hollows_hunter64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

hollows_hunter64.exe
Size

1.0MB
MD5

2f6374b3a8b8bd910d13e380f6fb175e
SHA1

b14dd13df8a4f329a8f0eb149a8e532af517d72b
SHA256

b2fd00400b84193f293bfd7e3ec04de616a9facbd58834c00a3c12a2d853270c
SHA512

da964c6743695c0f50a922675c5d69ad42ec51a22d576d1dcd4944842b06c912d74f60839f4d822875d34bcf6ee84e9b2cf2edf5b36f679cd76aedab2884854e
SSDEEP

24576:l5ukLQzo75XQyBQDf889UFZxYnKMjKycn:lNQUdXQyBQDf85rxYnNcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hollows_hunter64.exe

Files

hollows_hunter64.exe
.exe windows:5 windows x64

792223a6d8e15f0c4813f13938db2983

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleFileNameExA
GetProcessImageFileNameA
GetMappedFileNameA
EnumProcessModulesEx
QueryWorkingSet

ntdll

NtCreateFile
ZwQueryInformationFile
NtQuerySystemInformation
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlCaptureContext

shlwapi

PathCanonicalizeA

kernel32

EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
FlushConsoleInputBuffer
GetProcAddress
GetModuleHandleA
CloseHandle
OpenProcess
GetCurrentProcess
TerminateProcess
Process32Next
Process32First
GetLastError
CreateToolhelp32Snapshot
GetTickCount
GetCurrentProcessId
GetCurrentThread
GetProcessTimes
IsBadWritePtr
IsBadReadPtr
SetLastError
LoadLibraryA
FreeLibrary
CreateFileA
ExpandEnvironmentStringsA
QueryDosDeviceA
GetLogicalDrives
IsValidLocale
GetLongPathNameA
TerminateThread
GetProcessId
WaitForSingleObject
CreateThread
GetFileAttributesA
GetWindowsDirectoryA
GetFullPathNameA
CreateDirectoryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualQueryEx
GetThreadContext
GetExitCodeThread
OpenThread
Thread32Next
Thread32First
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
WriteFile
ReadFile
VirtualAlloc
VirtualFree
ReadProcessMemory
VirtualProtectEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
WriteConsoleW
SetEnvironmentVariableA
SetStdHandle
CreateFileW
SetEndOfFile
GetProcessHeap
GetCurrentDirectoryA
GetModuleFileNameA
GetTimeZoneInformation
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
Sleep
EncodePointer
DecodePointer
GetLocaleInfoW
HeapFree
RaiseException
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetCommandLineA
GetCPInfo
HeapAlloc
LCMapStringW
CompareStringW
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleHandleW

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
ImpersonateSelf
LookupPrivilegeValueA
AdjustTokenPrivileges

dbghelp

SymInitialize
SymCleanup
StackWalk64
SymGetModuleBase64
SymFunctionTableAccess64

Sections

.text
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

792223a6d8e15f0c4813f13938db2983

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ntdll

shlwapi

kernel32

advapi32

dbghelp

Sections

.text Size: 665KB - Virtual size: 664KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 15KB - Virtual size: 26KB

.pdata Size: 31KB - Virtual size: 31KB

text Size: 1KB - Virtual size: 1KB

data Size: 13KB - Virtual size: 13KB

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 665KB - Virtual size: 664KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 15KB - Virtual size: 26KB

.pdata
Size: 31KB - Virtual size: 31KB

text
Size: 1KB - Virtual size: 1KB

data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 5KB - Virtual size: 5KB