqMWFDNs3l89fCncqn5hGb1RDvqv3zUvTJcYn17:6AYF1CvZioE289wNy1RDyD8P17

Score

10^/10

1706_apkreb6 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

1706_apkreb6

http://thestaccultur.com/8/forum.php

http://arguendinfuld.ru/8/forum.php

http://waxotheousch.ru/8/forum.php

Signatures

Hancitor family
hancitor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hacintor

Files

hacintor
.dll windows x86

57265d838ef6737ecad7f941f2f02016

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA
InternetCrackUrlA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
InternetReadFile
InternetConnectA

iphlpapi

GetAdaptersAddresses

netapi32

DsEnumerateDomainTrustsA

ntdll

RtlDecompressBuffer

kernel32

K32GetProcessImageFileNameA
K32EnumProcesses
GetComputerNameA
HeapAlloc
HeapFree
GetProcessHeap
Sleep
lstrcpyA
GetVolumeInformationA
GetVersion
GetWindowsDirectoryA
lstrcatA
lstrlenA
GetEnvironmentVariableA
CreateFileA
WriteFile
GetTempPathA
GetTempFileNameA
CloseHandle
GetLastError
TerminateProcess
CreateThread
CreateRemoteThread
ResumeThread
CreateProcessA
GetProcessId
GetThreadContext
SetThreadContext
OpenProcess
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcmpiA

user32

wsprintfA

advapi32

CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
OpenProcessToken
CryptAcquireContextA
LookupAccountSidA
GetTokenInformation

Exports

Exports

GBSLWSDVGOE
GCDKRKIMPKIHB

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

57265d838ef6737ecad7f941f2f02016

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

netapi32

ntdll

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 492B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 492B