2024-07-22_3f1a9950778e30d7e742506da20c0c14_avoslocker_hijackloader_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-22_3f1a9950778e30d7e742506da20c0c14_avoslocker_hijackloader_magniber
Size

1.9MB
MD5

3f1a9950778e30d7e742506da20c0c14
SHA1

e61f35b01bd30aeb144b9136b52239956e0f1d7e
SHA256

f6e6eb9e27a83689960f2438d86512092db2532c97d460e9b2e6a23834fa48f3
SHA512

43f84f1d28bf6ebbf338970c20ecbb153bdbf4d199d036136663c26a504d6ad454dc18cb108e90b4329c74b483e82b513462e119d1f8df01b2e926e123c38808
SSDEEP

49152:H6Rcbb4ybn8UqTPqOIXxqLYeKYKS6Nk+tuskTrf:H6ibnn8GBqUeGxuP

Score

1^/10

Malware Config

Signatures

Files

2024-07-22_3f1a9950778e30d7e742506da20c0c14_avoslocker_hijackloader_magniber
.exe windows:6 windows x86 arch:x86

31a77ed5e329ba19fdb07b4dafa4601f

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/09/2023, 00:00

Not After

19/09/2024, 23:59

Subject

SERIALNUMBER=3482342,CN=Amazon.com Services LLC,OU=Amazon Game Studios,O=Amazon.com Services LLC,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:a8:47:11:95:dd:15:67:1b:1f:93:99:2d:e4:aa:d6:fa:b2:29:e4:d2:1b:2d:db:8b:c5:d2:71:ea:d7:8a:b6
Signer

Actual PE Digest

f9:a8:47:11:95:dd:15:67:1b:1f:93:99:2d:e4:aa:d6:fa:b2:29:e4:d2:1b:2d:db:8b:c5:d2:71:ea:d7:8a:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\a32503736090ae0\installer\bin\Win32\Release\Amazon Games Setup.pdb

Imports

kernel32

GetComputerNameW
SetFileAttributesW
SetThreadPriority
GetCurrentThread
SetFilePointerEx
MoveFileExW
CreateMutexA
GetDynamicTimeZoneInformation
SystemTimeToFileTime
CopyFileW
GetSystemTime
LoadLibraryExA
FreeLibrary
GetTickCount64
QueryPerformanceCounter
GetDiskFreeSpaceExA
LocaleNameToLCID
WideCharToMultiByte
GlobalMemoryStatusEx
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
OutputDebugStringW
HeapDestroy
DecodePointer
GetOverlappedResult
GetCurrentDirectoryW
HeapAlloc
CreateThread
RaiseException
HeapReAlloc
Process32FirstW
QueryPerformanceFrequency
LoadLibraryA
GetDiskFreeSpaceExW
Process32NextW
FormatMessageW
ProcessIdToSessionId
MultiByteToWideChar
CreateEventW
CreateToolhelp32Snapshot
HeapSize
OpenProcess
GetModuleHandleA
ReleaseMutex
GetVersionExW
GetLocaleInfoW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
SetFilePointer
GetUserDefaultUILanguage
GetLocaleInfoEx
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetSystemDefaultUILanguage
GetStdHandle
HeapFree
GetFileSizeEx
ReadFile
CreateDirectoryW
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
CloseHandle
DeleteFileW
GetLastError
Sleep
GetCurrentThreadId
CreateFileW
WaitForSingleObject
WriteFile
GetCurrentProcess
GetExitCodeThread
GetCommandLineW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetLastError
GetThreadTimes
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetNativeSystemInfo
LocalFree
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
AreFileApisANSI
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedPushEntrySList
VirtualAlloc
VirtualProtect
RtlUnwind
ExitThread
GetFileType
WriteConsoleW
GetSystemInfo
VirtualQuery

user32

PostMessageW
ShowWindow
EnumWindows
IsIconic
GetWindowTextW
EndPaint
BeginPaint
GetCursorPos
ReleaseDC
GetWindowThreadProcessId
ReleaseCapture
UpdateWindow
SystemParametersInfoW
PostQuitMessage
DrawIconEx
DrawTextW
UpdateLayeredWindow
SetCapture
LoadCursorW
TranslateMessage
TrackMouseEvent
MessageBoxExW
SetTimer
PeekMessageW
RegisterClassExW
GetSystemMetrics
GetIconInfo
CreateWindowExW
SetWindowPos
GetDC
DefWindowProcW
GetWindowRect
FindWindowW
SetForegroundWindow
InvalidateRect
DispatchMessageW

comdlg32

GetSaveFileNameW

advapi32

AccessCheck
GetSecurityDescriptorOwner
GetFileSecurityW
DuplicateToken
MapGenericMask
GetTokenInformation
RegQueryValueExW
LookupAccountSidW
GetUserNameW
GetLengthSid
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
EqualSid
GetSidSubAuthorityCount
GetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteA
SHParseDisplayName
SHGetFolderPathW
SHCreateShellItem
CommandLineToArgvW

ole32

CoCreateGuid
CoInitializeEx
StringFromCLSID
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

winhttp

WinHttpOpen
WinHttpConnect
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

UnloadUserProfile

rpcrt4

UuidCreate

msimg32

AlphaBlend

gdi32

GdiFlush
CreateCompatibleDC
DeleteDC
TextOutW
CreateDIBitmap
CreateFontW
StretchBlt
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreatePen
Rectangle
GetObjectW
SetStretchBltMode
DeleteObject
RoundRect
CreateSolidBrush

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31a77ed5e329ba19fdb07b4dafa4601f

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f9:a8:47:11:95:dd:15:67:1b:1f:93:99:2d:e4:aa:d6:fa:b2:29:e4:d2:1b:2d:db:8b:c5:d2:71:ea:d7:8a:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

winhttp

version

userenv

rpcrt4

msimg32

gdi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 302KB - Virtual size: 302KB

.data Size: 120KB - Virtual size: 155KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 82KB - Virtual size: 81KB

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:fc:e2:4c:bc:76:9a:b1:4d:18:d2:7f:4a:10:a1:81
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f9:a8:47:11:95:dd:15:67:1b:1f:93:99:2d:e4:aa:d6:fa:b2:29:e4:d2:1b:2d:db:8b:c5:d2:71:ea:d7:8a:b6
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 302KB - Virtual size: 302KB

.data
Size: 120KB - Virtual size: 155KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 82KB - Virtual size: 81KB