hijackloader | LisectAVT_2403002A_206[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

LisectAVT_2403002A_206.exe
Size

2.3MB
MD5

e585f3a248e9df2acd69bd1ccab87933
SHA1

63d8b10e143b1189cbd39a97866ada23ed0515e7
SHA256

9e4130379c0d965fd6ef2fba7e400258c84d063b9b73508b54e954d9a9fedea7
SHA512

c8dd113c0981f999fc23a63eadd2f8b3f3921b6a565479f2a2f1600d2fb7495a8288303d8eb6e7e3b28c4687242f8856a37c39a9da90accde8a1e4d018e244ee
SSDEEP

49152:KJfe3owTB0iX39aF7VnwFmvS/5pvXTOyPC3j5gMYKuQ7CzS3vv3jirr3jjWiTaOw:KNe3owTB0iX3gFtwFmvS/3PTNaTbuVz7

Score

10^/10

hijackloader

Malware Config

Signatures

Detects HijackLoader (aka IDAT Loader) 1 IoCs

Processes:

resource yara_rule

sample family_hijackloader
Hijackloader family
hijackloader

resource	yara_rule
sample	family_hijackloader

Files

LisectAVT_2403002A_206.exe
.exe windows:5 windows x86 arch:x86

4815911c1839da71c8c5981b733a4570

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-06-2022 00:00

Not After

22-06-2032 23:59

Subject

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:bf:98:22:41:2f:28:a1:85:83:06:9e:65:ca:8e:5d
Certificate

Issuer

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Not Before

27-12-2023 00:00

Not After

02-06-2024 23:59

Subject

CN=Tixati Software Inc.,O=Tixati Software Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:50:62:56:5d:ba:3e:59:19:ff:4c:e7:1d:72:e3:f7:6e:cc:54:54
Signer

Actual PE Digest

b4:50:62:56:5d:ba:3e:59:19:ff:4c:e7:1d:72:e3:f7:6e:cc:54:54

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\w\mac\server\pin\x64\release\NEu\iq\e\we.pdb

Imports

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_Merge
ord8
InitCommonControlsEx

shlwapi

StrCmpIW
StrStrIW
StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime

netapi32

NetApiBufferFree
NetUserEnum

kernel32

CopyFileW
WideCharToMultiByte
LocalFree
SetUnhandledExceptionFilter
GetCurrentThread
SetThreadPriority
DebugBreak
GetStdHandle
FormatMessageW
GetStartupInfoW
GetCommandLineW
GetTempPathW
CreateDirectoryW
GetACP
GetOEMCP
GetConsoleMode
ReadFile
TransactNamedPipe
GetFileAttributesW
GetFileSizeEx
MulDiv
WriteFile
SetFileAttributesW
GlobalFree
OutputDebugStringA
OutputDebugStringW
LockResource
LoadResource
SizeofResource
FindResourceW
SetFilePointer
FindNextFileW
GetExitCodeThread
GetOverlappedResult
ReleaseSemaphore
WaitForMultipleObjects
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
CreateSemaphoreW
CreateNamedPipeW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetFileInformationByHandle
SystemTimeToFileTime
CompareStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetDriveTypeW
CompareFileTime
GetProcessAffinityMask
SetNamedPipeHandleState
GetTempFileNameW
WaitNamedPipeW
SetPriorityClass
GetPriorityClass
IsBadStringPtrW
SetEndOfFile
lstrcmpiA
WritePrivateProfileStringW
GetPrivateProfileStringW
DeleteFileW
HeapCreate
SetCurrentDirectoryW
WriteConsoleW
SetStdHandle
LCMapStringW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
IsValidCodePage
FindNextFileA
FindFirstFileExA
DecodePointer
GetStringTypeW
GetFileType
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
OpenEventW
GetPrivateProfileIntW
GetFileSize
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OpenThread
ResumeThread
TerminateThread
CreateThread
RaiseException
LocalAlloc
VerifyVersionInfoW
SearchPathW
GetFullPathNameW
VerSetConditionMask
SetFilePointerEx
GetConsoleCP
HeapSize
GetProcAddress
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTickCount
lstrcmpiW
lstrcpynW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetModuleFileNameW
OpenFileMappingW
CreateFileMappingW
CreateEventW
CreateMutexW
lstrlenA
lstrcatA
lstrcpyA
lstrcpynA
lstrcmpA
UnmapViewOfFile
MapViewOfFile
GetLocalTime
Sleep
ResetEvent
SetEvent
IsDebuggerPresent
SetLastError
TerminateProcess
ExitProcess
GetCurrentDirectoryW
SetProcessAffinityMask
InterlockedCompareExchange
InterlockedExchange
lstrcpyW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
IsBadReadPtr
FindFirstFileW
FindClose
InterlockedDecrement
InterlockedIncrement
Process32NextW
Process32FirstW
CreateFileW
CreateProcessW
lstrcatW
lstrcmpW
WaitForSingleObject
ReadProcessMemory
GetExitCodeProcess
OpenProcess
FreeLibrary
MultiByteToWideChar
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetConsoleWindow
GetVersionExW
GetModuleHandleW
LoadLibraryW
lstrlenW
HeapDestroy

user32

GetMenuItemRect
SetActiveWindow
GetWindowInfo
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EnumClipboardFormats
EmptyClipboard
SetDlgItemInt
GetDlgCtrlID
LockSetForegroundWindow
ValidateRect
SetDlgItemTextA
LoadIconW
GetNextDlgTabItem
ScrollWindowEx
SetScrollInfo
GetScrollInfo
keybd_event
ShowWindowAsync
ShowScrollBar
EnableScrollBar
FlashWindow
SetRectEmpty
GetCaretBlinkTime
SetMenuItemInfoW
GetMenuItemID
EnableMenuItem
GetSystemMenu
IsCharAlphaW
ToUnicode
GetIconInfo
VkKeyScanW
GetCursorInfo
GetGuiResources
CallWindowProcW
DialogBoxIndirectParamW
CreateDialogIndirectParamW
AdjustWindowRectEx
DrawIconEx
DrawTextExW
PostThreadMessageW
AppendMenuW
CreatePopupMenu
OffsetRect
SendDlgItemMessageW
CheckRadioButton
GetDlgItemTextW
DrawTextW
CharLowerBuffA
MonitorFromRect
GetWindow
FindWindowW
EqualRect
GetWindowRgn
SetForegroundWindow
GetMenuItemInfoW
UpdateWindow
CheckMenuItem
IsWindowEnabled
GetWindowPlacement
AnimateWindow
CallNextHookEx
DestroyMenu
EnumDisplayMonitors
CreateIcon
MessageBoxW
GetWindowTextLengthW
SetWindowRgn
GetActiveWindow
GetDlgItemInt
UnregisterClassW
GetDoubleClickTime
DispatchMessageW
GetGUIThreadInfo
UnhookWinEvent
SystemParametersInfoW
IsDialogMessageW
LoadImageW
DestroyIcon
UnhookWindowsHookEx
SetWindowsHookExW
DeregisterShellHookWindow
RegisterShellHookWindow
GetShellWindow
EnumChildWindows
SetParent
GetParent
GetDesktopWindow
IsRectEmpty
IntersectRect
ChildWindowFromPointEx
WindowFromPoint
ScreenToClient
ClientToScreen
SetCaretPos
DestroyCaret
CreateCaret
SetCursorPos
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
AllowSetForegroundWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
MapVirtualKeyW
mouse_event
GetFocus
CharLowerBuffW
CharUpperBuffW
IsZoomed
IsIconic
FlashWindowEx
SetLayeredWindowAttributes
TrackPopupMenuEx
DeleteMenu
SwitchToThisWindow
InsertMenuW
GetKeyboardLayoutList
GetKeyboardLayout
SendMessageW
IsWindow
SetWindowPos
IsWindowVisible
EndDialog
GetDlgItem
SetDlgItemTextW
SetFocus
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
AttachThreadInput
SendMessageTimeoutW
UnregisterHotKey
RegisterHotKey
PeekMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
GetKeyboardLayoutNameW
wsprintfW
wsprintfA
GetClipboardFormatNameW
RegisterClipboardFormatW
MonitorFromWindow
FillRect
GetWindowThreadProcessId
EnumWindows
FindWindowExW
PtInRect
MapWindowPoints
GetClientRect
RedrawWindow
EnableWindow
IsDlgButtonChecked
CheckDlgButton
MoveWindow
ShowWindow
DestroyWindow
PostMessageW
GetKeyState
GetMonitorInfoW
MonitorFromPoint
LoadCursorW
GetClassNameW
SetClassLongW
SetWindowLongW
GetWindowLongW
GetSysColorBrush
GetSysColor
GetCursorPos
SetCursor
MessageBoxIndirectW
GetWindowRect
GetWindowTextW
SetWindowTextW
ReleaseDC
GetDC
GetForegroundWindow
GetSystemMetrics
SetWinEventHook

gdi32

SetBkColor
ExtTextOutA
ExtTextOutW
CreateFontIndirectW
CreateFontW
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetObjectW
GetFontUnicodeRanges
AddFontResourceExW
RemoveFontResourceExW
GetTextMetricsW
GetTextFaceW
FillRgn
CreateSolidBrush
GetTextColor
GetPixel
EnumFontFamiliesExW
CreateRectRgnIndirect
CreatePen
LineTo
MoveToEx
StretchBlt
SetStretchBltMode
CreateBitmap
CreatePolyPolygonRgn
Rectangle
TextOutW
GdiSetBatchLimit
CreatePolygonRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesW
GetRegionData
CreateRectRgn
CombineRgn
BitBlt
GdiFlush
CreateDIBSection
SetEnhMetaFileBits
PlayEnhMetaFile
DeleteEnhMetaFile
GdiAlphaBlend
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetTextColor
SetBkMode
CreateDCW
GetTextExtentPointW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

CreateRestrictedToken
RegOpenKeyExW
RegQueryValueExW
CreateProcessWithLogonW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
LogonUserW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegDeleteKeyW
GetUserNameW
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetTokenInformation
GetTokenInformation
OpenProcessToken

shell32

DragQueryFileW
SHFileOperationW
SHBrowseForFolderW
ord152
SHGetDesktopFolder
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ExtractIconExW
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
SHAppBarMessage

ole32

OleUninitialize
CoCreateInstance
RevokeDragDrop
DoDragDrop
RegisterDragDrop
OleInitialize
CoUninitialize
CoInitializeEx
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 765KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4815911c1839da71c8c5981b733a4570

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0b:bf:98:22:41:2f:28:a1:85:83:06:9e:65:ca:8e:5dCertificate

Extended Key Usages

Key Usages

b4:50:62:56:5d:ba:3e:59:19:ff:4c:e7:1d:72:e3:f7:6e:cc:54:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

version

winmm

netapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 433KB - Virtual size: 433KB

.data Size: 15KB - Virtual size: 201KB

.rsrc Size: 765KB - Virtual size: 765KB

.reloc Size: 60KB - Virtual size: 60KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0b:bf:98:22:41:2f:28:a1:85:83:06:9e:65:ca:8e:5d
Certificate

b4:50:62:56:5d:ba:3e:59:19:ff:4c:e7:1d:72:e3:f7:6e:cc:54:54
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 433KB - Virtual size: 433KB

.data
Size: 15KB - Virtual size: 201KB

.rsrc
Size: 765KB - Virtual size: 765KB

.reloc
Size: 60KB - Virtual size: 60KB