MHClient-Connect[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MHClient-Connect.exe
Size

6.4MB
MD5

c47d326ac74f26db1883d4e2ee3108c2
SHA1

8f9e4b342caa9196657a202425c366fa627c0b66
SHA256

bae9739ca3dd49ac47441193f4436ec08e212ae27d2eec9a6b27ebdc2f74e39b
SHA512

02f63e62e547a4bbbc1e01f0b30675af797b59c9b25ddbb97b79ea64bf65aa1b1ff4dae09a00f570c6059722d5be9b983623c7a0363fd6fb7ba6dc84b0394e18
SSDEEP

49152:oF/jsFSH/69At8/c0n7pzN4F3xnZS6bFEN61Rvoi5DE3l/9F7ymu5ApRg0LU4C/V:PSkDzN4Fzb2N61Wi5e/9FGIpRg9sPw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MHClient-Connect.exe

Files

MHClient-Connect.exe
.exe windows:5 windows x86

f0ca7b3b50888f060063166bb7837e61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_SetInverseMatrix@8
_VECTOR3Length@4
_COLORtoDWORD@16
_WriteTGA@24
_Normalize@8
_SetRotationYMatrix@8
_SetRotationXMatrix@8
_TransformVector3_VPTR2@16
_RotatePositionWithPivot@24
_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_CrossProduct@12

wsock32

htons
inet_addr
gethostbyname
WSAGetLastError
WSAStartup
socket
send
recv
ioctlsocket
connect
closesocket
WSACleanup

dinput8

DirectInput8Create

wininet

InternetOpenA
InternetConnectA
InternetQueryDataAvailable
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA

kernel32

QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetSystemInfo
ExitProcess
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CreateDirectoryW
GetFileAttributesExW
GetFileSize
CloseHandle
GetLocalTime
OpenFile
IsDBCSLeadByte
GetCurrentDirectoryA
CreateFileA
ReadFile
GetTickCount
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetSystemDefaultLangID
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreatePipe
WaitForSingleObject
CreateProcessA
GetStartupInfoA
lstrlenA
SetCurrentDirectoryA
lstrcmpA
lstrcpyA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
SetEvent
CreateEventA
Sleep
TerminateProcess
CreateThread
GetPriorityClass
OpenProcess
WaitForMultipleObjects
lstrcmpiA
lstrcatA
GetLogicalDriveStringsA
QueryDosDeviceA
CreateToolhelp32Snapshot
UnregisterWaitEx
Process32Next
Module32First
Module32Next
GetModuleHandleA
MulDiv
CreateDirectoryA
WriteFile
AreFileApisANSI
FindFirstFileA
FindNextFileA
RemoveDirectoryA
CreateFileMappingA
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameA
SetFileAttributesA
GetTempPathA
CopyFileA
GetSystemTime
HeapQueryInformation
HeapSize
HeapReAlloc
FlushFileBuffers
FindNextFileW
FindFirstFileExW
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP
GetACP
IsValidCodePage
OutputDebugStringW
SetConsoleCtrlHandler
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
FileTimeToSystemTime
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
RtlCaptureStackBackTrace
GetTimeZoneInformation
SetStdHandle
CreateFileW
WaitForMultipleObjectsEx
GetStdHandle
GetFileType
WriteConsoleW
Process32First
HeapValidate
ExitThread
GetCommandLineA
FatalAppExitA
GetCPInfo
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
CreateTimerQueue
TryEnterCriticalSection
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
GetModuleHandleExW
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW
GetSystemTimeAsFileTime
EncodePointer
GetExitCodeThread
SetLastError
CreateEventW
LoadLibraryW
SetEndOfFile
TlsAlloc
FindClose
SetEnvironmentVariableA
DuplicateHandle
TlsGetValue

user32

CopyRect
wsprintfA
SetRect
MessageBoxA
CharNextA
CharPrevA
OpenClipboard
GetClientRect
LoadCursorFromFileA
SetCursor
LoadIconA
ShowCursor
UpdateWindow
EndDialog
ShowWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
UnregisterHotKey
RegisterHotKey
PeekMessageA
DispatchMessageA
TranslateMessage
SendMessageA
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
ReleaseCapture
SetCapture
IsClipboardFormatAvailable
GetClipboardData
OffsetRect
GetWindowThreadProcessId
EnumWindows
GetWindowTextA
GetSystemMetrics
UnregisterClassA
PostMessageA
EmptyClipboard
SetClipboardData
CloseClipboard

gdi32

GetDeviceCaps
SelectObject
GetTextExtentPoint32A
DeleteObject
CreateFontIndirectA
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject

advapi32

OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoFreeUnusedLibraries
CoInitializeSecurity
CoUninitialize

oleaut32

SysFreeString
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SysAllocString

freeimage

_FreeImage_Unload@4
_FreeImage_GetBits@4
_FreeImage_GetInfo@4
_FreeImage_SaveJPEG@12
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Load@12

psapi

GetProcessImageFileNameA

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 981KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�/0 �u
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0ca7b3b50888f060063166bb7837e61

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

psapi

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 591KB - Virtual size: 590KB

.data Size: 981KB - Virtual size: 1.2MB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 224KB - Virtual size: 223KB

�/0 �u Size: 16KB - Virtual size: 20KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 591KB - Virtual size: 590KB

.data
Size: 981KB - Virtual size: 1.2MB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 224KB - Virtual size: 223KB

�/0 �u
Size: 16KB - Virtual size: 20KB