hijackloader | 1aeb3a19d439d8a4a00313d12f463827[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1aeb3a19d439d8a4a00313d12f463827.exe
Size

989KB
MD5

1aeb3a19d439d8a4a00313d12f463827
SHA1

beedd7366e1ef168595d800ebe013067c78775de
SHA256

b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d
SHA512

074c2316d385feb4c78e6068a8fbf37d570bb9ee87a69b76bc3878a1b18eb9f97ca6511709008dcc60158d0dc81395adaed5e309d0266ed7713e7e5e4e442422
SSDEEP

24576:liG03BDYmHDQKcdE2v4jtaUN4cDHZgboRxRprGE:oJYuHTI4jJJObkf

Score

10^/10

hijackloader

Malware Config

Signatures

Detects HijackLoader (aka IDAT Loader) 1 IoCs

resource	yara_rule
sample	family_hijackloader

Hijackloader family
hijackloader

Files

1aeb3a19d439d8a4a00313d12f463827.exe
.exe windows:5 windows x64 arch:x64

e3e62d98ab20000990c4a887192c5b6f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27-07-2023 09:33

Not After

27-07-2024 09:33

Subject

SERIALNUMBER=15.06.2017,CN=Nenad Hrg,O=Nenad Hrg,STREET=Edelweissstrasse 104,L=Taufkirchen,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c16737570706f727440736f6674776172656f6b2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130b546175666b69726368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:27:4c:27:88:a5:6d:ac:26:e8:c5:ea:89:31:c9:13:fb:6f:d5:81:c5:f6:c8:1b:07:6f:8b:26:ac:63:84:44
Signer

Actual PE Digest

48:27:4c:27:88:a5:6d:ac:26:e8:c5:ea:89:31:c9:13:fb:6f:d5:81:c5:f6:c8:1b:07:6f:8b:26:ac:63:84:44

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
EnumTimeFormatsW
EnumDateFormatsW
GetUserDefaultLCID
FindNextFileW
CreateThread
GetTempFileNameW
GetCurrentProcessId
ReadFile
GetTimeZoneInformation
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
LCMapStringW
HeapSize
HeapReAlloc
HeapCreate
HeapSetInformation
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoW
HeapFree
HeapAlloc
ExitProcess
Sleep
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFullPathNameW
GetUserDefaultLangID
DeleteFileW
GetTempPathW
CreateDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
WriteFile
GetLastError
DeleteCriticalSection
InitializeCriticalSection
SetEnvironmentVariableA
RaiseException
GetModuleFileNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLocalTime
GetCurrentThreadId
OutputDebugStringW
DebugBreak
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrcatW
FindFirstFileW
FindClose
lstrcpynW
lstrlenA
GetFileAttributesW
SetFileAttributesW
CreateFileW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
MultiByteToWideChar
lstrlenW
GlobalAlloc
GlobalLock
lstrcpyW
FreeEnvironmentStringsW
GlobalUnlock

user32

RedrawWindow
CheckMenuItem
DestroyMenu
GetCursorPos
GetKeyState
SetRect
GetWindowPlacement
SetParent
GetFocus
InsertMenuW
KillTimer
GetDlgItem
EndDialog
SetWindowTextW
DialogBoxParamW
CopyRect
GetClientRect
GetMessagePos
GetMenuItemCount
UnhookWindowsHookEx
TrackPopupMenuEx
GetSubMenu
GetActiveWindow
IsWindowVisible
GetSysColorBrush
SetMenuItemInfoW
TrackPopupMenu
SendDlgItemMessageW
ClientToScreen
MoveWindow
GetSysColor
LoadAcceleratorsW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetMessageW
EnableWindow
wsprintfW
ScreenToClient
LoadIconW
LoadCursorW
RegisterClassExW
DestroyWindow
PostQuitMessage
BeginPaint
EndPaint
InvalidateRect
GetDlgCtrlID
CreateWindowExW
ShowWindow
SetWindowsHookExW
CallNextHookEx
GetDC
GetWindowTextW
GetParent
GetClassNameW
CharNextW
CharLowerW
DefWindowProcW
GetMenuItemInfoW
DrawTextW
wvsprintfW
PostMessageW
GetWindowLongPtrW
SetWindowLongPtrW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
MapWindowPoints
GetWindowRect
OffsetRect
ReleaseDC
SetPropW
SystemParametersInfoW
GetSystemMetrics
LoadImageW
SetTimer
LoadMenuW
SetMenu
CreateMenu
CreatePopupMenu
AppendMenuW
MessageBoxW
GetClipboardData
LoadStringW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageW

gdi32

GetCurrentObject
SetPixel
GetStockObject
GetObjectW
CreateFontIndirectW
SetTextColor
ExtTextOutW
SetBkColor
SetBkMode
CreateSolidBrush
GetClipBox
OffsetWindowOrgEx
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject

comdlg32

GetOpenFileNameW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW

shell32

DragQueryFileW
DragFinish
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleInitialize

oleaut32

VarDateFromStr
VarUI4FromStr
SysAllocStringLen

comctl32

ord17
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create
ImageList_DrawEx
ImageList_Draw

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3e62d98ab20000990c4a887192c5b6f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

48:27:4c:27:88:a5:6d:ac:26:e8:c5:ea:89:31:c9:13:fb:6f:d5:81:c5:f6:c8:1b:07:6f:8b:26:ac:63:84:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 53KB - Virtual size: 162KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 648KB - Virtual size: 647KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

48:27:4c:27:88:a5:6d:ac:26:e8:c5:ea:89:31:c9:13:fb:6f:d5:81:c5:f6:c8:1b:07:6f:8b:26:ac:63:84:44
Signer

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 53KB - Virtual size: 162KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 648KB - Virtual size: 647KB