Hotline_Client[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Hotline_Client.rar
Size

6.9MB
MD5

272e17e825bd30367731a2664f80b0f9
SHA1

03206840a1aeb5284579699393a70b3335f7600f
SHA256

bc781161f2bf6cc6318af8977a74e4d7d904b7d5c2f5c739435f57c4b3a879cf
SHA512

70233baae3474516dd56e476ae60c70d10bd44e5bca2ce1220b32ee7530adc9275af576ad6521d925d5f53b236c0a6f837305fa29226ab02f66671cd6e42db1a
SSDEEP

98304:9VXBM6tft7uFTBd2gPEXy6hmP9Ly1eNOj7quK2JlYt9Mp9Qg34krvFvUkJ2RotSP:9V6QuHd226hq+1lqMvTHr6kbtSjiC

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hotline Client/Hotline Injector [CR].exe
unpack001/Hotline Client/Hotline Injector [SO].exe
unpack001/Hotline Client/Hotline+.dll

Files

Hotline_Client.rar
.rar
Hotline Client/Hotline Injector [CR].exe
.exe windows:6 windows x64 arch:x64

cc6fa07d0e4df53c30a4df553312ce2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
ReadProcessMemory
WaitForSingleObject
VirtualAllocEx
WideCharToMultiByte
OpenProcess
VirtualFreeEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
CreateRemoteThread
WriteProcessMemory
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent

user32

GetWindowThreadProcessId
MessageBoxA
FindWindowA

comdlg32

GetOpenFileNameW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
memcpy
__current_exception
__current_exception_context
memmove
__std_exception_copy
memset
_CxxThrowException
__std_exception_destroy
memcmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_register_onexit_function
_crt_atexit
_initialize_onexit_table
_c_exit
_cexit
__p___argc
__p___argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_errno

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hotline Client/Hotline Injector [SO].exe
.exe windows:6 windows x64 arch:x64

cc6fa07d0e4df53c30a4df553312ce2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
ReadProcessMemory
WaitForSingleObject
VirtualAllocEx
WideCharToMultiByte
OpenProcess
VirtualFreeEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
CreateRemoteThread
WriteProcessMemory
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent

user32

GetWindowThreadProcessId
MessageBoxA
FindWindowA

comdlg32

GetOpenFileNameW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
memcpy
__current_exception
__current_exception_context
memmove
__std_exception_copy
memset
_CxxThrowException
__std_exception_destroy
memcmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_register_onexit_function
_crt_atexit
_initialize_onexit_table
_c_exit
_cexit
__p___argc
__p___argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_errno

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hotline Client/Hotline+.dll
.dll windows:6 windows x64 arch:x64

b0d86282a26b12b0f8744bd29942d73a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

opengl32

wglGetCurrentDC

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

mouse_event

gdi32

SwapBuffers

advapi32

RegCreateKeyExW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

urlmon

URLDownloadToFileA

imm32

ImmGetContext

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.N{m
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

."wH
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^}q
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hotline Client/Oku.txt

Sharing

General

Malware Config

Signatures

Files

cc6fa07d0e4df53c30a4df553312ce2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 768B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 96B

cc6fa07d0e4df53c30a4df553312ce2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 768B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 96B

b0d86282a26b12b0f8744bd29942d73a

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

ole32

urlmon

imm32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 276KB

.data Size: - Virtual size: 2.1MB

.pdata Size: - Virtual size: 41KB

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

_RDATA Size: - Virtual size: 348B

.N{m Size: - Virtual size: 4.0MB

."wH Size: 4KB - Virtual size: 3KB

.^}q Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 768B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 96B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 768B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 96B

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 276KB

.data
Size: - Virtual size: 2.1MB

.pdata
Size: - Virtual size: 41KB

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

_RDATA
Size: - Virtual size: 348B

.N{m
Size: - Virtual size: 4.0MB

."wH
Size: 4KB - Virtual size: 3KB

.^}q
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB