hijackloader | 59d0282fcb01a6735aca82dfaf1098c6[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

59d0282fcb01a6735aca82dfaf1098c6.exe
Size

4.3MB
MD5

59d0282fcb01a6735aca82dfaf1098c6
SHA1

affbbb62e498264858f37b6b540e952371a17831
SHA256

844e22dd38a08217c64322ee018ea293ede53e660b79e841417b78ec8a28d0e9
SHA512

4449b3b6408fe112197f7b9405ba24eaaab294d13c661f3386b97fb0332c8bfba6c2daec8ec023a24732f55b330fc46b9ec93585a074e64bbb2aecd1e539f510
SSDEEP

98304:lfgl8Ig4nttHq4oaU/7jigBljWiqSmhJQ62W/ok6f/R4H6:l4KIJtaFBwiqhJSW/le/u6

Score

10^/10

hijackloader

Malware Config

Signatures

Detects HijackLoader (aka IDAT Loader) 1 IoCs

Processes:

resource yara_rule

sample family_hijackloader
Hijackloader family
hijackloader

resource	yara_rule
sample	family_hijackloader

Files

59d0282fcb01a6735aca82dfaf1098c6.exe
.exe windows:4 windows x86 arch:x86

5314f3f670d67e1168d18f314838270f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:98:77:4e:d2:9b:05:65:ab:11:4e:f2:f2:87:1c:f7
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

18-07-2022 00:00

Not After

17-07-2024 23:59

Subject

CN=Incredibuild Software Ltd.,O=Incredibuild Software Ltd.,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

StrStrIA

kernel32

SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetACP
GetOEMCP
SetEnvironmentVariableA
FindResourceA
GlobalAddAtomA
GetProfileStringA
FreeLibrary
VirtualFree
WideCharToMultiByte
GetProcAddress
LoadLibraryW
CloseHandle
WriteFile
CreateFileW
GetModuleFileNameW
MulDiv
GetPrivateProfileStringW
WritePrivateProfileStringW
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetTickCount
ReadFile
GetFileAttributesW
GetTimeFormatW
GetDateFormatW
GetFileSize
DeleteFileW
lstrlenW
WaitForSingleObject
TerminateThread
MultiByteToWideChar
lstrcpynW
Sleep
SetEvent
ResetEvent
SetFileAttributesW
GetDriveTypeW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CompareFileTime
GetTempFileNameW
GetTempPathW
CopyFileW
SetCurrentDirectoryW
SystemTimeToFileTime
GetLocalTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FindClose
FindNextFileW
FindFirstFileW
SearchPathW
lstrcatW
CreateDirectoryW
GetCurrentDirectoryW
CreateProcessW
GetFileTime
SetFileTime
DeviceIoControl
GetLastError
SetFilePointer
SetEndOfFile
GetVolumeInformationW
GetVersion
GetVersionExW
InterlockedIncrement
InterlockedDecrement
LocalFree
LocalAlloc
LoadLibraryA
CreateFileA
CreateFileMappingA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetProcessHeap
GetSystemTime
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualAlloc
GetDiskFreeSpaceW
SetVolumeLabelW
MoveFileW
FormatMessageW
GetFileInformationByHandle
lstrcmpiW
GetFullPathNameW
lstrlenA
GlobalSize
SetLastError
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
lstrcmpA
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
GetStringTypeExW
GetThreadLocale
GetShortPathNameW
ResumeThread
CreateEventW
FileTimeToSystemTime
LocalFileTimeToFileTime
GlobalGetAtomNameW
GetCurrentThread
lstrcmpiA
lstrcmpW
GetCommandLineA
GetPrivateProfileIntW
GetProfileIntW
GetProcessVersion
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GetStartupInfoW
ExitProcess
RtlUnwind
RaiseException
CreateThread
ExitThread
TerminateProcess
HeapReAlloc
GetTimeZoneInformation
SetEnvironmentVariableW
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW

user32

SetDlgItemTextW
IsDialogMessageW
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
wvsprintfW
LoadStringW
ValidateRect
GetMessageW
GetDesktopWindow
ReuseDDElParam
UnpackDDElParam
SetCursorPos
WaitMessage
GetWindowThreadProcessId
IsZoomed
ShowOwnedPopups
GetDCEx
GetTabbedTextExtentA
SetParent
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageW
GetWindowPlacement
EndDialog
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetWindowDC
SetWindowPos
ShowWindow
RegisterClipboardFormatW
DestroyCaret
MessageBoxW
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
BeginPaint
EndPaint
CreateWindowExW
DefWindowProcW
CharToOemBuffA
OemToCharBuffA
wsprintfW
wsprintfA
CreateAcceleratorTableW
DestroyAcceleratorTable
WindowFromDC
SetClassLongW
TrackPopupMenuEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetTopWindow
CreateMenu
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemInfoW
IsMenu
CopyAcceleratorTableW
GetMenuItemInfoW
CallWindowProcW
GetMessagePos
DrawEdge
DrawStateW
FrameRect
DrawFocusRect
GetActiveWindow
GetNextDlgTabItem
GetWindowLongW
DestroyCursor
GrayStringW
TabbedTextOutW
EqualRect
GetSysColorBrush
RegisterClassExW
SetWindowRgn
SetRectEmpty
DestroyIcon
GetIconInfo
LoadImageW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
TranslateAcceleratorW
LoadAcceleratorsW
EnableScrollBar
RegisterClassW
SetCaretPos
ShowCaret
HideCaret
GetAsyncKeyState
SetCursor
DrawTextExW
DispatchMessageW
TranslateMessage
DrawTextW
DrawFrameControl
PeekMessageW
PostQuitMessage
IsIconic
IsWindowEnabled
FindWindowW
ClientToScreen
ScreenToClient
SetWindowLongW
DestroyMenu
SetMenu
BringWindowToTop
SetActiveWindow
IsRectEmpty
GetWindow
IsWindow
GetClassNameW
GetClassInfoExW
DeleteMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetFocus
GetDlgCtrlID
GetMenu
FillRect
InflateRect
GetCapture
ReleaseCapture
SetCapture
KillTimer
SetTimer
LockWindowUpdate
UnregisterClassW
GetWindowTextLengthA
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
IsWindowVisible
GetSystemMenu
RemoveMenu
IntersectRect
UpdateWindow
IsClipboardFormatAvailable
SetFocus
MoveWindow
SetRect
CharUpperW
OffsetRect
GetCursorPos
GetSysColor
ModifyMenuW
RedrawWindow
CopyRect
GetWindowTextW
SetWindowTextW
GetMenuStringW
SystemParametersInfoW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
ScrollWindow
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
WinHelpW
LoadBitmapW
LoadCursorW
InvalidateRect
GetDlgItem
GetDC
ReleaseDC
PtInRect
WindowFromPoint
IsChild
CreatePopupMenu
AppendMenuW
GetKeyState
GetClientRect
PostMessageW
LoadMenuW
GetSubMenu
EnableMenuItem
GetWindowRect
SetClipboardData
GetClassInfoW
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
LoadStringA
CharLowerW
SendMessageW
GetParent
EnableWindow
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthW
SetPropW
GetPropW
CreateCaret
RemovePropW
MessageBeep

gdi32

GetTextExtentPointA
GetDeviceCaps
CreateSolidBrush
CreateRectRgnIndirect
PatBlt
CreateDIBitmap
ExtTextOutA
CopyMetaFileW
GetTextExtentPoint32A
GetTextFaceW
GetROP2
GetBkMode
GetTextAlign
GetPolyFillMode
GetStretchBltMode
GetViewportOrgEx
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
CreateFontW
StretchDIBits
DPtoLP
SetRectRgn
CreatePatternBrush
LineTo
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
StartDocW
SetTextAlign
MoveToEx
GetCurrentPositionEx
TextOutA
CreateDCW
SetBitmapDimensionEx
SetMapMode
SelectPalette
GetDIBits
SetDIBits
RealizePalette
CreatePen
CreatePalette
GetNearestColor
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
Pie
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
CreateRectRgn
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
EqualRgn
OffsetRgn
FrameRgn
CreateCompatibleBitmap
Ellipse
CreateHatchBrush
RoundRect
GetCurrentObject
GetTextColor
GetBkColor
GetCharWidthW
GetBitmapDimensionEx
CreateCompatibleDC
BitBlt
StretchBlt
DeleteObject
GetTextMetricsW
GetStockObject
GetObjectW
SelectObject
GetTextExtentPoint32W
Rectangle
CreateFontIndirectW

comdlg32

PageSetupDlgW
CommDlgExtendedError
ChooseFontW
GetFileTitleW
ChooseColorW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

EnumPrintersW
OpenPrinterW
GetPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCreateKeyW
RegSetValueW

shell32

SHGetPathFromIDListW
ExtractIconW
SHGetFileInfoW
DragAcceptFiles
SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
ShellExecuteExW
DragFinish
DragQueryFileW

comctl32

ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIcon
ImageList_AddMasked
ord13
ord14
ImageList_GetIconSize
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Add

ole32

OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
CoCreateInstance
OleDuplicateData
DoDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
CoFileTimeNow
ReleaseStgMedium
CreateStreamOnHGlobal
CoUninitialize
CoLockObjectExternal
CoInitialize
RegisterDragDrop

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantTimeToSystemTime
SysAllocString

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ddata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5314f3f670d67e1168d18f314838270f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

70:98:77:4e:d2:9b:05:65:ab:11:4e:f2:f2:87:1c:f7Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

imm32

version

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.ddata Size: 24KB - Virtual size: 23KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 260KB - Virtual size: 354KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

70:98:77:4e:d2:9b:05:65:ab:11:4e:f2:f2:87:1c:f7
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

.text
Size: 1.0MB - Virtual size: 1.0MB

.ddata
Size: 24KB - Virtual size: 23KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 260KB - Virtual size: 354KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB