hkcmd[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

hkcmd.exe
Size

411KB
MD5

22bf0ccb64aae89004355e924e0ad463
SHA1

2b47ae064cb1095698f2cc2aa2ebada6bee7dca6
SHA256

ba8fa7dcfad8396c7a2db583ff6118361f959040837215fd5198d8d0a4d7e9b6
SHA512

2c62474db8de1021adc39265656c62a85f48ce03d609eab412472105e07c9480e69b3952cb8d9c8997ccf28e22ce8ee173f21f6729e1883a9bd062ea0d6b425c
SSDEEP

6144:OiswPnVjacRcAS54EZTS4b/FxP95SRTfz0PeoV041DHo:OcnVjaci5nZ9/nPCTwhF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hkcmd.exe

Files

hkcmd.exe
.exe windows:5 windows x64 arch:x64

Password: 655456

d29358c490704b807a00a7b06e52c189

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hccutils

FindResources
LoadICON
InitializeKeyHook
LoadSTRINGFromHKCU
LoadSTRING

kernel32

FreeLibrary
LoadLibraryA
GetVersionExA
CloseHandle
GetLastError
SearchPathA
CompareFileTime
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcmpiA
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
Sleep
GetWindowsDirectoryA
CreateMutexA
GetCurrentThreadId
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCurrentProcessId
SetLastError
GetStringTypeA
LCMapStringA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapQueryInformation
HeapReAlloc
HeapCreate
HeapSetInformation
SetHandleCount
LoadLibraryW
ExitProcess
GetFileType
WriteConsoleW
WriteFile
GetStdHandle
DebugBreak
FlsFree
FlsAlloc
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
CreateProcessA
GetModuleHandleA
GetProcAddress
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
SetStdHandle
SetFilePointer
GetLocaleInfoA
WriteConsoleA
LCMapStringW
GetStartupInfoA
IsBadReadPtr
HeapValidate
HeapSize
VirtualQuery
VirtualProtect
GetConsoleOutputCP
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
LocalFree
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread

user32

GetWindowLongPtrA
CallWindowProcA
RegisterClassExA
UnregisterHotKey
RegisterHotKey
LoadKeyboardLayoutA
SetWindowLongPtrA
ActivateKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
GetKeyboardLayout
GetKeyboardLayoutList
LoadCursorA
GetClassInfoExA
RegisterClassA
DispatchMessageA
GetMessageA
PeekMessageA
IsWindow
CreateDialogParamA
ShowWindow
PostQuitMessage
DefWindowProcA
DestroyWindow
GetDlgItem
SendMessageA
GetDesktopWindow
GetWindowRect
SetWindowTextA
PostThreadMessageA
CharNextW
CharNextA
GetCursorPos
EnumDisplaySettingsA
wsprintfA
UnregisterClassA
CreateWindowExA

advapi32

RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
OpenThreadToken
RevertToSelf
SetThreadToken
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA

shell32

ShellExecuteExA

ole32

CoCreateInstance
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoSuspendClassObjects
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 655456

d29358c490704b807a00a7b06e52c189

Headers

DLL Characteristics

File Characteristics

Imports

hccutils

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 272KB - Virtual size: 272KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 21KB - Virtual size: 30KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 272KB - Virtual size: 272KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 21KB - Virtual size: 30KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 3KB