hanzo_crackedbycypher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

hanzo_crackedbycypher.exe
Size

2.0MB
MD5

e4b48e4b999020dfbb5160b5b02f7cbc
SHA1

e1209d93603ca163d40dabe8762b5bdfea670a72
SHA256

a5d8c2bceb9da9dcc3e3c464840576d75de6752f55744626c902025d05a5ec52
SHA512

6ea2ca46b025af90eadae23bd1c741139cafe6533e04c36dfadd24346ec688af920ad235716a1f1633b75f314f845b75dc352b12d05900710b427f2f75953fb9
SSDEEP

49152:KyfN0iwBTqTJte9Neh/jSWssLrHVFyJnWpcy1:KqkstJ5sCr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hanzo_crackedbycypher.exe

Files

hanzo_crackedbycypher.exe
.exe windows:6 windows x64

d37bbb7f6c1c878b1e6346cda20f2438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDestroyHash
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
CryptHashData
CryptCreateHash
CryptDestroyKey

crypt32

CertOpenStore
CertCreateCertificateChainEngine
CertCloseStore
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertGetCertificateChain

gdi32

GetDeviceCaps

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
GetConsoleWindow
ReleaseSRWLockExclusive
CreateFileMappingA
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
CreateThread
Sleep
Beep
VerifyVersionInfoW
LoadLibraryA
GetModuleHandleW
CreateToolhelp32Snapshot
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetActiveProcessorCount
GetActiveProcessorGroupCount
SetThreadGroupAffinity
GetThreadGroupAffinity
LoadLibraryExA
GetProcAddress
GetCurrentProcessId
GetModuleHandleA
FreeLibrary
CreateFileW
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
VirtualFree
VirtualAlloc
GetCurrentThread
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
CloseHandle
Process32FirstW
Process32NextW
QueryPerformanceFrequency
LeaveCriticalSection
SleepEx
AcquireSRWLockExclusive

msvcp140

?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?uncaught_exceptions@std@@YAHXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Random_device@std@@YAIXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?good@ios_base@std@@QEBA_NXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

normaliz

IdnToAscii

psapi

GetModuleInformation

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

shell32

ShellExecuteA

user32

IsChild
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
SetWindowLongW
GetWindowLongW
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
OpenClipboard
GetClientRect
SetWindowTextW
ReleaseDC
UpdateWindow
PostQuitMessage
GetWindow
FindWindowA
SetWindowLongA
GetWindowLongA
MessageBoxA
GetAsyncKeyState
SetWindowDisplayAffinity
PeekMessageA
DispatchMessageA
GetDC
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
SetFocus
BringWindowToTop
IsIconic
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
TranslateMessage
DefWindowProcW
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard

userenv

UnloadUserProfile

vcruntime140

__current_exception_context
longjmp
strrchr
strchr
__current_exception
__intrinsic_setjmp
strstr
__std_terminate
memset
memcpy
memcpy
memcmp
memchr
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

wldap32

ber_free
ldap_initA
ldap_sslinitA
ldap_unbind_s
ldap_set_optionA
ldap_simple_bind_sA
ldap_bind_sA
ldap_memfreeA
ldap_msgfree
ldap_err2stringA
ldap_first_entry
ldap_next_entry
ldap_first_attributeA
ldap_next_attributeA
ldap_get_values_lenA
ldap_value_freeW
ldap_get_dnA
ldap_search_sA

ws2_32

closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
htons
setsockopt
socket
htonl
gethostname
sendto
recvfrom
WSASetLastError
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
FreeAddrInfoW

ucrtbase

atof
strtol
atoi
strtoul
_strtoui64
_strtoi64
strtod
getenv
_unlink
_access
_fstat64
_stat64
malloc
realloc
free
_set_new_mode
calloc
_callnewh
_configthreadlocale
localeconv
atan2f
log
logf
__setusermatherr
fmodf
pow
powf
_dclass
sinf
sqrtf
sqrt
tanf
acosf
cosf
ceilf
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_beginthreadex
_Exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
exit
terminate
_cexit
_resetstkoflw
_invalid_parameter_noinfo
_crt_atexit
__sys_nerr
_errno
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
system
strerror
_invalid_parameter_noinfo_noreturn
_getpid
_pclose
fgets
_set_fmode
__p__commode
_read
__stdio_common_vsprintf
__acrt_iob_func
_wfopen
fclose
__stdio_common_vsprintf_s
fflush
fread
fputc
fopen
fputs
fseek
feof
ftell
fwrite
_lseeki64
__stdio_common_vsscanf
_write
_close
_open
_popen
strcspn
strcmp
strspn
isupper
_stricmp
_mbsdup
strpbrk
strncmp
strncpy
tolower
_time64
_gmtime64
qsort

d3d9

Direct3DCreate9

dwmapi

DwmExtendFrameIntoClientArea

Sections

UPX0
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SCY
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d37bbb7f6c1c878b1e6346cda20f2438

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

gdi32

imm32

kernel32

msvcp140

normaliz

psapi

rpcrt4

shell32

user32

userenv

vcruntime140

vcruntime140_1

wldap32

ws2_32

ucrtbase

d3d9

dwmapi

Sections

UPX0 Size: 1.1MB - Virtual size: 1.1MB

UPX1 Size: 828KB - Virtual size: 828KB

.rsrc Size: 3KB - Virtual size: 4KB

.SCY Size: 14KB - Virtual size: 16KB

UPX0
Size: 1.1MB - Virtual size: 1.1MB

UPX1
Size: 828KB - Virtual size: 828KB

.rsrc
Size: 3KB - Virtual size: 4KB

.SCY
Size: 14KB - Virtual size: 16KB