hyperterminal[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

hyperterminal.zip
Size

201KB
MD5

15caf1bcc8ff0bdaac1ea9f81e6bd03c
SHA1

1382c113fe5c5623e4f036a65eddb7fcf80b2250
SHA256

8b9977c66c0057b1629e024b68dc609db2b3287b975941b9aa2f3eed0a435c5d
SHA512

06d00ab2214c08b1b67c303c05a5909c719059b8575d031e88f32e2eb8f36cb3a56417b2249c54f70e7a44cafdca07b5cf75a1dda1cda6bc530591555cd985df
SSDEEP

3072:qBkjN4ZOYOZHv+d8VURXlwTe2G+T6sC8tcYFiCYkLGsPkA6WyJkiog+3dD:xRmdjVwTe2Gwr2YYCtFPk1e37

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hyperterminal/hticons.dll
unpack001/hyperterminal/htrn_jis.dll
unpack001/hyperterminal/hypertrm.dll
unpack001/hyperterminal/hypertrm.exe

Files

hyperterminal.zip
.zip
hyperterminal/hticons.dll
.dll windows:5 windows x86

70b09ed8d20981ac7d1f41a9b594b258

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcmp

kernel32

ReadFile
InterlockedDecrement
LocalFree
LocalAlloc
WideCharToMultiByte
CloseHandle
SetFilePointer
CreateFileA
GetModuleFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hyperterminal/htrn_jis.dll
.dll windows:5 windows x86

a8b0f8de19e06129cc5b63495fd1ad2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
free
malloc
memset

kernel32

SetLastError
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
GetModuleHandleW

user32

DialogBoxParamA
IsDlgButtonChecked
GetWindowLongA
WinHelpA
LoadStringA
CheckDlgButton
SetWindowLongA
EndDialog

hypertrm

sessQueryTranslateHdl
sfPutSessionItem
sessQuerySysFileHdl
sfGetSessionItem

Exports

Exports

transCharIn
transCharOut
transCreateHandle
transDestroyHandle
transDoDialog
transInitHandle
transLoadHandle
transSaveHandle

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hyperterminal/hypertrm.dll
.dll windows:5 windows x86

b3cea7d28a5a7273b5898cf6b3a90e00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strncpy
sprintf
_ftol
_strnicmp
strchr
_except_handler3
_local_unwind2
atoi
bsearch
qsort
calloc
_itoa
mktime
localtime
longjmp
_setjmp3
atol
_vsnprintf
strtoul
_initterm
_adjust_fdiv
memmove
strtok
_stricmp
realloc
time
malloc
free
isdigit

kernel32

GlobalLock
GlobalAlloc
IsDBCSLeadByte
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateThread
CreateEventA
SetEvent
ResetEvent
CloseHandle
TerminateThread
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GlobalFree
CreateFileA
ReadFile
FreeLibrary
GetVolumeInformationA
WriteFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
GetFullPathNameA
SetCurrentDirectoryA
SetEndOfFile
LoadLibraryA
LockResource
SizeofResource
LoadResource
GlobalUnlock
GetFileAttributesA
CreateDirectoryA
GetVersionExA
GetProfileStringA
GetTickCount
FormatMessageA
Sleep
ExitProcess
GlobalGetAtomNameA
GetFileSize
lstrlenA
FindAtomA
GetTimeFormatA
LocalFree
DeleteAtom
LocalAlloc
AddAtomA
lstrcatA
lstrcmpA
lstrcmpiA
GlobalDeleteAtom
GlobalAddAtomA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalSize
GetLocalTime
MoveFileA
SetFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileTime
SetupComm
CreateProcessA
GetSystemDirectoryA
PurgeComm
SetCommMask
GetCommModemStatus
ClearCommError
ExitThread
WaitCommEvent
GetOverlappedResult
ClearCommBreak
CommConfigDialogA
SetCommBreak
SetCommTimeouts
SetCommConfig
GetCommConfig
SetThreadPriority
lstrcpyA
DeleteFileA
GetCurrentDirectoryA
GetModuleFileNameA
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetLastError
GetModuleHandleA
FindResourceA

user32

EnumWindows
KillTimer
MessageBoxA
SetTimer
GetKeyState
SetKeyboardState
GetKeyboardState
PeekMessageA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetClassNameA
IsDialogMessageA
WinHelpA
GetDlgCtrlID
SetWindowPos
GetWindowRect
LoadIconA
DrawFocusRect
DrawIcon
GetSysColor
GetClientRect
DestroyWindow
EnableWindow
SetWindowTextA
ShowWindow
SetCursor
GetWindowPlacement
PostQuitMessage
SetMenuItemInfoA
TrackPopupMenu
ClientToScreen
GetSubMenu
IsZoomed
IsWindowVisible
GetMenu
PtInRect
ScreenToClient
GetCursorPos
GetMenuItemRect
GetMenuItemCount
SystemParametersInfoA
AdjustWindowRectEx
GetWindowTextA
SetWindowPlacement
CallWindowProcA
RemovePropA
GetPropA
SetPropA
CharNextExA
CharPrevA
GetMessageA
SetForegroundWindow
LoadAcceleratorsA
InvertRect
GetFocus
GetCaretBlinkTime
ReleaseCapture
SetCapture
GetDoubleClickTime
IntersectRect
FillRect
SetScrollInfo
InvalidateRect
ScrollWindow
GetUpdateRect
SetScrollPos
MapWindowPoints
GetDesktopWindow
OffsetRect
InflateRect
IsIconic
SendMessageTimeoutA
CharUpperA
IsWindowEnabled
CheckDlgButton
GetSystemMetrics
MoveWindow
SendMessageA
GetDC
ReleaseDC
DialogBoxParamA
wsprintfA
EndDialog
GetWindowLongA
IsDlgButtonChecked
GetDlgItemInt
CreateDialogParamA
GetDlgItemTextA
SetDlgItemTextA
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsMenu
LoadMenuA
DestroyMenu
GetClassInfoA
LoadCursorA
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassA
BeginPaint
EndPaint
UpdateWindow
GetDlgItem
SetFocus
MessageBeep
SetWindowLongA
GetParent
SendDlgItemMessageA
SetDlgItemInt
LoadStringA
PostMessageA
IsWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegOpenKeyA

winspool.drv

OpenPrinterA
ClosePrinter

tapi32

lineGetAddressCaps
lineConfigDialog
lineTranslateAddress
lineShutdown
lineInitialize
lineAnswer
lineDrop
lineClose
lineGetLineDevStatus
lineSetDevConfig
lineGetID
lineMakeCall
lineDial
lineOpen
lineSetAppPriority
lineSetStatusMessages
lineGetDevConfig
lineNegotiateAPIVersion
lineGetDevCaps
lineGetCountry
lineGetTranslateCaps
lineTranslateDialog
lineSetCurrentLocation

gdi32

SetTextAlign
SetBrushOrgEx
MoveToEx
LineTo
CreateSolidBrush
CreatePen
CreateHatchBrush
GetTextColor
SetTextColor
GetStockObject
GetTextExtentPoint32A
EndDoc
GetTextMetricsA
SetAbortProc
StartDocA
CreateDCA
EndPage
StartPage
SetBkColor
ExtTextOutA
GetLayout
SetLayout
GetTextExtentPointA
GetBkMode
CreateFontIndirectA
TextOutA
DeleteObject
GetDeviceCaps
DeleteDC
DPtoLP
GetObjectA
SelectObject
SetBkMode

wsock32

socket
accept
listen
bind
ioctlsocket
htons
WSAAsyncSelect
connect
WSAAsyncGetHostByName
recv
WSAGetLastError
shutdown
closesocket
WSACleanup
send
WSAStartup

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHChangeNotify
DragQueryFileA
ShellAboutA

ole32

CoInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitInstance
MessageLoop
sessQuerySysFileHdl
sessQueryTranslateHdl
sfGetSessionItem
sfPutSessionItem

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hyperterminal/hypertrm.exe
.exe windows:5 windows x86

f0d4d888365525da27840d92b16e9939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_acmdln
__set_app_type
_controlfp
_except_handler3
exit
_XcptFilter
_cexit
_exit
__p__fmode
_c_exit

kernel32

GetModuleHandleA
GetStartupInfoA

hypertrm

MessageLoop
InitInstance

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70b09ed8d20981ac7d1f41a9b594b258

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 28B

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 248B

a8b0f8de19e06129cc5b63495fd1ad2b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

hypertrm

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 560B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 300B

b3cea7d28a5a7273b5898cf6b3a90e00

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

winspool.drv

tapi32

gdi32

wsock32

shell32

ole32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 248KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 10KB - Virtual size: 9KB

f0d4d888365525da27840d92b16e9939

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

hypertrm

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 32B

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 28B

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 248B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 560B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 300B

.text
Size: 248KB - Virtual size: 248KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 32B

.rsrc
Size: 24KB - Virtual size: 24KB