Hakko[.]xyz[.]7z

Resubmissions

11/06/2024, 10:56

240611-m1s7asvdnn 8

11/06/2024, 10:52

240611-mylpfathma 8

Sharing

Copy URL Twitter E-mail

General

Target

Hakko.xyz.7z
Size

22.8MB
MD5

7b583de2265c4c2dd0ad47633ac3a76f
SHA1

0f5b29e13114ccf16bf96e9390c5f1c99606b821
SHA256

bd4e9980aeca10570bbe1f543268ace184a1f417671a0a70acc9bae7c62355e1
SHA512

c1b20641c20d0a067d73c857a3527f00d15ba728b9290963064eb07bfb22d024344677502e60d4b07b83f55922ec9dc0f9904a07c0b0129d0d38124372e46790
SSDEEP

393216:5ZbTZno2/cu7uBEV1PD2cscXIroplyLDbXyZdgtw+aT6Iebl6dclkLx53UWVQRY1:XPZnD/cu7uBS1b2cbEopluDbCMfabQe/

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack003/out.upx	patched_upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Hakko.xyz/Hakko.xyz/utils/bin/upx	upx
static1/unpack001/Hakko.xyz/Hakko.xyz/utils/bin/upx.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hakko.xyz/Hakko.xyz/utils/bin/pycdas.exe
unpack001/Hakko.xyz/Hakko.xyz/utils/bin/pycdc.exe
unpack001/Hakko.xyz/Hakko.xyz/utils/bin/upx.exe
unpack003/out.upx

Files

Hakko.xyz.7z
.7z
Hakko.xyz/Hakko.xyz/.gitignore
Hakko.xyz/Hakko.xyz/Hakko.xyz.py
Hakko.xyz/Hakko.xyz/Hakko.xyz.spec
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/Analysis-00.toc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/EXE-00.toc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/Hakko.xyz.pkg
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/PKG-00.toc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/PYZ-00.pyz
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/PYZ-00.toc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/base_library.zip
.zip
_collections_abc.pyc
_weakrefset.pyc
abc.pyc
codecs.pyc
collections/__init__.pyc
collections/abc.pyc
copyreg.pyc
encodings/__init__.pyc
encodings/aliases.pyc
encodings/ascii.pyc
encodings/base64_codec.pyc
encodings/big5.pyc
encodings/big5hkscs.pyc
encodings/bz2_codec.pyc
encodings/charmap.pyc
encodings/cp037.pyc
encodings/cp1006.pyc
encodings/cp1026.pyc
encodings/cp1125.pyc
encodings/cp1140.pyc
encodings/cp1250.pyc
encodings/cp1251.pyc
encodings/cp1252.pyc
encodings/cp1253.pyc
encodings/cp1254.pyc
encodings/cp1255.pyc
encodings/cp1256.pyc
encodings/cp1257.pyc
encodings/cp1258.pyc
encodings/cp273.pyc
encodings/cp424.pyc
encodings/cp437.pyc
encodings/cp500.pyc
encodings/cp720.pyc
encodings/cp737.pyc
encodings/cp775.pyc
encodings/cp850.pyc
encodings/cp852.pyc
encodings/cp855.pyc
encodings/cp856.pyc
encodings/cp857.pyc
encodings/cp858.pyc
encodings/cp860.pyc
encodings/cp861.pyc
encodings/cp862.pyc
encodings/cp863.pyc
encodings/cp864.pyc
encodings/cp865.pyc
encodings/cp866.pyc
encodings/cp869.pyc
encodings/cp874.pyc
encodings/cp875.pyc
encodings/cp932.pyc
encodings/cp949.pyc
encodings/cp950.pyc
encodings/euc_jis_2004.pyc
encodings/euc_jisx0213.pyc
encodings/euc_jp.pyc
encodings/euc_kr.pyc
encodings/gb18030.pyc
encodings/gb2312.pyc
encodings/gbk.pyc
encodings/hex_codec.pyc
encodings/hp_roman8.pyc
encodings/hz.pyc
encodings/idna.pyc
encodings/iso2022_jp.pyc
encodings/iso2022_jp_1.pyc
encodings/iso2022_jp_2.pyc
encodings/iso2022_jp_2004.pyc
encodings/iso2022_jp_3.pyc
encodings/iso2022_jp_ext.pyc
encodings/iso2022_kr.pyc
encodings/iso8859_1.pyc
encodings/iso8859_10.pyc
encodings/iso8859_11.pyc
encodings/iso8859_13.pyc
encodings/iso8859_14.pyc
encodings/iso8859_15.pyc
encodings/iso8859_16.pyc
encodings/iso8859_2.pyc
encodings/iso8859_3.pyc
encodings/iso8859_4.pyc
encodings/iso8859_5.pyc
encodings/iso8859_6.pyc
encodings/iso8859_7.pyc
encodings/iso8859_8.pyc
encodings/iso8859_9.pyc
encodings/johab.pyc
encodings/koi8_r.pyc
encodings/koi8_t.pyc
encodings/koi8_u.pyc
encodings/kz1048.pyc
encodings/latin_1.pyc
encodings/mac_arabic.pyc
encodings/mac_croatian.pyc
encodings/mac_cyrillic.pyc
encodings/mac_farsi.pyc
encodings/mac_greek.pyc
encodings/mac_iceland.pyc
encodings/mac_latin2.pyc
encodings/mac_roman.pyc
encodings/mac_romanian.pyc
encodings/mac_turkish.pyc
encodings/mbcs.pyc
encodings/oem.pyc
encodings/palmos.pyc
encodings/ptcp154.pyc
encodings/punycode.pyc
encodings/quopri_codec.pyc
encodings/raw_unicode_escape.pyc
encodings/rot_13.pyc
encodings/shift_jis.pyc
encodings/shift_jis_2004.pyc
encodings/shift_jisx0213.pyc
encodings/tis_620.pyc
encodings/undefined.pyc
encodings/unicode_escape.pyc
encodings/utf_16.pyc
encodings/utf_16_be.pyc
encodings/utf_16_le.pyc
encodings/utf_32.pyc
encodings/utf_32_be.pyc
encodings/utf_32_le.pyc
encodings/utf_7.pyc
encodings/utf_8.pyc
encodings/utf_8_sig.pyc
encodings/uu_codec.pyc
encodings/zlib_codec.pyc
enum.pyc
functools.pyc
genericpath.pyc
heapq.pyc
io.pyc
keyword.pyc
linecache.pyc
locale.pyc
ntpath.pyc
operator.pyc
os.pyc
posixpath.pyc
re/__init__.pyc
re/_casefix.pyc
re/_compiler.pyc
re/_constants.pyc
re/_parser.pyc
reprlib.pyc
sre_compile.pyc
sre_constants.pyc
sre_parse.pyc
stat.pyc
traceback.pyc
types.pyc
warnings.pyc
weakref.pyc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/localpycs/pyimod01_archive.pyc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/localpycs/pyimod02_importers.pyc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/localpycs/pyimod03_ctypes.pyc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/localpycs/pyimod04_pywin32.pyc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/localpycs/struct.pyc
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/warn-Hakko.xyz.txt
Hakko.xyz/Hakko.xyz/build/Hakko.xyz/xref-Hakko.xyz.html
.html
Hakko.xyz/Hakko.xyz/config.json
Hakko.xyz/Hakko.xyz/methods/__pycache__/ben.cpython-312.pyc
Hakko.xyz/Hakko.xyz/methods/__pycache__/blank.cpython-312.pyc
Hakko.xyz/Hakko.xyz/methods/__pycache__/empyrean.cpython-312.pyc
Hakko.xyz/Hakko.xyz/methods/__pycache__/luna.cpython-312.pyc
Hakko.xyz/Hakko.xyz/methods/__pycache__/notobf.cpython-312.pyc
Hakko.xyz/Hakko.xyz/methods/__pycache__/other.cpython-312.pyc
Hakko.xyz/Hakko.xyz/methods/ben.py
Hakko.xyz/Hakko.xyz/methods/blank.py
Hakko.xyz/Hakko.xyz/methods/empyrean.py
Hakko.xyz/Hakko.xyz/methods/luna.py
Hakko.xyz/Hakko.xyz/methods/notobf.py
Hakko.xyz/Hakko.xyz/methods/other.py
Hakko.xyz/Hakko.xyz/requirements.txt
Hakko.xyz/Hakko.xyz/utils/__pycache__/config.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/__pycache__/decompile.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/__pycache__/deobfuscation.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/__pycache__/display.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/__pycache__/download.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/__pycache__/telegram.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/__pycache__/webhookspammer.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/bin/fernflower.jar
.jar
Hakko.xyz/Hakko.xyz/utils/bin/pycdas
.elf linux x64
Hakko.xyz/Hakko.xyz/utils/bin/pycdas.exe
.exe windows:6 windows x64 arch:x64

a0b986748fb3b79f1afa27913520271f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?width@ios_base@std@@QEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flags@ios_base@std@@QEBAHXZ
?fail@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
??0_Lockit@std@@QEAA@H@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
__RTDynamicCast
memchr
__current_exception
memcpy
memmove
_purecall
memset
memcmp
__C_specific_handler
strrchr
__std_terminate
__std_exception_copy
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_seh_filter_exe
_configure_narrow_argv
_exit
_initterm
_get_initial_narrow_environment
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
exit
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_errno
terminate
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_fseeki64
__p__commode
fsetpos
_set_fmode
fwrite
__stdio_common_vsprintf_s
fread
fputs
fputc
fgetpos
fgetc
fflush
fclose
__acrt_iob_func
__stdio_common_vsprintf
fopen
setvbuf
__stdio_common_vfprintf
ungetc
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hakko.xyz/Hakko.xyz/utils/bin/pycdc
.elf linux x64
Hakko.xyz/Hakko.xyz/utils/bin/pycdc.exe
.exe windows:6 windows x64 arch:x64

8933a45a4654b688012d7770158aef33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?width@ios_base@std@@QEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?flags@ios_base@std@@QEBAHXZ
?fail@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0_Lockit@std@@QEAA@H@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
memchr
memcpy
__current_exception
memmove
_purecall
__RTDynamicCast
memcmp
memset
__C_specific_handler
strrchr
__std_terminate
__std_exception_copy
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_seh_filter_exe
_configure_narrow_argv
_exit
_initterm
_get_initial_narrow_environment
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
exit
_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo_noreturn
terminate
_initterm_e

api-ms-win-crt-stdio-l1-1-0

fsetpos
__p__commode
fread
_set_fmode
_fseeki64
__stdio_common_vsprintf_s
fputs
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
__stdio_common_vsprintf
fopen
fwrite
__stdio_common_vfprintf
ungetc
setvbuf
__acrt_iob_func

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hakko.xyz/Hakko.xyz/utils/bin/upx
.elf linux x64
Hakko.xyz/Hakko.xyz/utils/bin/upx.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 548KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 891KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Hakko.xyz/Hakko.xyz/utils/config.py
Hakko.xyz/Hakko.xyz/utils/decompile.py
Hakko.xyz/Hakko.xyz/utils/deobfuscation.py
Hakko.xyz/Hakko.xyz/utils/display.py
Hakko.xyz/Hakko.xyz/utils/download.py
Hakko.xyz/Hakko.xyz/utils/pyaes/__init__.py
Hakko.xyz/Hakko.xyz/utils/pyaes/__pycache__/__init__.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyaes/__pycache__/aes.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyaes/__pycache__/blockfeeder.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyaes/__pycache__/util.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyaes/aes.py
Hakko.xyz/Hakko.xyz/utils/pyaes/blockfeeder.py
Hakko.xyz/Hakko.xyz/utils/pyaes/util.py
Hakko.xyz/Hakko.xyz/utils/pyinstaller/__pycache__/pyinstaller.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyinstaller/__pycache__/pyinstallerExceptions.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyinstaller/extractors/__pycache__/pyinstxtractor.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyinstaller/extractors/__pycache__/pyinstxtractorng.cpython-312.pyc
Hakko.xyz/Hakko.xyz/utils/pyinstaller/extractors/pyinstxtractor.py
Hakko.xyz/Hakko.xyz/utils/pyinstaller/extractors/pyinstxtractorng.py
Hakko.xyz/Hakko.xyz/utils/pyinstaller/pyinstaller.py
Hakko.xyz/Hakko.xyz/utils/pyinstaller/pyinstallerExceptions.py
Hakko.xyz/Hakko.xyz/utils/telegram.py
Hakko.xyz/Hakko.xyz/utils/webhookspammer.py

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a0b986748fb3b79f1afa27913520271f

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

8933a45a4654b688012d7770158aef33

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 548KB - Virtual size: 552KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 891KB - Virtual size: 890KB

.data Size: 3KB - Virtual size: 2KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.pdata Size: 35KB - Virtual size: 35KB

.xdata Size: 37KB - Virtual size: 36KB

.bss Size: - Virtual size: 12KB

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 548KB - Virtual size: 552KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 891KB - Virtual size: 890KB

.data
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.pdata
Size: 35KB - Virtual size: 35KB

.xdata
Size: 37KB - Virtual size: 36KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB