HPSocket[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

HPSocket.dll
Size

2.0MB
MD5

ef37c1d55343ef380f464f8e88d56247
SHA1

2dac595c12c5680452835f02d42862e6c6a5c0b9
SHA256

d933cbccc470fb5a033ef078c4d01b6810765351dbaa85dd149c968afb7326fc
SHA512

b680c09cef34eca6047074ee4f8a38684c807e00e7e2a7ef757babe1aeea6817d1024355607c10fe2a20973365f377d06ca2023caaf5eb836f269b08a2a085f9
SSDEEP

49152:yhc0eP9eYfLx25g4iwXTiOXw1cdvzgKYpdvPZTi4HdXab:XzLG7imscdvJivP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HPSocket.dll

Files

HPSocket.dll
.dll windows:5 windows x86 arch:x86

7da1eb8e832cc9cf1dcd00dd1cb319da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyWork\Linux\MyWork\HP-Socket\Windows\Bin\HPSocket\x86\HPSocket.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
CreateTimerQueue
DeleteTimerQueueEx
CreateWaitableTimerA
GetSystemInfo
GetExitCodeThread
TerminateThread
ResetEvent
InterlockedExchange
PostQueuedCompletionStatus
RaiseException
SetEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
UnmapViewOfFile
lstrlenA
CreateFileA
GetProcAddress
GetModuleHandleA
GetFileSize
CreateFileMappingA
MapViewOfFileEx
MultiByteToWideChar
WaitForMultipleObjects
InterlockedExchangeAdd
SetWaitableTimer
CancelWaitableTimer
TryEnterCriticalSection
CreateTimerQueueTimer
DeleteTimerQueueTimer
SystemTimeToFileTime
GetSystemTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
SwitchToFiber
CreateFiber
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SizeofResource
CompareStringW
GetDriveTypeW
WriteConsoleW
FlushFileBuffers
WideCharToMultiByte
Sleep
CreateEventA
GetNativeSystemInfo
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreA
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetLastError
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
SetEnvironmentVariableA
GetFullPathNameA
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsProcessorFeaturePresent
RtlUnwind
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetEndOfFile
GetConsoleCP
SetStdHandle
LoadLibraryW
GetStartupInfoW
SetHandleCount
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetConsoleCtrlHandler
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineA
CreateThread
ExitThread
CreateFileW
SetFilePointer
EncodePointer
DecodePointer
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
InterlockedCompareExchange
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
DeleteCriticalSection
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount

user32

GetProcessWindowStation
GetUserObjectInformationW
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
MessageBoxW
PeekMessageA

advapi32

CryptSignHashW
ReportEventW
RegisterEventSourceW
CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptGenRandom
CryptDecrypt
CryptCreateHash
CryptSetHashParam
DeregisterEventSource
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextW

shlwapi

StrChrA
StrPBrkA
PathIsDirectoryA
PathFileExistsA

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps

ws2_32

WSARecv
WSASend
closesocket
shutdown
sendto
send
ioctlsocket
setsockopt
htonl
ntohl
WSASendTo
getsockname
WSAAddressToStringA
freeaddrinfo
getaddrinfo
WSAStringToAddressA
getsockopt
WSAIoctl
WSASetLastError
htons
WSAGetLastError
ntohs
WSARecvFrom
WSAStartup
WSACleanup
bind
socket
WSAGetOverlappedResult
connect
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
recv
WSACloseEvent
listen
recvfrom
getpeername

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore

Exports

Exports

HP_Create_HttpAgent
HP_Create_HttpClient
HP_Create_HttpServer
HP_Create_HttpSyncClient
HP_Create_HttpsAgent
HP_Create_HttpsClient
HP_Create_HttpsServer
HP_Create_HttpsSyncClient
HP_Create_SSLAgent
HP_Create_SSLClient
HP_Create_SSLPackAgent
HP_Create_SSLPackClient
HP_Create_SSLPackServer
HP_Create_SSLPullAgent
HP_Create_SSLPullClient
HP_Create_SSLPullServer
HP_Create_SSLServer
HP_Create_SocketTaskObj
HP_Create_TcpAgent
HP_Create_TcpClient
HP_Create_TcpPackAgent
HP_Create_TcpPackClient
HP_Create_TcpPackServer
HP_Create_TcpPullAgent
HP_Create_TcpPullClient
HP_Create_TcpPullServer
HP_Create_TcpServer
HP_Create_ThreadPool
HP_Create_UdpArqClient
HP_Create_UdpArqServer
HP_Create_UdpCast
HP_Create_UdpClient
HP_Create_UdpNode
HP_Create_UdpServer
HP_Destroy_HttpAgent
HP_Destroy_HttpClient
HP_Destroy_HttpServer
HP_Destroy_HttpSyncClient
HP_Destroy_HttpsAgent
HP_Destroy_HttpsClient
HP_Destroy_HttpsServer
HP_Destroy_HttpsSyncClient
HP_Destroy_SSLAgent
HP_Destroy_SSLClient
HP_Destroy_SSLPackAgent
HP_Destroy_SSLPackClient
HP_Destroy_SSLPackServer
HP_Destroy_SSLPullAgent
HP_Destroy_SSLPullClient
HP_Destroy_SSLPullServer
HP_Destroy_SSLServer
HP_Destroy_SocketTaskObj
HP_Destroy_TcpAgent
HP_Destroy_TcpClient
HP_Destroy_TcpPackAgent
HP_Destroy_TcpPackClient
HP_Destroy_TcpPackServer
HP_Destroy_TcpPullAgent
HP_Destroy_TcpPullClient
HP_Destroy_TcpPullServer
HP_Destroy_TcpServer
HP_Destroy_ThreadPool
HP_Destroy_UdpArqClient
HP_Destroy_UdpArqServer
HP_Destroy_UdpCast
HP_Destroy_UdpClient
HP_Destroy_UdpNode
HP_Destroy_UdpServer
HP_GetHPSocketVersion
HP_GetSocketErrorDesc
HP_HttpCookie_HLP_CurrentUTCTime
HP_HttpCookie_HLP_ExpiresToMaxAge
HP_HttpCookie_HLP_MakeExpiresStr
HP_HttpCookie_HLP_MaxAgeToExpires
HP_HttpCookie_HLP_ParseExpires
HP_HttpCookie_HLP_ToString
HP_HttpCookie_MGR_ClearCookies
HP_HttpCookie_MGR_DeleteCookie
HP_HttpCookie_MGR_IsEnableThirdPartyCookie
HP_HttpCookie_MGR_LoadFromFile
HP_HttpCookie_MGR_RemoveExpiredCookies
HP_HttpCookie_MGR_SaveToFile
HP_HttpCookie_MGR_SetCookie
HP_HttpCookie_MGR_SetEnableThirdPartyCookie
HP_SSL_RemoveThreadLocalState
SYS_Base64Decode
SYS_Base64Encode
SYS_CodePageToUnicode
SYS_Compress
SYS_CompressEx
SYS_EnumHostIPAddresses
SYS_Free
SYS_FreeHostIPAddresses
SYS_GZipCompress
SYS_GZipGuessUncompressBound
SYS_GZipUncompress
SYS_GbkToUnicode
SYS_GbkToUtf8
SYS_GetIPAddress
SYS_GetLastError
SYS_GetSocketLocalAddress
SYS_GetSocketOption
SYS_GetSocketRemoteAddress
SYS_GuessBase64DecodeBound
SYS_GuessBase64EncodeBound
SYS_GuessCompressBound
SYS_GuessUrlDecodeBound
SYS_GuessUrlEncodeBound
SYS_HToN64
SYS_IoctlSocket
SYS_IsIPAddress
SYS_IsLittleEndian
SYS_Malloc
SYS_NToH64
SYS_Realloc
SYS_SSO_DontLinger
SYS_SSO_ExclusiveAddressUse
SYS_SSO_Linger
SYS_SSO_NoDelay
SYS_SSO_RecvBuffSize
SYS_SSO_RecvTimeOut
SYS_SSO_ReuseAddress
SYS_SSO_SendBuffSize
SYS_SSO_SendTimeOut
SYS_SetSocketOption
SYS_SwapEndian16
SYS_SwapEndian32
SYS_Uncompress
SYS_UncompressEx
SYS_UnicodeToCodePage
SYS_UnicodeToGbk
SYS_UnicodeToUtf8
SYS_UrlDecode
SYS_UrlEncode
SYS_Utf8ToGbk
SYS_Utf8ToUnicode
SYS_WSAGetLastError
SYS_WSAIoctl
_HP_SSL_DefaultServerNameCallback@8

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7da1eb8e832cc9cf1dcd00dd1cb319da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

winmm

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 474KB - Virtual size: 474KB

.data Size: 24KB - Virtual size: 42KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 91KB - Virtual size: 90KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 474KB - Virtual size: 474KB

.data
Size: 24KB - Virtual size: 42KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 91KB - Virtual size: 90KB